S̀͆̚h͂ͬ͆̇̋̍̒e͐ͬͤ͑͂ͯ̌lͦdo̓̄̆n̄̋ͦ̍ͦ̏ @Poppa_Shell

@HackingDave

@HackingDave The fact that half of them were dudes wearing bras made me lol. 🤣

Mama always said better late than never. So here's your same-day notice... DC940 is TONIGHT. - "RemoteApp Bypasses & Breakouts" with nullspace - Live demo on Windows Server 2025 Graffiti Pasta (basement), Denton | 6:30 PM dc940.org #DC940 #Cybersecurity #Denton

@HackingDave Have you checked out @mattpocockuk’s Sandcastle project? Looks slick. Gonna try it out soon, along with his suite of skills. github.com/mattpocock/san… youtu.be/E5-QK3CDVQM?si…

Tonight! Come watch DeputyDoge crack safes. No drill required.

DC940 @DCG940

2 months ago

This month, DC940 is getting physical on 4/20 Speaker: Deputy_Doge Talk: Basic Safe Cracking: Group 2 Safe Dial Manipulation No drills. No power tools. Just technique. All skill levels welcome! 📍 Graffiti Pasta, Denton (basement) 🕕 4/20 @ 6:30 PM dc940.org

0 1 2 96 0

@HackingLZ @CharlesDardaman The East side of Dallas is lacking. We need another DEFCON Group or something in McKinney/Anna/Melissa area. I lead DC940 and we also have DC214, DHA, NTXISSA, Dallas 2600 and various others. Here is the InfoSec Calendar for DFW. tinyurl.com/DFWInfoSec

This month, DC940 is getting physical on 4/20 Speaker: Deputy_Doge Talk: Basic Safe Cracking: Group 2 Safe Dial Manipulation No drills. No power tools. Just technique. All skill levels welcome! 📍 Graffiti Pasta, Denton (basement) 🕕 4/20 @ 6:30 PM dc940.org

Alright, I've stayed away from the Mythos stuff for a little bit. Going to comment on that, but AI as a whole. First, this AI industry is absolutely insane. I feel like I'm back in the 90s/2000s with innovation, but it's not tempered or methodical - it's pure chaos. Everyday there is some AI-dude-bro (or gal) clawing for followers claiming end of cybersecurity, end of software engineering, or this breakthrough changes everything. We're seeing the "streamer" effect of video games now exploding in every industry that hasn't been in whatever industry, but is now a AI-expert thus an expert in anything AI touches because they can prompt. Largely it's not, but what it is doing is requiring us to understand what AI will do to virtually every industry in the future. I'm sitting here right now at a conference I'm presenting at, and I spoke with an individual which was like man... I'm just trying to get through this SAP implementation at my company, I don't even know where to start with AI at the moment. We are still in the extreme early stages of what AI can do, and I think that's really the exciting part - we are at the infancy stages of this. Most enterprise can't handle AI, as most companies couldn't handle agile workflow when it came out either, it took time, but eventually adopted. I won't dive deep into the scalability of releasing AI to the masses based on compute, power, or subsidies because these are real hurdles we need to solve. As you can see with Claude's spike in popularity is causing them to have to dumb the model down upwards of 65% just to stay afloat (Claude is absolutely awful right now for coding - beware). Mythos is cool, really cool - but it's not earth shattering as claimed. The potential here we are seeing a glimpse of what can actually happen though. The ability to do extremely complex tasks, with insane context windows, and high-end reasoning. But, what we saw from other current frontier models including open LLMs, they were able to find the same issues, but had to be specifically targeted towards those code sections because of context limitations and complex task reasoning which was drastically improved in Mythos. What does this mean? Basically. Nothing. It's a lot of marketing hype - but it does prove out that as these models become smarter, it will inevitably produce much better code, be able to work in mind blowing fashions that we haven't seen before - but it will all come down to cost. Right now Mythos is extremely expensive because of the compute needed, and we may solve that over time, but it's not there yet. The subsidies right now means AI is not ready. Scale is our biggest bottleneck right now and until that's solved, the industry will not move as fast as it could. What's particularly impressive is how the open models are starting to perform on par (or better) with the frontier models and become way more efficient without restrictions (turboquant) as an example. Our ability to use near parity models on our own hardware will only continue to get better which is a huge threat for these companies. I at first looked at Cursor's implementation of Kimi as they were falling behind because it wasn't "their own model". That wasn't accurate, its that the open models are performing substantially better than from 6 months ago, and will soon be leading the charge or close to it. What does this mean for cybersecurity? The industry is changing rapidly, and I absolutely freaking love it. We needed a swift kick in the ass in this industry that was largely stagnant for the past 10-15 years. What used to be a handful of incredibly talented security researchers that knew systems internals, savants at reverse engineering and reading through millions of lines of ASM is now being afforded to the masses, but still has a long way to go. The reason AI is so good at doing this stuff is because they paved the way, and will continue to do so in different ways. Not eliminated or removed, enhanced and better than ever. AI is single handedly the largest theft of plagiarism that has ever happened in human history. I just got a 10K check from Claude for ripping off my Metasploit book to train its model to be smarter actually :P I am all for things that make the world a safer place. Our goal in cybersecurity is to fix the world, make it less harmful when using technology - we should be adopting this. Note that it's going to come with a ton of fluff, hype, doomsday predictions, people that are now AI exports or coding experts but have never written a line of code themselves. That's all to be expected if you have ever been to an RSA conference. AI will product meaningful change in an industry that needed it. Cybersecurity is much more than bugs or defects, it's protecting against risk. AI is a new emerging risk, it's going to keep us insanely busy right now, and for the foreseeable future.

