Daniel Cuthbert @dcuthbert Twitter profile

Last Seen Profiles

@govochto

@kakinoyu303

@EndymionYT

@WilburSoot

@CarlsbadPolice

@mereohirosuke

@dgn_893x

@cinnamoryeol

@AHMEDMo00198638

@kanazawa_itaya

@torki0769569562

@RateGain

@marihallal

@Guilhermem42513

@nusaiblah

@sianstartop

@stakenuts

@Miyadzumi

@Fernand79755997

@Roberto56741338

@pilihalliwell

@CleoBabyyy98

@wonpilimoonie

@Crain1Art

@coc_space

@OSStheeBOSS

@RealMotionPicks

@crazedhousewife

@Lamia_a70

@GroupGraves

@ShakiraKingdom

@therebeccasun

@JeanMcleoud

@SL78552537

@Lwigginton5

@_Su_ceren

Daniel Cuthbert

@dcuthbert

4 months

The mob ain’t got nothing on the printer cartels

25

442

4K

Daniel Cuthbert

@dcuthbert

3 years

Some journalists wait an entire career just to get a headline as good as this

9

424

2K

Daniel Cuthbert

@dcuthbert

2 years

To this day, the most frustrating and stupidest thing mobile device manufactures have done is remove this from their devices to push inferior Bluetooth headphones

129

190

2K

Daniel Cuthbert

@dcuthbert

5 months

In 1999, a chap called Chris Sawyer wrote a wild game using nothing but Assembly language. The game, Rollercoaster Tycoon was super addictive, but 99% of the code in assembly? That’s pretty hardcore right?

60

161

2K

Daniel Cuthbert

@dcuthbert

2 years

If you’ve used @letsencrypt to make use of trivially easy free and open certificate authorities, then you owe a huge amount of gratitude to Peter Eckersley who sadly just left us. Thank you Peter and RIP

9

434

2K

Daniel Cuthbert

@dcuthbert

3 years

There isn't a cybersecurity/IT skills shortage. There is a shortage of modern interview skills. We rely too much on outdated whiteboard tests, questions to trick candidates, unnecessary pressure, and lengthy processes.

75

320

2K

Daniel Cuthbert

@dcuthbert

7 months

Bugs happen but it's rare you see a bug that grabs you so hard and makes you nod like a little dog.. CVE-2023-44487 did that for me good god what a bug and here's why

18

276

2K

Daniel Cuthbert

@dcuthbert

2 years

If 41 lines of code can bypass the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances, then something is very wrong. This is not acceptable @Fortinet

51

388

2K

Daniel Cuthbert

@dcuthbert

4 years

The Sun truly is a despicable rag and recent events have shown how we have to cut off their revenue supply. Many say block the sun, but how? I've mapped out their entire footprint on the web so you can easily import and block it via your hosts file or firewall. #TheScum

55

534

1K

Daniel Cuthbert

@dcuthbert

4 months

A toilet doesn’t need an IP stack A toilet doesn’t need an IP stack A toilet doesn’t need an IP stack A toilet doesn’t need…

Numi 2.0 Dual-Flush Smart Toilet | K-30754-PA | KOHLER

Discover a cleaner clean with the K-30754-PA smart toilet with bidet functionality.

www.kohler.com

109

167

1K

Daniel Cuthbert

@dcuthbert

2 years

Decades of UNIX and Linux use have taught me to love the terminal more than any other app out there. If there's one thing I'd recommend any newcomer learn, it's how to tame the command line.

