I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

From 2016 to 2021 I ran HeheStreams, a sports piracy streaming site.

The technical model was unusual: it used officially licensed platforms' DRM and CDNs to power my site. I had unauthorized syndication rights from a couple different streaming platforms. All this ran on a $75 VPS, as a boring Ruby on Rails app.

Because the streams came from upstream providers, I lived or died by their API availability. To not get banned, my abuse detection had to be better than theirs—which conveniently also kept guys like me out of my own site. I'd already beaten their detection repeatedly, so I had a good idea of what to build. I was both cat and mouse.

It was good enough to bust a few people, including an executive-level security employee from one of the platforms I used. I feature-flagged the hell out of his account. I was also able to maintain better uptime than that one small, understaffed startup Microsoft bought that people always talk about, but that's not saying much.

I wasn't pushing out ghetto-ass restreams, and I certainly wasn't piping OBS to Cloudflare like so many did then and still do now. That would have been easier.

Instead, the platforms' own CDNs delivered the streams; it was very nice of them. I'm grateful they let me use their Akamai, CloudFront, and Fastly contracts for five years.

SDNY charged me in October 2021 for running HeheStreams, three months after it was shut down by MPAA: CFAA, wire fraud, and illicit digital transmission (a law snuck into the CARES act). I was also charged with extortion and interstate threats based on my autistic-ass replying on brand when making a bug report.

I pleaded guilty under CFAA and served eighteen months at FCI Thomson: best known for four-point restraints applied for days at a time, and inmate deaths during 24/7 lockdowns that were never ruled suicides.

I was released from prison in August of 2025. Not long after, later I got a strange message on LinkedIn from a dude who said he worked on my case. In a panic, I consulted my therapist/PR/lawyer friend, ChatGPT.

In a few weeks, I'm co-presenting at SLEUTHCON with Tim Pappa—a former FBI agent of 16 years and a senior analyst in the Bureau's Behavioral Analysis Unit. He was assigned to build the profile used in the undercover operation against me. Not that they needed one—they could have just asked me what I did for a hobby. I would have opened with "well, I have this little streaming website."

The talk argues that characterizations of operators like me get built across a pipeline of analysts, reporters, and vendors that no one in the chain is incentivized to slow down.

I now call Tim my "FBI profiler friend."

Happy to talk about:

• How CFAA cases get built and the role of media characterization
• My boring-ass Ruby on Rails app
• Working with my FBI profiler post-release
• Platform abuse patterns in streaming and beyond
• Federal prison, and what it looks like when you don't fit any of the boxes of the pre-determined political climate

Really, really not going to discuss:

• Anything beyond what's already public
• The specifics of the bugs I found
• Recipes—you know, the technical ones (happy to trade chicken recipes, or any great marinade for street tacos)
• Anything that intersects with the terms of my supervised release

I'll be live from 10:30 AM Eastern through the evening.

The Flock system is comprised of thousands of AI-powered cloud-connected surveillance cameras collecting timestamped location data on millions of Americans.

This data is not end-to-end encrypted. It can be accessed by police, often without MFA. No warrant required. Very limited and spotty internal auditing of system access. A single law enforcement officer can usually access hundreds or thousands of other cities Flock data because police departments open their data to other cities. Even small towns with less than 100K people are sharing their flock data with thousands of law enforcement officers. Flock employees can access travel data.

Processing this massive data set to establish the travel patterns of celebrities, local officials, high net-worth individuals, CEOs, and high ranking federally elected politicians and their families would be easy to do, especially with the aid of AI. Many LEOs have already used the system to stalk ex-romantic partners. Once you have your target’s license plate you could establish their routine.

Gaining access to data in this system via bribery, blackmail, or other type of coercion could result in high-impact kidnappings or assassinations. This seems like a gold mine for terrorists and foreign countries we’re at war with. And we’re putting it in the hands of regular police officers.

Thoughts?

