mcgrewsecurity.com | Senior Cyber Fellow at @martinfederal | Offensive Computer Security; AI; Photography; DJ
- Tweets 66,992
- Following 2,150
- Followers 17,802
- Likes 37,480
Now I don’t know a lot about OnlyFans, but I do know those 42 people aren’t the ones generating the revenue
OnlyFans is now the world's most revenue efficient company.
Just 42 employees, generating $37.6M each.
Beating Apple and Nvidia.
Community note
This is a wholly dishonest claim.
OnlyFans has a core staff of about 42 to 51 full-time employees but also uses hundreds of contractors for tasks like content moderation.
"Content on the platform is user-generated and monetized..."
en.wikipedia.org/wiki/OnlyFan
271
4,873
131,233
4,936,451
In one headline, CNN erases decades of whatever little progress we have made on user education
36
564
3,842
Criminals have been using sophisticated tools to steal cars. And Canadians are rightfully worried.
Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.
🔗: canada.ca/en/public-safety-c…
Community note
The flipper zero's sub-GHz wireless antenna can pick up the signals from car key fobs. However, playing them back to modern cars won't unlock them because of a feature called "rolling codes" that changes the code with each use.
zdnet.com/article/7-cool
31
482
3,389
267,847
.@ResortsWorldLV is going to search our rooms daily to protect us from the “well-known hacking convention”.
208
166
1,509
708,767
If you find these in your child’s room, it’s time to have a serious talk with them about the dangers of hacking
100
119
1,199
107,243
QAnon followers are attempting to use Ghidra to remove redactions from PDFs and I just wish I could be a fly on the wall
69
212
1,013
I hope I’m not spoiling anyone’s CFP prep with this 0day, but what if I told you it was possible to:
- Be a hacker
- Be an infosec pro
- Party hard
- Have circle of friends/backchannels
- Not be shitty based on gender/race/garbage ideas
*all of the above without compromising*
15
106
605
The only thing that can stop a bad guy with a Flipper Zero is a good guy with a Flipper Zero. I have a right to protect my family and community.
7
84
586
30,797
Just saw a t-shirt at Black Hat that said simply: “I don’t have purchase authority”. Smart!
9
84
557
A buddy left his laptop in the lab, locked with facial recognition. I pulled up his Facebook picture on my phone and got in. Fucking lols
17
431
433
Look what they have on Temu 😂 local warehouse thankfully, could you imagine ordering this and it coming through customs from China
31
22
389
36,364
Hacking toy seller gets insecure about continued development of tons of of hacking toys and goes on tilt. Real good look.
12
8
309
30,390
Update: They came back with a stapled set of pictures of wifi pineapples, jammers, like 3 or four pages of what you’d get from hak5, hacker warehouse, etc.
I would recommend not leaving out anything with an antenna, or that resembles anything from the above. #defcon32
30
41
281
106,570
Until the model for the ad industry changes dramatically in a way that respects users’ privacy, security, and resources, I will continue to recommend that users and businesses implement as much ad blocking as technically possible.
Online websites and creators are supported by ads.
I thought that was pretty common knowledge?
Ad blocking is the exact same thing as piracy. Literally the exact same thing. Ppl will still do it and I've been guilty of it at times, but we just need to be aware of the impact- LS
11
47
256
I think everyone's first experience with IDA back in the day was probably:
"this is what you use to hack games?"
<drags an exe in>
<takes one look at the screen>
nope.gif
12
18
277
I will be teaching a 4-hour workshop, “Introduction to Reverse Engineering With Ghidra” at @defcon 27, and I’ll fill you in with logistics as they’re sorted.
Target audience is folks just getting started in RE. It’ll be fun, and I’m really looking forward to it.
19
39
261
The “dd” command originally stood for “carbon copy”, modified since “cc” was already taken by the C compiler.
11
23
258
50,502
In 2022 I am blocking the accounts of all promoted tweets on my timeline. I’m already about 700 in.
20
9
250
A @ResortsWorldLV security staff member just came by to check the room. I asked her what they’re looking for, and she said “we’re just making sure you’re not hacking our stuff”. Took a look around the room briefly and left. #defcon32
Resorts World, one of the hotels that has a block for the DEF CON hacking conference this week, says it will perform daily room searches, including those with a privacy sign
“A well-known hacking convention will be held in Las Vegas during your stay”404media.co/hotel-to-search-…
42
37
263
87,631
RIP my mentions lol, anyways, here's some advice for any hotel when you're not in the room this week:
- Keep your room looking uninteresting
- Keep gear out of sight, especially stuff they may be trained on: WiFi Pineapples, Flippers, picks, anything that looks like those (1/4)
.@ResortsWorldLV is going to search our rooms daily to protect us from the “well-known hacking convention”.
15
27
248
76,330
Just put an order in for @defcon stickers. I'll have this, and another one to be revealed soon.