37

156

1K

Daniel Cuthbert

@dcuthbert

4 years

Slack, used by millions and millions for mission-critical design chats, DevOps, security, mergers, and acquisitions, hell the list is endless. The flaws found by this researcher result in the execution of arbitrary commands on user's computer. The TL;DR is wow

15

487

1K

Daniel Cuthbert

@dcuthbert

5 years

The icebreaker FPGA kit is one I've been waiting for since last year and this is why. This is @esden showing off his amazing creation

27

267

1K

Daniel Cuthbert

@dcuthbert

3 years

NFTs explained

21

269

1K

Daniel Cuthbert

@dcuthbert

5 years

The truth of this hurts so much #Banksy

12

300

1K

Daniel Cuthbert

@dcuthbert

5 years

Ever wondered what lies beneath that cool looking chip on your bank card? What does it do? Why is it there? Well here's a little pointless thread that delves into the magic using my @monzo card as an example

33

402

1K

Daniel Cuthbert

@dcuthbert

3 years

Well that’s an interesting p0c

9

197

1K

Daniel Cuthbert

@dcuthbert

2 years

The nerd in me loves seeing signs that are unhappy

30

93

981

Daniel Cuthbert

@dcuthbert

2 years

A brutally honest depiction of this industry

23

222

975

Daniel Cuthbert

@dcuthbert

1 year

Buckle up kids, dad's gonna show you what a REAL UNIX box looks like... Xmas is gonna be wild in this house I tell you.

108

59

959

Daniel Cuthbert

@dcuthbert

4 years

Something tells me this street is going to be rather popular today.... #Banksy

Barton Hill Academy

@BartonHillAc

4 years

We are delighted for Barton Hill to hear that the beautiful piece of artwork which popped up overnight yesterday has been confirmed as a genuine Banksy! Just up the road from our school🤗A much welcomed addition to the area. #streetart #bristol #Banksy #BartonHill @VenturersTrust

60

777

3K

10

77

919

Daniel Cuthbert

@dcuthbert

4 years

Excel won’t be the same.

33

154

910

Daniel Cuthbert

@dcuthbert

12 days

Teams, i cant be the only one saying this but WTAF???

77

24

871

Daniel Cuthbert

@dcuthbert

5 years

hey @1Password & @LastPass here's an idea: I will give you extra money, on top of the money I give you every month, to use a U2F/FIDO token to access my password manager instead of a master password. I'm sure im not alone here.

64

170

852

Daniel Cuthbert

@dcuthbert

1 year

Lastpast attack chain via home media centre of senior dev. Sssh, can you hear that? That’s the sound of a shitload of threat models being redone.

22

133

842

Daniel Cuthbert

@dcuthbert

4 years

This just blows my mind. From a chip encased in silicon, stripping each layer away until you see the ROM and then using 50x magnification you can see the binary 0 and 1s. @akacastor this is nerd pr0n and a half

15

231

826

Daniel Cuthbert

@dcuthbert

5 years

I've tried to keep this bottled up, but seeing as we've a whole wave of new people to our industry, maybe it's time to help rather than stand silent. 0hday/Zeroday/0-day exploits should be the least of your worry. Adversaries mostly wont be using them*

24

292

818

Daniel Cuthbert

@dcuthbert

3 years

This is worrying NSO Group has a full zero-click zero-day iMessage exploit chain that can install the Pegasus spyware on the latest version of iOS at the time of writing (14.6). Not the first time iOS has struggled with messaging.

12

363

767

Daniel Cuthbert

@dcuthbert

4 years

I've agonised for days over this and chatting to my wife has made me realise it's not good to keep quiet, especially given my personal experience. This will be a long and ugly thread I'm afraid about the exploitation of children by those who should know better.

25

331

749

Daniel Cuthbert

@dcuthbert

7 years

I lol’d

12

416

713

Daniel Cuthbert

@dcuthbert

1 year

3 years ago I replaced my wifes MacBook with a Pixelbook. It was mostly done for security reasons, for she is the CFO and controls all. Was the best damn decision I've ever made, security-wise. She can click shit all day long because @Google have made a bloody good OS

34

68

712

Daniel Cuthbert

@dcuthbert

2 years

I do apologise for the language but just f*** off now with this bullshit. We've had enough of threat intel firms/ambulance chasers telling us how the dark web was the hotbed of all criminality, and now this? GTFO

63

123

640

Daniel Cuthbert

@dcuthbert

3 years

Aaah yes, we've been here before.

