So first real toot post #DEFCON. Ostrich Lab got 9th in ScavHunt, 14th at RedTeam, and >15 in Blue Team (looking for this number now). Got to see a bunch of people and have some good talks about why people should support Ostrich Lab.

Gave out a ton of stickers and card.. Some special edition NFC cards!

While this year was less about competing and more about building social connections and exploring more of the culture of DEFCON, I am proud of where the team placed. Next year we will show up to compete and bring home some hardware!

Recovery time isn't an option, the OL team is busy working on preparing some talks for the #Memphis #CyberSec scene, working on some coordinated disclosures, and designing the next Ostrich Lab #CTF

Security isn't just for #devs. This #oSC25 talk explains why YOU matter in making #opensource safer, no matter your role. #CyberSec #Linux #SUSE #openSUSE https://youtu.be/J-MkQmDTAWc?si=uRGxjMWQSBZSQNNj

hej, ludzie od #cybersec #dataprivacy (@mateuszchrobok zerkam na Ciebie), czy system Public Alert System, dodawany automatycznie po podłączeniu się do siexi komórkowej, wysyłający powiadomienia zamiast SMSów, jak np. w Korei Południowej jest bardziej safe, mniej safe czy bez większych różnic od systemu Alert RCB działającego w Polsce?

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html

I want to shout one more thing about personal info leaks that I haven't seen enough.

YOU CANNOT RESET YOUR FACE

If you get a text password stolen, yeah, it's a pain. But you can reset all passwords and five years from now it will be little more than a fun anecdote.

If you get your face, fingerprint or iris scan leaked when you are 30 years old, your face stays leaked when you are 70 years old. You cannot reset that shit for your whole life.

RealIDs are ticking time bombs.

I do #DFIR for 4 years now. I started in #cybersec nearly 10 years ago. My #opencti has over 60k reports and dozens of unpublished APT-Samples:

And I still have no fcking clue what #bsdnfs is and why the #NSA fears it.

So my first evil genius robot honeypot, the word frequency one, seems to be getting hit by a distributed botnet.

It started around 2-3 requests per second but seems to be ramping up.

It's using IP addresses from all over the world - could be hacked personal devices? - and a wide range of plausible-looking User Agent strings.

My server is fine for now - 95% idle CPU.

Are there people for whom any of the IP or agent data might be useful? Botnet detectorists?

On the 10th of September I'll be addressing the #Cybersec 2025 congress in Utrecht. Our societies and specifically our IT support systems are not ready for war & upheaval. In this talk, I hope to shake things up a bit. Compliance is not everything! To register: https://app.cybersec-365.com/event/cybersec-netherlands-2025/planning/UGxhbm5pbmdfMjcyNTY3MA==

Kinda lost on what to do, kinda bored

Kinda wanna go for some online cybersecurity qualifications but idk where to start

Can someone point me in the right direction?

I do not know what to post here or how to get started

Oh snap!

"Gazprom Hacked: Ukrainian Intel Attacks Heart of Russia’s Energy Empire"

https://www.kyivpost.com/post/56560

From the "no-need-to-hack-when-it's-leaking-and-leaking-and-leaking" dept:

Website Planet recently reported on a leak Jeremiah Fowler discovered. But it wasn't the Gladney Adoption Center's first leak. And while Fowler praised the center for their response to his alert, DataBreaches wants to know what the Gladney Adoption Center is going to do to prevent more leaks. They've had 3 in the past few months alone.

https://databreaches.net/2025/07/17/gladney-adoption-center-had-serious-data-exposures-in-the-past-few-months-what-will-they-do-to-prevent-more/

Great thanks to @JayeLTee for his help on this one.

https://www.theguardian.com/australia-news/2025/jul/17/clive-palmer-trumpet-of-patriots-united-australia-party-data-breach-ransomware-attack-ntwnfb

The kicker for me is “We do not know comprehensively what information of yours was on the server but you should assume that any information you have provided would have been stored on the server." along with “We do not keep a record of all individuals who were on the server.” and that it was impractical to contact everyone who's data had been accessed.

I have never, ever seen such utter incompetence and disregard for the party members and supporters.

I hope the book gets thrown at the lot of them.

#Cybercriminalité : le #ministère de l’ #Intérieur dope ses #stats

#cybersec #IPsec

https://next.ink/190703/cybercriminalite-le-ministere-de-linterieur-dope-ses-stats/

`The H/W Quick Erase function "uses high-voltage breakdown technology to physically destroy NAND Flash, ensuring data is irrecoverable," asserts Team Group. This patented technique is also shown in the video, where we see plumes of smoke emanate from the drive after the function is started. So, there's a visual and olfactory sign that data has been destroyed, in case you aren’t certain that you have chosen to fry the 3D TLC NAND.`

https://www.tomshardware.com/pc-components/ssds/this-new-ssd-will-literally-self-destruct-if-you-push-the-big-red-button-it-comes-with-team-group-posts-video-of-data-destruction-in-action

Io non ho mai usato l'antivirus... lo sapete perché? Perché il mio sistema operativo è superiore! È... ehm... oddio, aspetta che si è bloccato tutto mentre aprivo il SUDO.

IT & Cyber Sec Fedi folks. What are your opinions on passwords moving to never expire? We're looking into that at work and I'm curious what others are doing? (Obviously regulations and such come first ofc)

Guardate che la caccia è già iniziata ...

By MEMENGINEER Antonio Montillo (AKA MalwareChef) & Pawel Zorzan (AKA okno)

Siamo alla ricerca di nuovi #memengineer da inserire nella "meme4cyber Unit™". Per informazioni scrivi a meme4cyber@redhotcyber.com

I had this in my draft for a week or so, and today I completed it.

https://thatshubham.com/blog/ai