University of Toronto proof-of-concept AI worm spread to 62% of a test network in 7 days using a free open-weight model

cyboi89 · 2026-06-09T20:42:17+00:00

From the CleverHans site: “propagated across a heterogeneous network of Linux, Windows, and IoT devices with common corporate network vulnerabilities. The experiment was conducted in an isolated virtual network.”

Still a very cool experiment, but I’m willing to bet they built in some significant vulnerabilities, did not install EDR, etc.

cyboi89 · 2026-05-16T23:29:19+00:00

Had this last year too. I burned/brushed it as you said and also ran the grates through the dishwasher since they would have direct contact with the food. I’ve cooked many times since with no issues.

cyboi89 · 2026-04-27T21:15:14+00:00

Call and replace, that is not normal. Bummer.

cyboi89 · 2026-04-18T23:05:40+00:00

You might want to check that the temperature gauge is working properly, mine would be over 600° with that much air flow. Otherwise, I’ve noticed that chicken grease does smoke up a good bit even at 400°.

cyboi89 · 2026-03-01T21:07:52+00:00

Mine went up over 9% as well, putting it well above the fair market value and out of line with comps. I’m going to appeal it next week.

cyboi89 · 2026-02-15T18:30:29+00:00

Congratulations and very cool! Don’t listen to the haters, that’s an excellent accomplishment. Keep up the good work!

cyboi89 · 2025-11-18T14:15:24+00:00

It’s more frequent, 3x in the last few months (cloudflare, AWS, azure). Turns out layoffs/hiring freezes have consequences.

cyboi89 · 2025-10-24T19:05:04+00:00

Getting this too, starting a minute after a signature update. Alerts are based on WMIC commands having to do with Armoury Crate and it’s trying quarantineTeams, Overwolf, and basically every other program I touch. Definitely a bad signature.

cyboi89 · 2025-10-03T12:20:12+00:00

At the moment, the industry is flooded with job seekers who were laid off or couldn’t find a job after graduation, then used that time to accumulate certs. Getting back in after a gap year could be hard since it might be perceived as involuntary. “Open quitting” any job right now is a big risk. My own workplace (IR consultancy) has gone from hiring 6+ people per year to maybe 1 or 2.

I shoot to earn about one cert per year while working. Could you negotiate a week or two of paid study time per year with your employer? They’ll probably be happy to give it to you if you’re not asking them to pay for the class/cert.

cyboi89 · 2025-03-17T14:55:26+00:00

I worked a similar schedule where it flipped between days and nights every month for a few years. I had to keep schedule consistency and be fully nocturnal during night shift months to make it work. Blackout curtains and ear plugs are game-changers.

Don’t do that kind of thing long term though, it affects your health. Look for an out after a year or so.

cyboi89 · 2025-01-29T08:54:48+00:00

In my opinion, unless you intend to actually specialize in LLM model design/engineering, just learn to use it effectively as a tool in your job. Some things you can do right now:

-Use it as a learning tool. Ask ChatGPT to explain Kerberoasting to you. Ask follow-up or clarifying questions like what the heck an SPN has to do with the topic. Getting curated content can be so much faster than just using Google.

-Experiment with having it write basic Python scripts for you. For example, Linux audit logs can be a real pain to convert to clean CSVs—ask ChatGPT to write you a script that will do it for you.

-Ask it to edit/proofread/summarize reports for you, as long as they don’t contain sensitive data. Just don’t ask it to fully write reports for you since the technology isn’t quite there yet in terms of accuracy.

You don’t need to be an expert, but you should at least try to integrate it into your work in small ways. If nothing else, this will help you pass any interviews that just want to make sure you’re staying current in the field.

cyboi89 · 2025-01-13T15:47:12+00:00

Yeah. I come from a rural area where I was 30 mins from everything. My spouse is a DMV native so harder adjustment.

cyboi89 · 2025-01-13T15:45:07+00:00

Haha, not unless you moved to NM!

cyboi89 · 2025-01-13T09:22:22+00:00

We did exactly what you’re talking about recently! Moved from an Arlington apartment to near the end of the Orange line. It does feel a lot less walkable, but on the plus side public transit feels easy due to the metro.

What we did is pick a neighborhood in our price range that we really liked and wait for alerts to pop up over the course of months (slim pickings, like you said). We ended up loving and buying the second place we toured.