35

95

640

Daniel Cuthbert

@dcuthbert

2 years

The kids are gonna be ok. Also very cool to see Mac address randomisation making life hard for all.

20

63

622

Daniel Cuthbert

@dcuthbert

4 years

I just...

52

162

608

Daniel Cuthbert

@dcuthbert

2 years

When you need to access the CANbus but a vendor has installed next-gen AI driven security controls to thwart attacks

24

86

607

Daniel Cuthbert

@dcuthbert

4 years

I was intrigued about how Alexa listened, the potential for false positives and what was recorded. This was done over Xmas and the results leave me with more questions.

18

246

600

Daniel Cuthbert

@dcuthbert

6 years

Laptop on tube. With RSA token on lanyard. With full company ID and name. Numerous stickies on desktop with IP’s and passwords. No matter what new products come out to protect, fixing fundamental human stupidity issues is a killer

42

286

584

Daniel Cuthbert

@dcuthbert

7 months

"and was scanned with the free version of Malwarebytes, which reported no findings" hmmm....

29

59

583

Daniel Cuthbert

@dcuthbert

5 years

One hour spent setting up father in law's devices to use 2fa, password managers and passphrases. My god we don't make this an easy journey at all. If I struggled with the quirks, how can we expect anyone else to be at ease?

36

79

538

Daniel Cuthbert

@dcuthbert

4 years

Ransomware with a heart. Credit where credit due. Thanks @v1ad_o

12

210

514

Daniel Cuthbert

@dcuthbert

2 years

What is very clear to me, at least, from this Conti leak is that we need to seriously stop with Active Directory now. We pretend we know how to do it but the fact is, it continues to be that pig with lipstick on that no one can secure and attackers find so easy to own

33

83

497

Daniel Cuthbert

@dcuthbert

1 year

I guess IBM or a contractor forgot to wipe this Solaris workstation back in 2002. There’s a load of IBM hosts listed from the early days of the web

23

42

498

Daniel Cuthbert

@dcuthbert

4 years

I get angry when people in tech don't know the cloud. IT'S SO EASY right???

31

119

500

Daniel Cuthbert

@dcuthbert

3 years

This isn’t getting enough exposure as it should. What is being proposed is incredibly dangerous and is a direct attack against the free press. The official secrets act has a place but classifying journalists as spies to stem whistleblowing

How a proposed secrecy law would recast journalism as spying | Duncan Campbell and Duncan Campbell

Home Office plans would remove the public interest defence for whistleblowing, say writers Duncan Campbell and Duncan Campbell

www.theguardian.com

23

325

444

Daniel Cuthbert

@dcuthbert

2 years

I know it’s fashionable to hate on Meta at any give chance but respect is due to how they are handling the layoffs.

16

74

463

Daniel Cuthbert

@dcuthbert

3 years

Post a pic YOU took, use no description, and bring some Zen to the timeline.

424

22

450

Daniel Cuthbert

@dcuthbert

7 years

That's it, hacking just went level 11 #BHUSA

13

251

442

Daniel Cuthbert

@dcuthbert

4 years

I have 0 CVEs. I've found many many bugs, but I don't need a CVE to prove anything. If you seemingly think a CVE makes you l337, you need to rethink.

24

65

438

Daniel Cuthbert

@dcuthbert

1 month

As far as supply chain backdoors go, this is Prada level of design and style.

Dominik Penner

@zer0pwn

1 month

wild stuff re: xz/liblzma backdoor

15

413

2K

6

65

440

Daniel Cuthbert

@dcuthbert

4 years

This is not normal... 33% of all home Internet traffic shouldn't be ad/tracking networks.