@HackingDave

Come hang out with us this Monday! Great people, great conversations, and some pasta 🍝

DC940 @DCG940

3 months ago

Reminder — DC940 meets this Monday! @GeekyVoices presents: Chaos to Control: Automating the Identity Lifecycle in the Cloud 📍 Graffiti Pasta, Denton 🕡 6:30 PM 💰 FREE Join us: DC940.org #DC940 #Cybersecurity #CloudSecurity #Denton #InfoSec

0 0 2 217 0

@HackingDave you have to step up your game now. 🤷🏻‍♂️ instagram.com/reel/DU_WyXbEX…

Obra/superpowers as a skill in Claude is a must-have imo for Claude. It forces claude to create sub agents for specific tasks, stops short cuts, keeps iterating through into a desired solution and has cut error rate on development down substantially. Super cool. Easy to add: /plugin marketplace add obra/superpowers-marketplace /plugin install superpowers@superpowers-marketplace For small things, it will take a bit longer (meaning more token usage), but for big projects - this is a night and day difference. github.com/obra/superpowe…

@HackingDave Totally agree. I have been recommending it as well. I need to see if he is/has added agent teams.

I passed my research to law enforcement. Looks like they are using it. Super cool to see this unfold live. I hope they find her.

Just released a new tool that scans for Bluetooth devices including Bluetooth Low Energy (BLE) devices. It will scan for all, filtered by MAC, or if you have the Identity Resolving Keys (IRK), can be used to determine the Resolvable Private Address (RPA). Works on MacOS, Windows, and Linux. github.com/HackingDave/bt… #TrustedSec #BinaryDefense

No matter what level you are in an organization, communication is paramount to success. Come learn how to build better BU and cross BU lateral and vertical understanding through standard nomenclature translation between business speak ($ & Risk) and cli output.

DC940 @DCG940

4 months ago

February Meetup - 2/16 Speaker: @PhantomNeural Talk: Inside the Mind of a CISO: Privilege Escalation for Operators--Learn to bridge the gap between technical truth and boardroom risk. Graffiti Pasta, Denton @ 6:30 PM dc940.org #DC940 #Cybersecurity #InfoSec

0 0 1 543 1

Hope to see you there!

DC940 @DCG940

4 months ago

February Meetup - 2/16 Speaker: @PhantomNeural Talk: Inside the Mind of a CISO: Privilege Escalation for Operators--Learn to bridge the gap between technical truth and boardroom risk. Graffiti Pasta, Denton @ 6:30 PM dc940.org #DC940 #Cybersecurity #InfoSec

0 0 1 543 1

🚨 TONIGHT! DC940 January Meetup Is AI your security's greatest ally or hidden threat? Find out at 6:30 PM. 📍 Graffiti Pasta, Denton dc940.org #DC940 #Cybersecurity #InfoSec

"Is AI your security's greatest ally—or hidden threat?" Join DC940 on 01/19 as @Andy_Thompson dives into polymorphic malware, biometric attacks, and agentic AI exploits from real world research! 📍 Graffiti Pasta, Denton | 6:30 PM dc940.org | #DC940

Happy 3rd Monday! Tonight's the night.🎄🎅 Our casual holiday hangout kicks off at 6:30 PM. Come close out the year with us! dc940.org #DC940 #Cybersecurity #Denton