metlstorm's Avatar

metlstorm

@metlstorm.risky.biz

Unix berserker, retired hacker-con organiser (Kiwicon!) and now technology-editor-slash-sysadmin-janitor at Risky.biz. Was @metlstorm on Twitter, am metlstorm@infosec.exchange on Masto.

1,515
Followers 74
Following 36
Posts 20.11.2024
Joined
Posts Following

Latest posts by metlstorm @metlstorm.risky.biz

Post image

With my book launching in the US + Canada I joined @patrick.risky.biz & @metlstorm.risky.biz on the RiskyBiz pod. I've listened to these guys for 8yrs so it was an honour to chat through cyber news and explain why I decided to write a book about teenage hackers and the Vastaamo case. risky.biz

22.01.2026 09:46 πŸ‘ 11 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0

dont give the slash-fic writers ideas, mang 🀦

23.11.2025 23:19 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

It’s true for those that _do_ office with him too 🫣

11.11.2025 21:45 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Curating the list after I solicited for additions;

* 802.11 WEP
* NSA md5 hash colliding windows updates
* admiral yamamoto in ww2 as well
* everyone who copies and pastes CBC mode (or ecb, lol) code off stack overflow

08.11.2025 19:38 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

I am mad about @jags.bsky.social 's cat on the pod. Why does't Riskybiz have a pod-kitty?! 😾

03.11.2025 21:24 πŸ‘ 9 πŸ” 1 πŸ’¬ 4 πŸ“Œ 0

🀦 of course it is.

I feel sorry for the masto devs, having poured your energy into working on open source and then seeing it get used to build... _that_.

16.10.2025 19:45 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

I try not to be too resistant to change for no reason old-man-yells-at-cloud.gif*, but it really just gives big Windows Media Player for XP energy, and its gonna age about as well as that i fear.

*i mean, I use systemd! instead of just sulking about init.d and pining for rc.local

01.10.2025 04:02 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

when we met him IRL at our first RB company get-together i think we were all expecting 3 infosec racoons in a trenchcoat, but he is in fact but one man after all!

I posted this quality meme back in 2021 when he was still at The Record; he was like 80% of our input for RB main show

01.10.2025 03:47 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Lol its been a whlie since I last hit the "please write your card name, number, expiry and cvv in this pdf and email it back" ecommerce checkout flow. Such PCI! Very DSS. 🀦

Paging a QSA and an acquiring bank, cleanup aisle my card data

12.09.2025 07:20 πŸ‘ 10 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

MAGA be like...

20.08.2025 02:54 πŸ‘ 39 πŸ” 5 πŸ’¬ 2 πŸ“Œ 1
Post image
31.07.2025 18:21 πŸ‘ 93 πŸ” 18 πŸ’¬ 9 πŸ“Œ 2

Well, yeah. We're going to let our "kernel bug" description of Crowdstrike's mass murder of Windows systems stand

04.07.2025 01:23 πŸ‘ 16 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Maybe we should stagger newsletter releases in ringed deployments so we can catch these egregious errors... you know, like they should have done with their shitty content update that wiped out 8.5m boxes!

04.07.2025 00:52 πŸ‘ 49 πŸ” 1 πŸ’¬ 3 πŸ“Œ 0

A Crowdstrike PR exec has written to us (twice) to demand we change some phrasing in one of our newsletters. We said a bug in their kernel driver caused their meltdown when it was actually a bad update file that caused a kernel panic. Huge mistake!

04.07.2025 00:51 πŸ‘ 26 πŸ” 1 πŸ’¬ 5 πŸ“Œ 0

well you sure won the day with yama ptrace ha ha, took my toys away :D good times good times

21.06.2025 07:33 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a cartoon panda bear is holding a notebook and a pencil . Alt: a cartoon panda bear is holding a notebook and a pencil .

It is that time! Call for Participation (CFP) time!

Got a talk in mind? Done some cool research? Want to do something for hallway con? Want to be able to summon sparkle pots on cue?