64

137

432

Daniel Cuthbert

@dcuthbert

9 months

Worst statement ever “To date, we’ve seen no evidence that this vulnerability has been exploited” Stop using it. It means nothing. There is no all-seeing eye that could possibly give you such insights.

55

52

432

Daniel Cuthbert

@dcuthbert

3 years

Finally got my cheatkards and I do like them. Well designed and packaged

19

39

430

Daniel Cuthbert

@dcuthbert

5 years

Whatsapp: Pfft RCE via a missed call, check me out! Microsoft: Whateva!! hold my craft beer, RDP RCE baby! Linux: oh you two are so cute.. RCE <5.0.3 kernel. Hah, keep up A rather ugly day for the web

18

159

424

Daniel Cuthbert

@dcuthbert

5 years

Old security vocabulary: No, can't, control, stop, force, remove, disrupt, destroy, block, denied New security vocabulary: "let me see if i can get it to work securely", "sure, ill help", openness, willingness, embracing change Old security needs to retire.

25

137

417

Daniel Cuthbert

@dcuthbert

3 years

Great feature in android 12: permissions removed if app is unused for a few months.

10

65

389

Daniel Cuthbert

@dcuthbert

6 months

I bet if you are of a certain age, you just made the noise in your head….

55

26

391

Daniel Cuthbert

@dcuthbert

5 years

There is nothing more enjoyable than seeing a pentest happen where testers are part of the sprint test > defect > confirm > JIRA defect > assigned to dev > fix produced/push > sent back to tester > JIRA closed This is how it should be done. No to reports. Reports must die

27

94

387

Daniel Cuthbert

@dcuthbert

5 months

Well take Ghidra, Obsidian and a few other tools and watch as Nathan talks you through how you’d go about RE’ing this classic 90’s game

Reverse Engineering RollerCoaster Tycoon | How does it work?

I reverse engineered the original roller coaster tycoon to see how it does it's rendering💭 All views are my own 💭Tools:🐉 - Ghidra - https://github.com/Nat...

www.youtube.com

3

41

368

Daniel Cuthbert

@dcuthbert

10 months

Beautiful writeup about the recent Linux p0c backdoor that possibly owned a lot of people in the process

2

64

365

Daniel Cuthbert

@dcuthbert

2 years

Watching how Zalensky is leading by example has made me yearn for more modern, younger leaders elsewhere and not shrivelled sacks of custard like we currently have.

19

366

Daniel Cuthbert

@dcuthbert

7 months

My concerns right now around the security industry is that we are seemingly seeing more layoffs, less investment into security teams and yet breaches going harder than ever before. it's a worrying trend, NGL

31

46

359

Daniel Cuthbert

@dcuthbert

4 years

Oh hell no!! They can royally do one. I've got two Masters and they broke me in many ways. There's no way they are the same.

CISSP Qualification Given Cert Status Equivalent to Master’s Degree Level

CISSP designated as comparable to RQF Level 7

www.infosecurity-magazine.com

78

51

348

Daniel Cuthbert

@dcuthbert

4 years

For all that effort, they got awarded $1750 Seventeen Hundred and FIFTY bucks. @SlackHQ firstly the flaws are a rather large concern, I mean validation is hard but come on, then pay properly, please. Because this would be worth much more on

7

47

350

Daniel Cuthbert

@dcuthbert

4 years

Having lived through the first dot-com, the "firewalls will stop it", the "we've a WAF!!", the "do you even next-gen EDR bro?" and now the "AI fixes all", I think this is a bit optimistic

43

38

353

Daniel Cuthbert

@dcuthbert

9 months

The optics here for @arm are not good at all. This is bullying behaviour and given how much Azeria has done to highlight arm security and research, a poor look for arm.

Azeria

@Fox0x01

9 months

Update: my blog is currently blocked due to the C&D. It’ll (hopefully) be back up once this has been resolved and I transferred all my arm related domains to @Arm . Though I am upset about the impatience despite my willingness to cooperate.

