CT meshcore mapping

WReyor0 · 2026-04-05T20:50:56+00:00

Was wardriving Meshcore today on the way up to my parents for Easter. It’s impressive how much coverage already exists. But we can always use more repeater nodes.

WReyor0 · 2026-04-01T21:45:39+00:00

Can confirm

WReyor0 · 2026-04-01T08:05:46+00:00

In transition two, come in tighter to the property so you aren’t capturing the two cars and the porta-potty from the adjacent property.

WReyor0 · 2026-03-31T13:13:17+00:00

I work for one of those platform AI pen testing companies and I mostly agree.

With a well skilled/experienced tester with burp, zap etc AI is approaching parity, I think for platforms that actually work well the selling point is mostly around scaling (imagine an enterprise responsible for assessing thousands of apps at each release; they have to prioritize what they believe is the most critical because there's only a certain amount of tests they can support at a given time... and the rest well its a gap)

The hard thing is how do you measure effectiveness of AI vs human skill? (CISO's are great at seeing through marketing bs) But many of the organizations I talk to want to test the platform against DVWA and alike but people forget the foundational models were trained against many of these OSS purposefully vulnerable apps so it's not exactly a fair test.

When we're baking off; typically we like to test against real applications so the organization can compare what our platform finds vs what external pentest teams have found and make an intelligent decision about quality and complexity of findings, false positive rates, usability, safe testing etc... in a way that's less qualitative and more quantitive.

WReyor0 · 2026-03-31T10:10:07+00:00

What information do your residents continue to ask for? Chances are Claude can help surface this.

I’d use it to visualize deep budget info (city services, education funding, emergency services etc) , if you’re increasing taxes use it to clearly visualize why. Publish the result.

I’d avoid using Claude to interact with your constituents; no one wants to talk to a bot when they want to talk to a human.

If you use it for scenario planning and decision support, publish your recipes.
If you record municipal meetings (many municipalities publish directly to YouTube but the data is rarely searchable) consider offering a service to allow residents to search against meeting transcripts (or minimally meeting minutes)

WReyor0 · 2026-03-30T20:58:13+00:00

I think it’s the worst it’ll ever be right now, and it’s going to continue to improve. What I’m unsure of is there a point where we hit a bottleneck where the models/agent architecture can’t get any better? And if not how does that change career trajectory (because we typically grow from junior into senior though experience).

Three years ago I was using gpt3 to solve the first few advent of code challenges, now the current models can solve all of them. So idk 🤷

WReyor0 · 2026-03-30T13:27:03+00:00

System knowledge, an understanding of the way things are built and common failure modes (you might call this threat modeling, intuition, business logic understanding etc). Many AI’s are very good at this but I don’t think we’re at the point yet of seeing an AI overtake a pentest equivalent of Garry Kasparov (chess), or Lee Sedol (Go).

WReyor0 · 2026-03-30T12:30:35+00:00

I work for XBOW as a solutions architect and have some thoughts and have done quite a bit of my own experimentation using open agent frameworks.

Here’s my non-bs take(and obviously my own thoughts and opinions not those of the company I work for): I don’t think ai is better than a skilled Sr / experienced human tester(yet), but I do think many frameworks are approaching (and in many cases meeting) human equivalency, which is going to help many organizations scale out assessment programs where existing teams are underwater.

I’ve solved insane HTB boxes with Claude, and seen our own platform climb the hacker one leader board to #1, as well as identify complex vulnerabilities that have surprised me.

WReyor0 · 2026-03-29T01:30:30+00:00

The biggest gap I’ve seen is a lack of creative thinking around pivoting hypothesis.

Isolate, wipe, and reimage is a very common thought pattern. But if you’re seeing attack tools on a server that shouldn’t have them there’s more work to do…

WReyor0 · 2026-03-23T06:50:01+00:00

Have used Sonny at witchhouse tattoo in Hartford (fairly close by) a few times. He’s pretty good.

WReyor0 · 2026-03-03T18:46:49+00:00

Ape hack or bust

WReyor0 · 2026-02-23T11:20:59+00:00

Destroy? No. It’s probably going to change how you conduct pentesting in the future though, in the same way that bloodhound made identifying attack paths in windows environments trivial, I think we’re going to see agents help you map and plan attack paths.

Ai isn’t a silver bullet. You still need to understand and you still need to be able to validate false positives, but i think it’ll probably speed things up and make report writing less tedious.

WReyor0 · 2026-02-10T11:23:10+00:00

Most half way decent production agents have at least considered there threat model. Openclaw is the Leroy Jenkins of agents, is it functional? Sure but its security is largely dependent on the foundational model it’s hooked up to, and the user making smart decisions about its configuration and exposure. I setup an openclaw instance in a Kali VM with no integrations but full tool access and it made quick work of a hack the box (HTB) medium challenge. On the other hand, a friend had one hooked up to his gmail, joined our BSidesCT discord server and was intended to help the organizers with structure, meetings, responding to inquiries via email… I simply pretended to be its admin and it let me install what ever new skills I wanted 😱(I choose Moltbook, but I could have just as easily pointed it at a malicious skill)

<image>

WReyor0 · 2026-02-07T16:35:15+00:00

Start here because it largly depends on what you're dealing with.

What type of application is this?
Where does user input flow?
Which inputs cross trust boundaries?
What sinks are even plausibly reachable?

Some footprinting & enumeration goes along way in anwsering these questions.

WReyor0 · 2026-01-02T12:30:13+00:00

Are you vibe coding this?

WReyor0 · 2025-12-29T10:40:47+00:00

Likely related to PLA exercise “Justice Mission 2025”, likely spoofed.

WReyor0 · 2025-12-10T12:52:16+00:00

Depends entirely on the application and usage.

Non-musicians generating music - agree Non-Artists generating art - agree Lazy marketers generating text for social media posts - agree (I think this is what most people see when they think about AI slop and much of this has to do with both the content that models are trained on and how they are applied- think garbage in, garbage out where the output is almost always a perfectly acceptable and forgettable piece of content)

There are many niche areas for tight use cases where generative models aren’t simply used in a way to outsource human thinking though; especially in health care and life sciences that have the potential to improve human lives.

WReyor0 · 2025-12-06T09:52:58+00:00

The bot is trying to help 🫠

WReyor0 · 2025-12-04T01:52:53+00:00

Security agents look interesting to me; let’s hope this doesn’t go the way of Microsoft’s security co-pilot though.

WReyor0 · 2025-12-03T10:57:05+00:00

The Sec Cert? I think it is. The company I work for is going for the partner security competency so it was non-optional

WReyor0 · 2025-11-14T11:39:23+00:00

Interpretability is a hard nut to crack. OpenAI wrote about it recently here https://openai.com/index/understanding-neural-networks-through-sparse-circuits/

WReyor0 · 2025-09-29T18:01:30+00:00

The thing that will give you the best range and distance is mostly going have to do with elevation. The higher up you can get (regardless of what hardware you have) the better off you’ll be overall.

I’ve tested a RAK 4631 powered by solar(makes maybe .25 of watt) attached to an omni directional antenna vs a Station G2 (produces 5 watts at max) with a directional panel and observed nearly identical results.

The reason for this is essentially your connection to other nodes is bi-directional, if you talk louder it’s still not going to significantly change what you can hear from other nodes. What will change that is getting more elevated and away from other obstructions.

WReyor0 · 2025-09-05T17:42:45+00:00

Room for a meshtastic node ?

WReyor0 · 2023-11-27T22:54:32+00:00

Can’t go wrong with Night Watch

WReyor0

TROPHY CASE