13
32
235
14,186
Recent #Qanon Ghidra nonsense. Apparently it's now a proxy, and good for web application, steganography, and social media analysis. Basically everything but what it actually does.
12
40
242
your local retired ham graybeards will make you their hobby till they find you and sic the FCC on you
7
2
239
5,764
Is it infosec The Purge and nobody told me? So many people hitting live targets with log4j and talking about it openly
9
18
219
Don't fear the tool. Fear the vulns. Police are alerting on @flipper_net's potential for bypassing access control systems. I wouldn't call it a bypass. These are systems *missing* access control and relying on solely security by obscurity.
3
51
221
23,910
USB drives for “Intro to Reverse Engineering with Ghidra” are written and ready to go.
...there’s probably more efficient ways of bringing 1.6 terabytes of storage to @defcon 😂
13
29
214
That’s just the entertainment system. You can rest well knowing all critical systems are probably running Windows CE or other such bullshit
8
6
227
10,589
Does a software bill of materials include all the stackoverflow answers you copy/paste from?
19
22
214
At first I thought “oh maybe they had an AI produce this”, then by the end I was like “maybe they should have had an AI produce this”
2
208
16,506
Watching more episodes of Star Trek: Next Generation last night it occurred to me that most of their problems would be mitigated by better network segmentation on the ship
11
34
195
For ~14 years I've been obsessed with the way this Super Metroid walkthrough is full-justified in monospaced ASCII gamefaqs.com/snes/588741-sup…
15
89
160
So I made it through a cool billion tokens on @OpenAI and they sent me this today. Bless 🙏
13
6
169
18,030
When we’re fired upon, do we count each bullet as a separate attack? Each step towards us? Every glance through binoculars?
Texas Dept of Information Resources reports 10k attempted cyberattacks per minute coming in from Iran, says @GovAbbott. Be ‘particularly vigilant,’ he says. #Iran #txlege
10
31
141
Broke: Memory-unsafe languages are promoted by the vulndev/exploit industry to keep them in a job
Woke: AI code generators were created by web app testers that want an easier time bypassing filters
4
33
157
Nobody attending @defcon (or any other infosec con) is too cool/elite for you to approach to talk/hang. Take advantage of it.
9
38
139
The "Popcorn Time" ransomware, circa 2016, allowed victims to decrypt by infecting two other victims. I think we'll see this concept revisited soon, but with targeted individuals being coerced into infecting their workplaces, either through files held for ransom or kompromat.
2
45
131
You can be mad at eBay for using your browser to port scan your local host, BUT the real issue here is that your browser is so complex and has so many features that it allows for this to happen, without any kind of indication or notification.
4
24
122
apologies/you’re welcome to all my contacts that are about to get my nasty pics, browsing history, etc
41
9
122
25,558
If you're going to play around in various CTFs and hands-on things at @defcon, go ahead and install a VM from the "Kali Everything" ISO and run updates. It's way bigger than you need, but you won't have to rely on a connection to the internet to install that one tool you forgot.
7
15
121
19,855
Very important to bring your VA card with you on coup attempts
.@NicolasMaduro: Among the terrorist captured today they were 2 U.S. military officials from Texas. According to a member of the band they are "intermediaries with Trump's head of security". Their names are Luke Denman and Aaron Barry, members of the company Silver Corp.
7
21
94
Google would regain probably 90% of the good will they lost simply by turning Reader back on. Flip of the switch.
6
7
112
I’ll mostly be posting on @defcon’s instance of a social networking platform, which they’ve blogged about recently on their site.
It’s against the rules of Twitter now for me to link it, mention it’s name (even in my profile), or say what my name is there, but I’m easy to find.
4
13
110
84,485
how likely is it that you’re sitting on nginx 0day but bad enough at monetizing that you’d go for this
6
122
13,553
QAnon believers are getting closer and closer to shooting themselves in the feet with Ghidra. Thanks to @ktl_____
for pointing me at some recent chatter.
6
21
102
If you think this is wild, imagine this: you have infosec peers that are currently and *concurrently* doing their day job and moonlighting as blackhats, malware authors, etc.
14
8
110
Moon’s haunted
12
36
107
This thing is going to be expensive
New photo of the back of the Flipper One
heise.de/news/l-f-Neues-Foto…
USB-C
24 pin GPIO
SMA
M.2 expansion (S3 Key B) / USB3.0 / PCIe 2.1
#SoftwareDefinedRadio #SDR
#FlipperZero #FlipperOne
9
5
117
9,586
don’t worry y’all i’m bringing a flipper zero, an esp8266 deauther, and a yagi.
the sphere doesn’t stand a chance
16
7
107
12,897
Bonus tip: People searching your room might just steal shit with a "danger to the property" handwave because it's cool, they want it, and they figure you haven't got much recourse. The world's a shitty place (5/4)
2
1
111
5,024
The NSA posted a bit more info about the open source public release of GHIDRA nsa.gov/resources/everyone/g…
3
73
118