63

119

558

9

78

350

Daniel Cuthbert

@dcuthbert

7 years

When you filter the noise, twitter can utterly brilliant sometimes.

3

221

315

Daniel Cuthbert

@dcuthbert

4 years

I requested all the data Apple had one me since the dawn of time, which goes back to 2008 with my original iPhone 1. There is such a vast amount of data here to comb through that this will be fascinating, to me at least. Even the bloody U2 album is listed!

15

72

325

Daniel Cuthbert

@dcuthbert

4 years

It never ceases to amaze me how fellow business people look down upon you for wearing a black t-shirt and jeans and daring to stand in group 1 line. Like a poorly fitted suit jacket and awful brogues maketh the person. So cute

31

10

319

Daniel Cuthbert

@dcuthbert

7 years

<insert profanity here>. How simple minds can be influenced by men and fantasy books from the dark ages

37

133

296

Daniel Cuthbert

@dcuthbert

3 years

The Internet never fails to make me smile. Apple M1 benchmark comes out person decides they need hard facts as they arent convinced Original designer of Ultrasparc V reorder unit responds.

11

54

316

Daniel Cuthbert

@dcuthbert

3 years

3

32

313

Daniel Cuthbert

@dcuthbert

5 years

Hang on a minute @Fortinet I’ve a few questions here about this #Fortinet

17

197

305

Daniel Cuthbert

@dcuthbert

4 years

Oh good. Shit we had backdoors but hey OOPS we removed them it's all ok.

8

144

301

Daniel Cuthbert

@dcuthbert

2 years

One wonders why so many extremists use the car to create their content? Has their family had enough?

PatriotTakes 🇺🇸

@patriottakes

2 years

Anti-mask activist claims M&M’s packaging is “blasphemy” and is an attempt to “lead you down the road to Hell.”

1K

185

1K

43

28

280

Daniel Cuthbert

@dcuthbert

5 years

Unpopular opinion: you will not buy you way into being secure. No matter what any vendor says or promises, throwing money at a solution rarely gives the results you think. Invest in people. Invest in engineering and build build build.

26

87

292

Daniel Cuthbert

@dcuthbert

9 months

After spending 8 hours reverse engineering Javascript, I've come to the conclusion that it is indeed the work of the devil and those who use it and enjoy it are somewhat special and disturbed

18

31

289

Daniel Cuthbert

@dcuthbert

7 years

Friend gave us a phenomenal ATM skimmer found in Old Street. We are now tearing apart and looking at structure #atmfraud

16

146

272

Daniel Cuthbert

@dcuthbert

4 years

Infosec: our redteam will use multi-stage payloads with TLS 1.3 and heavy obsfucafion to steal the cash using anonymous relays all over. Criminals: shut it nerd, crowbar and Vinny Thanks @lisetteguittard

How to Steal A.T.M.s: Two Guys, a Crowbar and ‘Brute Force’ (Published 2019)

A crew of thieves struck at least nine times in the last three months, netting about $39,000 in ill-gotten gains.

www.nytimes.com

14

100

275

Daniel Cuthbert

@dcuthbert

5 years

I’m a solid maltego fan, for obvious reasons, but competitor is good and ⁦⁦ @pdp ⁩ is smashing it with his sec apps suite. This looks amazing #paint

6

85

276

Daniel Cuthbert

@dcuthbert

3 years

As a father and a hacker, I’m doing all I can to disrupt and destroy tracking techniques used by all to collect data on us as a family. We need stronger protection for all, not just our kids. Online marketing needs controlling

Dr Sandro Demaio

@SandroDemaio

3 years

🚨 A shocking ~72 MILLION digital data points will be collected by companies on each child by the age of 13. 🚨 This can be sold to marketers who can target and attract each child. 👉 We need stronger national protections for kids. Full report: #auspol

3

43

103

17

71

270

Daniel Cuthbert

@dcuthbert

3 years

Decades of networking experience and I'm still using a cheatsheet for tcpdump and nmap

27

15

271

Daniel Cuthbert

@dcuthbert

2 years

Still blows me away today. Birds aren't real but I wonder if the global chip shortage has impacted them too? #birdsarentreal

25

28

263

Daniel Cuthbert

@dcuthbert

5 years

Impressive @twitter . Generating a phrases-based password when a user creates a new account. Well done!

