Every SecOp person

this was a fun one. you're used to seeing evasion functions like this in malware but we're seeing it more in phishing kits these days too. great writeup by @MSAdministrator: sublime.security/blog/kratos…

Check out my first “official” blog at Sublime Security where I talk about a discovered “business term steganography” approach which I think is pretty neat. A huge thanks to Brandon Murphy & Tony Sleva ! They are both wizards!

@sysaaron is getting a Dickbutt tattoo. The catch: you have to fund it. Raise $5,000 for Hope House and the ink goes on at SecKC in June. Permanent. Public. For charity. Donate now: orders.seckc.org/ #SecKC #HopeHouse

Do you want to contribute to a good cause?We’re collecting donations for charity now through our June meeting. What do you get out of it? Good feels and the knowledge that you are part of the reason @sysaaron has a tramp stamp! We’re less than $400 away! orders.seckc.org/event/stamp…

I wanted to share a new blog post I’ve been tinkering with called “The Agentic Web”. This post is my thoughts on a direction that LLMs can (should) take. As a caveat the ideas are mine but did have Claude help :) letsautomate.it/article/agen…

I’m excited to share that my talk titled “LLMs: Prompting, Agents, Assistants, Oh My!” was accepted for @_BSidesKC on April 25th! We’ve all been hit by this tornado called LLMs. Join me as we navigate the yellow (LLM) brick road!

Checkout of this draft paper I cowrote about the externalities of generative AI on our society. #llm #ai linkedin.com/posts/josh-rick…

Getting mid results from LLMs? @MSAdministrator says you're probably not giving it enough context, and he's right (don't @ him) Part 2 is live on @THOR_Collective Dispatch. full breakdown, advanced example included. dispatch.thorcollective.com/… #cybersecurity #ai #thrunting

Big news on the internet today as the United States Department of Justice wildly underestimated computer nerds Mahmoud Al-Qudsi (@mqudsi), the founder of NeoSmart Technologies, is a nerd who specializes in computer forensics. His entire career (dating back over 2 decades) has been focused almost exclusively on data forensics, data restoration, and data backups. Because Mr. Al-Qudsi is a nerd who unironically enjoys painstakingly reviewing computer forensics at the byte level, something almost no one else on the planet enjoys, Mr. Al-Qudsi began exploring the recently released Epstein files. Today he released a write-up explaining the problems with the Epstein redactions, errors they left in the PDF files, ... and all sorts of other artifacts the Department of Justice accidentally left behind. By leveraging these different digital artifacts, it is possible for experts such as Al-Qudsi to reconstruct the files without their redactions. See subsequent post for his write-up tl;dr he's reverse engineering and reconstructing epstein files. but hard and will take lots of work pic: me trying to understand computer forensics based on fonts used

I haven’t written a blog/article in a long while. This is my first stab at getting back into the rhythm and I hope it helps! Check it out!

Most security pros prompt LLMs like a Google search and wonder why the output is mid. @MSAdministrator breaks down what actually works on @THOR_Collective today; role-stacking, systems thinking, and more. ✨ Join us at 👉 dispatch.thorcollective.com/… #threathunting #thorcollective

we have seen a 100x increase in ICS phishing attacks the past couple months. we are doing 2 things: 1. last week, we released support for automatic calendar invite remediation in @sublime_sec 2. open sourcing a toolkit for the broader community to remediate calendar attacks, no matter your email security solution 🧵

When I was a kid we weren’t allowed our Nokia phones at school. We would use pay phones & beepers. Schools around the country are banning phones. Kids nowadays are chatting in a shared Google Sheet. We are the same and I’m here for it.

We’re hiring for my team — we need detection engineers ready to deep dive and create rules to detect #phishing threats! If interested please hit me up or dm me !

RFK Jr.: "I was at the bottom of my class. I started doing heroin, and I went to the top of my class. Suddenly, I could sit still and I could read." (2024)

Chinese state-sponsored actors are targeting global telecommunications and other critical infrastructure orgs. We’ve joined others worldwide to call these actors out and publish hunting & mitigation guidance to reduce this ongoing threat. media.defense.gov/2025/Aug/2…

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/me…