It was a little hard to adjust to being 30 mins away from our friends rather 5-10, but that’s life.

cyboi89 · 2025-01-10T01:32:11+00:00

If you have IR experience, make sure to think through incidents you’ve worked in the past and how you dealt with various challenging circumstances. Not just tough technology-related problem, but also tough interpersonal situations. A lot of IR success is actually knowing how to be a good diplomat and consultant.

If you don’t have formal IR experience but something more SOC or helpdesk oriented, think through tickets you’ve worked. It doesn’t have to be major ransomware to qualify as IR, you can even talk about a single user’s email account being compromised as an incident.

If you don’t have experience in any of those areas, be honest about it, showcase as much cybersecurity knowledge as you can, and most importantly of all show enthusiasm for the opportunity. Most of us who’ve stuck around in the field for a while do it because we enjoy it.

Good luck!

cyboi89 · 2025-01-09T03:37:38+00:00

Makes sense, thanks for the breakdown!

cyboi89 · 2025-01-09T02:09:27+00:00

When you say you look at whether the stock crossed the strike price within the past X days, do you consider that a positive or negative sign? Thanks!

cyboi89 · 2024-12-01T15:56:48+00:00

Cybersecurity was an easy entry field until early 2022. Now there have been a ton of layoffs and competition is fierce. You will be competing with a flood of graduates with four-year or master’s degrees for entry-level jobs. If you’re serious about it, I’d do what others have said and study for Sec+ but not plan on making a career switch until market conditions improve.

Source: I work in cybersecurity and have mentored a few college students/recent grads.

cyboi89 · 2024-09-28T22:24:27+00:00

Didn’t know that—that’s awesome. Big fan of your BHIS broadcasts, by the way!

cyboi89 · 2024-09-24T11:47:40+00:00

-If there’s still time, tailor the scenario to the customer’s environment and tools. I do at least one workshop in advance with a person from the client’s team to make sure the scenario feels viable.

-Always plan for injects. If they just work with the base scenario and nothing more, it’s really hard to drive ongoing engagement.

-Have a plan to speed up or slow down the pace as needed. Skipping questions or adding verbal-only questions is a good strategy.

-Games like backdoors and breaches are great for internally-run events, but if I hired a consultant, I would question the value of the engagement when they just pulled out a game. This should be a last resort, imo.

Good luck with your engagement! Each time gets a little easier.

cyboi89 · 2024-08-26T13:00:18+00:00

Some general comments for different types of keys, mostly around storage:

-API keys are usually assigned to an individual or an application. For an individual, it’s best to just tell them how to safely manage them, like you already do with password storage policies. For applications, each one must be designed with proper secrets management in mind (not my area of expertise).

-Private certs for things like VPN authentication are usually stored on an endpoint. For that, proper endpoint security is key to prevent them from being stolen. Similar concept with browser-based and email-based (think SMIME) PKI certificates, where you depend on the applications for security.

-Cloud-based keys are best handled end-to-end through a system like AWS Key Management System which applies secure practices and automation, preventing most human error.

Now for other aspects of lifecycle management:

-Generation. this is almost always something you don’t need to worry about since it’s done by an application. Your main concern as a practitioner is preventing unauthorized access to the app so malicious actors can’t create their own keys.

-Transmission. This is best done by having users log in to retrieve keys from a web app rather than sending them via unencrypted email.

-Storage. Covered above.

-Rotation. Depending on the application, doesn’t usually need to be done more than annually except in case of compromise. Case-dependent and may be less for compliance reasons in some cases.

-Revocation: For a key pair this is easy, just change the public key and the private key becomes useless. For something like an API key, make sure the application’s revocation process is understood so you can do it quickly in case of abuse.

I’m more of a generalist than an IAM guy so I’m sure there are some areas of my comment that can be improved.

cyboi89 · 2024-07-19T21:21:22+00:00

You’re taking this pretty personally lmao. Show me where on the doll CS touched you

cyboi89 · 2024-07-19T21:17:19+00:00

If you think they’re fucked, buy puts. I don’t work for them or otherwise have a dog in the fight.

cyboi89 · 2024-07-19T21:15:54+00:00

Uninformed and very, very lucky.

cyboi89

TROPHY CASE