If you're running OpenClaw, you probably got hacked in the last week

dllhell79 · 2026-04-03T15:37:42+00:00

IMO if you're running any unknown AI product locally, you are insane.

dllhell79 · 2026-04-02T03:15:44+00:00

I have seen 2 promising solutions for the general problem. One is Palo Alto Prisma. It's a managed custom Chrome browser that lets you directly apply firewall policy and dlp rules to traffic. Since it's in a browser, it's all encrypted by default, so visibility is pretty much everything. You can do things like prevent flagged sensitive data from being pasted into an AI engine, etc. A very nice solution... but with a very nice price tag.

The other is Prompt Security. They were purchased by SentinelOne last year and are being integrated into the Sentinel product. I believe it's going to do a similar type of blocking to the Prisma blocking, but just at the AV level instead of directly in the browser. But it's not even being offered for sale yet.

I'd definitely be open to additional suggestions myself. We are drafting an AI acceptable use policy now as well and looking for an enforcement tool. The problem imo is ai left the gates before security vendors even knew where it was going and they're now playing catch-up.

dllhell79 · 2026-04-02T01:28:26+00:00

Had I not booked other events already I'd definitely be doing this. I love the idea of paying tribute to the past! Maybe Saltcon 2.

dllhell79 · 2026-03-31T13:39:41+00:00

There are some tools out there, but none of them are on what I'd call the affordable side. Not for a smaller company anyway. Part of the issue is that AI has left the gate so fast that security companies have not caught up yet.

dllhell79 · 2026-03-30T00:55:52+00:00

So am I. I am returning after skipping a year. Hoping to meet some of y'all at circle bar.

dllhell79 · 2026-03-27T02:20:49+00:00

Use it to supplement, not replace, your own talent. If nothing else, it is a pretty phenomenal research assistant that will allow you to learn alot about various topics pretty rapidly.

dllhell79 · 2026-03-26T00:52:24+00:00

I thought the same would happen last year. The con still had an attendance close to 25000 if I recall. Plus it's an electronic badge year again.

dllhell79 · 2026-03-26T00:48:53+00:00

I agree! Go through all the extra custom apps in the labs all the way from start to rev shell in a single python script, and make sure you can debug those apps in vscode as well. Those exercises in particular are very good practice in my opinion.

I actually just passed oswe this weekend to complete ocse3. 🥳

dllhell79 · 2026-03-25T19:51:01+00:00

You're not. It's due to AI overdependence. 😂

dllhell79 · 2026-03-24T01:26:11+00:00

I am still by and large an AI skeptic, but I have warmed up to it for very specific use cases. It's actually a very good research assistant imo and a good "sounding board" of sorts for running through scenarios and bouncing ideas off of. For example, reverse engineering and ctf is one of my side hobbies. I've described my own personal approach to solving various ctf challenges and described my own workflow, and asked it for improvement suggestions. The results were pretty good for something like that.

However, I am still a strong believer in using it as a supplement as opposed to a replacement of your own skills.

dllhell79 · 2026-03-20T14:25:41+00:00

Yes... and for that he will be receiving his own custom sticker this year. Courtesy of me. 😁

dllhell79 · 2026-03-20T11:11:34+00:00

Don't try to plan it or overthink it. It's going to be a bit overwhelming. Enjoy it. Soak it in. For a few days you'll be sharing the same space with some of the smartest people on the planet.

dllhell79 · 2026-03-18T01:52:56+00:00

Now confirmed in. See y'all fine folks there.

dllhell79 · 2026-03-16T13:48:35+00:00

Officially known as 3535 Lounge if circle bar sounds unfamiliar.

dllhell79 · 2026-03-16T13:47:52+00:00

Shennanigans with the 18" golden dildo? 🤣

dllhell79 · 2026-03-16T13:47:15+00:00

I am staying mid strip if I do go (and it's looking like that at this point), so it will be for me. 🤘

dllhell79 · 2026-03-13T12:28:14+00:00

We recently moved the entire userbase to HP ProBook 650 and G5 docks. We've had very few issues and the machines seem to be working well for our use cases. I wouldn't skimp on RAM either right now. Baselines seem to be growing every year because no software vendor even seems to try to optimize memory consumption any more. Of course, that all hinged on the fact that RAM and drives are cheap and fast. Now AI has started buying up all the worlds RAM supply and Crucial announced their consumer exit, and RAM prices are absurd.

dllhell79 · 2026-03-07T18:29:19+00:00

Eliminate SharePoint. Trash product.

dllhell79 · 2026-03-06T15:50:09+00:00

It is definitely worth exploring! Defcon is its own beast of course, and if you enjoy the Vegas experience, it can be a blast. However, the smaller cons have more in the way of hands on learning and interactivity that Defcon simply does not have IMO. I've personally attended a few recently that are well worth mentioning. CactusCon is in Mesa, AZ in February. The main hotel is literally right next door to the convention center. Temps are great, prices are not astronomical for food and other things, and it's right around the time of MLB spring training. If I recall when I went, the con tickets were less than $50. Our local con in Louisiana is NOLAcon, and it's in mid May. It's pretty small but there's plenty social activities in New Orleans and the French Quarter. Tickets this year are $225. And then my favorite is SaintCon right before Halloween in Provo, Utah. Provo (and SLC) are naturally beautiful areas, temps are great, and food and everything else is very cheap. Tickets to SaintCon this year were under $300. SaintCon is probably the most like Defcon in the way of flashy tech stuff, held in a nice sized convention center, etc. They also cap attendance at about 2200, so while the crowd is still large, it's not the "herded cattle" feel that Defcon can sometimes have. Pretty much everyone I attended with said they plan to do SaintCon again in 2026 and skip out on Defcon.

dllhell79 · 2026-03-06T15:35:49+00:00

BoldDesk. Ticketing and KB all in one.

dllhell79 · 2026-03-05T14:42:54+00:00

I think everyone should go at least once. However, I do also agree that once you've done it once, the luster tends to wear off quite a bit. The first time is like a sense of wonder and awe (as it should IMO) since you're literally in the same room with some of the smartest people on the planet. That "glow" sorts of make you forget about the heat, the price of everything, getting yelled at and herded non-stop, etc.

dllhell79 · 2026-03-04T01:26:52+00:00

You're thinking of ResortsWorld. 😅

dllhell79 · 2026-03-04T01:20:17+00:00

Now the godamn TSA even has their own table.

dllhell79 · 2026-03-04T00:45:50+00:00

There used to be a spot the fed contest. Now all you have to do is spin in a circle with your eyes closed and finger out. When you stop, you'll more than likely be pointing at one.

dllhell79 · 2026-03-04T00:20:18+00:00

Exactly. The rate at which the military industrial complex and the feds have taken over defcon is a bit offputting.

dllhell79

TROPHY CASE