Submit to our CFP! Closes eventually, so just get your submission in now! kawaiicon.org/cfp/

19.06.2025 02:03 πŸ‘ 13 πŸ” 8 πŸ’¬ 0 πŸ“Œ 1

yeah its a fun cat'n'mouse game, for sure. I take at least partial responsibility for the existence of yama/ptrace_scope, after @damienmiller.bsky.social and @keescook.bsky.social got sick of my bullshit 🀣😘

13.06.2025 00:56 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Cool! I love me some unix-tricks root-kittery!

I did a con talk once about non-root root-kits. Used SCTP/DCCP as you do for sockets, process hollowing/thread-injection for code, and inotify-racing to hide files (by detecting incoming traversal, opening an fd, unlinking, and linking it back after)

13.06.2025 00:26 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Its true, they could be so much more efficient at getting things owned if they'd just `curl | sh`

13.06.2025 00:08 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
a close up of a man 's face with a beard and mustache . ALT: a close up of a man 's face with a beard and mustache .

why did we ever do _hard_ hacking

12.06.2025 00:31 πŸ‘ 8 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Omg, how is the webdav CVE-2025-33053 so dumb?! You make a .url shortcut file to run a local binary, with working-dir set to a webdav path, and if the binary happens to fork out to another bin without an absolute path, cwd is first in the search path... oh no? Is it.. is the bug really that stupid?!

12.06.2025 00:28 πŸ‘ 21 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0
Preview
a man with long hair and a beard is wearing a blue tank top . ALT: a man with long hair and a beard is wearing a blue tank top .
06.05.2025 01:09 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
01.05.2025 22:10 πŸ‘ 59 πŸ” 14 πŸ’¬ 3 πŸ“Œ 1
Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape
Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape YouTube video by Risky Business Media

The most recent episode of Wide World of Cyber w @thekrebscycle.bsky.social and @stamos.org is back in our podcast feed... it was offline for a week(ish) due to the recent unpleasantness

So yeah, it's back. If you missed it, here it is

VIDEO: www.youtube.com/watch?v=JPYt...
AUDIO: risky.biz/WWC8/

21.04.2025 23:21 πŸ‘ 30 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0

I have cancelled our planned trip to the RSA Conference in San Francisco later this month. @metlstorm.risky.biz and I were headed over to record some live shows and see everyone. Unfortunately I have received advice that crossing the border into the United States right now would be a bad idea.

11.04.2025 00:33 πŸ‘ 157 πŸ” 30 πŸ’¬ 16 πŸ“Œ 6

I've pulled down the most recent episode of Wide World of Cyber with Chris Krebs and Alex Stamos at the request of their employer SentinelOne, the sponsor of the series. I will say more about this in next week's Risky Business, but I want to make one thing clear: SentinelOne is not the bad guy here

10.04.2025 23:45 πŸ‘ 74 πŸ” 7 πŸ’¬ 7 πŸ“Œ 2
Preview
CVE-2025-22457 | AttackerKB On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…

@metlstorm.risky.biz @patrick.risky.biz looks like rapid7 found a nice exploit strategy for that Ivanti BOF you discussed in the recent ep:

attackerkb.com/topics/0ybGQ...

10.04.2025 18:29 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Blasting Past Webp An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued Β an out-...

If you've ever run into your ios exploit dev mate at the pub after work and they seem a lil crazy-eyed, you can kinda see why:

googleprojectzero.blogspot.com/2025/03/blas...

26.03.2025 21:11 πŸ‘ 10 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

This is real handy to have in the pocket when some family/acquaintance asks about a service or platform you yourself don't use. "Just click about and see if anyone has logged in as you" makes sense to us nerds, but for normies, this is helpful as! Thanks Lorenzo!

26.03.2025 04:24 πŸ‘ 16 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

Yeah, at least it wasn't TELEGRAM:

Totally
Encrypted
Lol
Everything
Gets
Recorded
At
Moscow

(we're here all week, try the fish)

24.03.2025 21:07 πŸ‘ 17 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0