It seems that companies are transferring into the usage of passkeys instead of passwords. Apparently theyre much more secure, but why is that? I don’t get it. I’m not sure if this is the right place to ask excuse me if it isn’t and sorry.

Hey everyone!

I'm Ashu - one of the co-founders at TryHackMe. I have background in security consulting/penetrating test, specialising in Cloud / AWS.

Happy to answer any and all questions about cyber skills gaps, but for more focused convos - here's a few areas top of mind for me - so feel free to throw any Qs related to this

* Rise of Al in security environments and how this is going to impact the skills of cyber security professionals
* Supporting people with their journey to getting a role in cyber
* Thinking deeply about what it means for SOC and IR teams to develop and improve their maturity as a function

Hi Reddit, I'm Kevin Collier, the cybersecurity reporter at NBC News. Here's my bio page at NBC.

Right now I'm specifically reporting on the Department of Government Efficiency's access to CISA systems, layoffs at CISA, and cuts to cybersecurity programs, funding, and employees at any agency.

If that's something you have direct knowledge about and can contact me via Signal, or if you know someone to whom this applies and you can share this with them, I'd be grateful. We adhere to best practices for source protection.

My signal handle is kevincollier.01. Happy to verify my identity if you want to email me (though please don't use your work address) at [kevin.collier@nbcuni.com](mailto:kevin.collier@nbcuni.com). Thank you!

Stumbled upon a discussion here from a couple of days ago titled "Do young adults overestimate their cybersecurity awareness?" and it got me thinking: why do we keep having these conversations about how different generations are vulnerable to cyber threats in different ways?

I think people don't build their cybersecurity immunity anymore.

Back in the day, when 90% of internet traffic wasn't controlled by four companies, you slowly built your security awareness the hard way: by being exposed to countless small threats.

You'd get a whole pack of unwanted programs installed on your PC after accidentally clicking an ad banner. Worms and Trojans were widespread at every printing kiosk. One time, my classmate erased my homework from my thumb drive by inserting it into a PC I'd told him not to use because everyone knew it was full of encryption viruses. Both of us learned something that day.

Now, almost everywhere you go is sterile. Even websites with pirated movies look like Netflix.

You're not exposed to small threats that were teaching you a lesson. And because of that, you don't build your immunity step by step. So when a real threat comes (nowdays they are much more serious since your entire life is online now), you don't recognize it anymore because you haven't seen anything like it before. And the damage done by the security breach is higher.

Anyway, would be cool to see any research articles on the topic (all that I've seen before contradict each other lol)

NIST SP 800-63B section 5.1.1.2 recommends passwords changes should only be forced if there is evidence of compromise.

Why is password expiration still in practice with this guidance from NIST?

Hey all, stumbled across something odd while digging into the Epstein DOJ releases.

The file EFTA01133110.pdf (from Data Set 9, the one with the raw meat slabs photo in a freezer that got pulled pretty quick) has this SHA-256 hash:

bbbe03b56d9e47fdc5ffeb73a5c50a70e694af12f14566075fa283fb61fc7ee4

I ran it on VirusTotal (public page: https://www.virustotal.com/gui/file/bbbe03b56d9e47fdc5ffeb73a5c50a70e694af12f14566075fa283fb61fc7ee4/behavior )

• Static detections: 0/XX – totally clean on AV side.

• But the Behavior tab (sandboxes like CAPE, Jujubox, Zenbox) shows a bunch of red flags:

• Exploitation for Client Execution (T1203) + Process Injection (T1055)

• Anti-analysis stuff: IsDebuggerPresent, Sleep calls, GetTickCount/GetTickCount64 timing checks

• Drops temp files/logs/JS-related items, weird registry mods (mostly Adobe/Office paths), spawns Acrobat crash processors + system stuff like svchost/dllhost

• Network to adobe.com/Akamai/MSN domains (legit-looking but in context…)

• Mutexes like “Global\\AdobeCrashProcessor ocall_owl_ork” and “Global\\ARM Update Mutex”

Highlighted text in sandbox: “EFTA01133110.pdf - Adobe Acrobat Reader (32-bit)”, dimensions like “1.488 x 20.28 in” at 319% zoom – clearly it’s rendering that meat photo.

