Jon Gorenflo 🇺🇦🌻
@flakpaket
Family Man, Army Vet, Consultant, Founder @StartATTACKD, @SANSInstitute Principal Instructor, @hthackers Director.
It is more important to have notable character than to be a notable character.
OMG. Watching ChatGPT agent try to navigate a travel site to find a flight is as bad as watching old people use computers and talk to themselves as they continuously struggle with the interface. 😂
The man who humbly asks, "Am I right?" and then proceeds to test and prove his position by earnest thought and the love of Truth, will always be able to discover the true and to distinguish it from the false, and he will acquire the priceless possession of discrimination. - James…
Pro Tip: Any time you see "gem install" in setup instructions, look for "docker pull". If you don't see it, run away.
I don't mean to cause a flame war... but I legit wonder this... Outside of MSF, Rails, and... umm some @digininja tools... Is there anyone who's using ruby? Is that language a zombie now?
I am going to start referring to my "research assistant" because it makes me sound more important and accomplished than saying, "Let me ask ChatGPT".
Excited to be sponsor @WWHackinFest again this year! 🎉
We would like to give our thanks to @StartATTACKD for being a Copper Sponsor for Wild West Hackin' Fest - Deadwood 2025! We are so grateful for your continued support! Be sure to check out all of their services here: attackd.com #WWHF #Deadwood2025 #TheFutureIs
OpenAI's image generation is now indistinguishable from trolling. And yet... there's something off w/ this picture. Not sure what, but it's weighing me down.
Halfway through #SANSFIRE and you’re crushing it! 💥 Day 3️⃣ brought intensity, insight, and maybe a few “a-ha!” moments. These midweek milestones are where mastery begins to click. Whether you nailed a lab challenge or helped someone else level up, today was a win. Reset…
The AI hype cycle is exhausting, but I'm trying to devote time to writing each week on what I learn. TechTarget just published my article on prompt injection attacks here: techtarget.com/searchsecurity… #AI
Most people are looking for fat & cost savings in government. No, no, no (outside defense). It is in EDUCATION & HEALTHCARE that the costs are running wild.
Car folks: For the average brake pad replacement, when do you recommend replacing your rotors?
a fun prompt for introspection is "what contribution to societal flourishing do you most crave to be recognized for" and mine is definitely my list of synonym-based puns Unparalleled Misalignments
If you’re using Azure Front Door WAF, make sure you select the correct IP match variable or you’re gonna have a bad time. Here’s a standalone tool you can run from CloudShell to check for insecure Front Door WAF rules that utilize RemoteAddr. github.com/nyxgeek/frontd…
Does your WAF use IP restrictions, or are they more like IP recommendations? @nyxgeek reveals the difference between RemoteAddr and SocketAddr, a distinction that could create a 'sleeper' rule that looks secure but is easily bypassed. trustedsec.com/blog/azures-fr…
I _really_ like this take. The technical impacts are practically nil. Help spread this around. Seriously. This would be a lovely step in the right direction.
I think AI will lead to a few new "fundamental human rights". For example, I believe, as a human being, I have a right to know if the other participant in a conversation is a human, a bot, or an AI agent. All communications from bots and agents MUST be tagged appropriately. 1/3
Indeed. There's a curious element to conversing with an AI while believing it's human and vice versa.
I think AI will lead to a few new "fundamental human rights". For example, I believe, as a human being, I have a right to know if the other participant in a conversation is a human, a bot, or an AI agent. All communications from bots and agents MUST be tagged appropriately. 1/3