12

64

259

Daniel Cuthbert

@dcuthbert

2 years

7 days solid of log4j and I've decided a break is needed..as such watching a show about Maine people restoring cabins in Maine. Tech sucks, I'm moving to Maine to live in a cabin.

27

8

262

Daniel Cuthbert

@dcuthbert

4 years

Spare a thought for your IT/Network admins desperately trying to make remote working work using clunky VPN tech from the 90s. If only we all embraced new ways of working sooner, and not forcing people to use on-prem/physical networking #remoteworking

15

44

262

Daniel Cuthbert

@dcuthbert

2 years

Evolution of the web.

10

55

259

Daniel Cuthbert

@dcuthbert

6 months

I too am over the "dont use public wifi" brigade. Often the advice is from tests done over a decade so, so it's good to see someone actually testing what modern devices behave like when interception is happening.

mRr3b00t

@UK_Daniel_Card

6 months

Can anyone tell me why the public WiFi with an attacker in it is unsafe? I can read all the targets traffic metadata but I can’t read their traffic. Anybody? The ASD say it’s not safe but I’m not really sure why….. If you can show me an attack that will do something let me…

169

42

426

29

32

259

Daniel Cuthbert

@dcuthbert

3 years

Count Binface’s manifesto is actually pretty good. Ceefax was amazing

16

52

254

Daniel Cuthbert

@dcuthbert

3 years

Good god this is nothing short of perfection.

19

12

257

Daniel Cuthbert

@dcuthbert

11 months

An interesting new feature found in @Apple ’s latest privacy and security report is that of Link Tracking Protection and I’ve not stopped thinking about this

5

47

252

Daniel Cuthbert

@dcuthbert

2 years

Everyone right now.

8

53

254

Daniel Cuthbert

@dcuthbert

5 years

Dad reflexes: it’s a thing

6

40

254

Daniel Cuthbert

@dcuthbert

1 year

Good god I forgotten how seductive the Sun keyboard was to use

27

18

244

Daniel Cuthbert

@dcuthbert

9 months

Heading to vegas with no burner phones, no burner laptops, no shitty VPNs. I'll be using the wifi too

39

4

243

Daniel Cuthbert

@dcuthbert

6 months

Exfil via DNS isn’t new but I do respect what @TheContractorio & @DeathsPirate have found here with regards to subtle new ways to move data out of networks

Data-bouncing

Data-Bouncing - The art of indirect exfiltration. Using & Abusing Trusted Domains as a 2nd Order Transport.

thecontractor.io

4

79

239

Daniel Cuthbert

@dcuthbert

4 years

Reunited again with my first love. Thanks plakkers

28

9

235

Daniel Cuthbert

@dcuthbert

3 years

The audacity and balls needed for this and the data they got. My god, this is one hell of an attack

Tadeusz Giczan

@TadeuszGiczan

3 years

A short thread about what is perhaps the most successful cyber attack in the history of any nation state conducted by a group called “Belarusian Cyber-partisans”. Last month they hacked the servers of Belarusian police and the Interior Ministry. 1/6

133

3K

7K

12

43

230

Daniel Cuthbert

@dcuthbert

11 months

“Come with me if you want to live” Please. Make this happen

47

16

228

Daniel Cuthbert

@dcuthbert

5 years

For most of us, it's about taking care of IT hygiene. Know what you've got under your control, plan and implement a solid patching routine as quickly as possible and use telemetry. Save the millions for hiring good people, not tech!

7

42

229