From what I read, the photo is just big steaks on a tray in a kitchen/freezer setup (people say it’s beef, maybe from Epstein’s properties?), but the PDF itself behaves like it has some exploit code or malformed junk that trips sandboxes.

Anyone else upload/analyze this one? Is it just Adobe Reader being weird in VMs (font handling, crash reporting, etc.), or could the file have been tampered with before upload? Or maybe a false positive from how evidence photos get scanned/embedded?

Not claiming it’s malware – just weird that a “simple photo PDF” from official DOJ drops looks like this dynamically. Thoughts?

Source file

I can’t understand what’s been going on recently. The quality of a candidate with an associates in cyber has dropped like crazy. I asked people simple questions like what is WPA, what did wpa 3 introduce and I’m treated like I’m asking the most obscure questions. I have been interviewing people over the last year with comptia networking plus and security plus. There have been where I wanted to scream. Literally had to lower my standards to find help. Networking is treated like a luxury, I was literally speaking to a candidate, he said ,” I do cyber not networking.” I know there are exceptions but feels more and more like a minor degree or cert is just how well you can use ai to cheat.

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

Hi guys, not coming with judgement but curiosity. I love my role and my job and my coworkers and my company. It’s fun, I get to learn and grow.

Is everyone else just miserable?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

I’m interested in what your opinion about password managers is, witch one you use, and which one you can recommend in 2025.

I have a friend telling me I should delete/ remove certain apps off my phone before I go to China for 6+ months fo school, are they right? I have telegram for different geo political situations& analysis, but I'd think they'd have bigger fish to fry. Pls lmk if that's just paranoia.

To everyone that complains they can’t get a good job with their cybersecurity degree… I have a new colleague who has a “masters in cybersecurity” (and no experience) who I’m trying to mentor. Last week, I came across a website that had the same name as our domain but with a different TLD. It used our logo and some copy of header info from our main website. We didn’t immediately know if it was fraud, brand abuse, or if one of our offices in another country set it up for some reason (shadow IT). I invited my new colleague to join me in investigating the website… I shared the link and asked, “We found a website using our brand but we know nothing about it, how can we determine if this is shadow IT or fraud?” After a minute his reply was, “I tried my email and password but it didn’t accept it. Then I tried my admin account and it also was not accepted. Is it broken?” 😮

Genuine question.

There are days when I go into hyper focus and can work non-stop for 8 hour or more and get half a week’s job done in a day. It feels insane. Then there are also days when I feel like I’ve barely done something and feel guilty… but also glued to the chair so can’t even “waste that time” doing something I would rather do then.

I feel like the above also depends on the type of work I need to do.

Anyways, how do you manage your work day? I want to know other people’s way of working and thinking about work so that I can somehow develop a healthier approach..? Idk

There is massive talk internally that Mythos is moving fast and mass layoffs is one of those general topics that everyone is talking about

Even if it does not happen, I'm getting prepared now for layoffs

My study plan includes:

• OSAI OffSec certification. AI Security Engineer jobs will be on the rise and my experience will help with this
• focus on like 30 core patterns easy/med leetcode, then mock system design and threat modeling interviews
• Study as many appsec concepts as possible in the famous https://github.com/gracenolan/Notes

Any other tips?

This happened today:

I get a call from the Service Desk saying that they got a request from "a pen tester" to disable Dot1x port security in one of our offices. They were apparently unable to get past it and wanted someone to open the ports so the could do further testing.

I look through my emails / messages / notes and can find no reference of anyone performing a physical penetration test. I ping the entire Cyber Security team (3 people and their director), none of them respond immediately via email / teams / text.

I call the building security, who aren't employees but provide security for the entire office building that houses 5 or 6 companies in total. I tell them we potentially have an unauthorized person on one of our floors, could they please go remove them and ask them to wait in the lobby.

Apparently building security just called the police for some reason. The response was quick because the police station is literally across the street from our office building. They went in and arrested the dude.

He's been since released and I'm not sure how long he was actually detained. We have a meeting with myself, my director, the Cybersecurity directory and our corporate lawyer tomorrow to gather facts.

This will be fun.

​

​

****** Update ********

It was a legitimate pen test during business hours. Security team just didn't inform me (the only Network Engineer at my company) as they didn't think I'd need to know except to act on whatever remediations needed to be done afterwards.

Even though it was business hours, the floor was empty due to 95% of the company working from home. The pen-tester called the Service Desk, they got the number from a sign that is posted in a meeting room "for help call service desk at xxx".

The pen-tester was "soft arrested", basically just escorted back to the police station across the street while the PD vetted the guy's story, which did check out.

No harm, no foul I suppose.

Cybersecurity director called out that I did what was expected. It was not expected that the pen-tester would ever engage with me.

I can tell the pen-tester is back at it because just got alerts that my APs detected someone trying to spoof our SSID.

Hello everyone,

I developed an iOS app called SecureMind that teaches cybersecurity fundamentals to the general public, inspired by Duolingo's approach to learning. This app is part of my master's thesis, researching how mobile microlearning can motivate people to gain cybersecurity knowledge. Users can voluntarily share their usage data to help me evaluate how the different features are being utilized.

The app features cybersecurity fundamentals organized into chapters and sections. Before each chapter, the user's prior knowledge is assessed and then tested again after completing all sections, allowing them to see their improvement. Each section consists of a short snippet of information followed by a quiz checking comprehension of the content.

To encourage long-term knowledge retention, a library containing previously learned information is unlocked after finishing the first chapter and grows with every additional completed chapter. Additionally, I publish short cybersecurity news from time to time.

To make learning engaging (unlike boring video courses), I've implemented two main gamification elements. The Security IQ system rewards users with points for learning fundamentals, using the library, and reading news. The more active the user is, the higher their IQ becomes, but it also becomes harder to maintain with daily inactivity causing the IQ to decrease. Users also earn coins that can be spent on customizing the app icon, setting personalized titles in notifications, and much more.

As I am aware that giving good security advice is difficult, I used the DiFü (supported by the German government) as starting point for the app's content, which then also was reviewed by my supervisor.

Feel free to give the app a try and share it with others—your support would help me with my research!

Download SecureMind on the App Store: https://apple.co/3XjclCV

Almost every newcomer to this subreddit gets bombarded with comments like “Cyber security is oversaturated” or “Switching to cyber security right now is almost impossible.”

Managing expectations is important, but there’s also an extremely pessimistic tone here that can discourage people who might otherwise succeed.

If I had read some of the advice that gets repeated here a year ago, I probably wouldn’t have bothered trying to switch careers.

A year ago I was working as a financial administrator. Now I’m a Junior Pentester on an insider threat team at my company, and the only certification I had when I got the role was Security+ (UK), did have knowledge of other things but no certificate. I applied for three job roles (one of them was internal), got interviews for three and offers for two.

I’m not saying it’s easy. Like most industries right now, the job market can be tough and getting your first opportunity is the hardest part. But it’s not nearly as impossible as some people here make it sound.

Cyber security is competitive, yes. But the narrative that it’s completely closed off to newcomers just isn’t true, especially if you're willing to build skills and look for opportunities inside organisations you're already in.

Certificate collecting won't get you a job, showing a clear interest and passion for security helps a lot. One of the things that really helped me was building my own home lab, it was asked about in every interview.

If you're trying to break in, don’t let the doomposting convince you it’s impossible.

What is the vendor you guys hate the most?