banner
LightNews
fre.bsky.social
Frenchie
@fre.bsky.social
540 followers 260 following 45 posts
InfoSec geek for Cloud/Clusters/Containers/Credentials/CI/CD/things-starting-with-C working on something new… Honk the planet. Twitter: @nfFrenchie
Posts Media Videos Starter Packs
Reposted by Frenchie
filippo.abyssdomain.expert
Filippo Valsorda @filippo.abyssdomain.expert · 4d
To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.

Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.

words.filippo.io/compromise-s...
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.
words.filippo.io
2 16 47
fre.bsky.social
Frenchie @fre.bsky.social · 1d
> Long-lived credential exfiltration

OpenSSF's Trusted Publishing is a partial solution here. repos.openssf.org/trusted-publ...

i.e. NPM recommends disabling long-lived credential publishing once Trusted Publishing is activated
docs.npmjs.com/trusted-publ...
Trusted publishing for npm packages | npm Docs
Documentation for the npm registry, website, and command-line interface
docs.npmjs.com
fre.bsky.social
Frenchie @fre.bsky.social · 20d
Special 40th edition of @phrack.org at @bsidescbr.bsky.social #bsidesCBR
2 3 18
fre.bsky.social
Frenchie @fre.bsky.social · Jun 7
$9!! That’s an expensive visit 😝
fre.bsky.social
Frenchie @fre.bsky.social · Dec 3
a man in a suit and tie is talking to someone and saying hey .
ALT: a man in a suit and tie is talking to someone and saying hey .
media.tenor.com
5
fre.bsky.social
Frenchie @fre.bsky.social · Nov 28
Blank Stare Sad GIF
ALT: Blank Stare Sad GIF
media.tenor.com
fre.bsky.social
Frenchie @fre.bsky.social · Nov 28
a man is swimming in a pool with the words `` welcome to the party , pal '' written on it .
ALT: a man is swimming in a pool with the words `` welcome to the party , pal '' written on it .
media.tenor.com
2
Reposted by Frenchie
synick.bsky.social
Lukasz Gogolkiewicz @synick.bsky.social · Nov 28
For those in Melbourne, Ruxmon is on tomorrow:

www.meetup.com/ruxmon/event...
Ruxmon November, Fri, Nov 29, 2024, 6:00 PM | Meetup
Author: Danielle Rosenfeld-Lovell Title: Unraveling GraphQL Abstract Did you know that not all APIs are RESTful? Me neither at some point in the relatively recent past! Th
www.meetup.com
1 3
fre.bsky.social
Frenchie @fre.bsky.social · Nov 28
a drawing of a person playing drums with the words `` ba dum tsss '' .
ALT: a drawing of a person playing drums with the words `` ba dum tsss '' .
media.tenor.com
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 28
Excuse me. How have I missed the grimace-posting?!
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
@berduck.deepfates.com
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
_
<(o )___
( ._> /
`----'
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
Genuinely quite cool: github.com/threatcl/thr... + LLM to automatically generate threat models as code @xntrik.wtf
1 2
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
I know right!! Also, only 10% of the audience was permanently blinded by the lasers. Big improvement from last year!
2
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
A+ Dad Joke game:

“It’s only officially called Formal Threat Modelling if you’re wearing a tuxedo” - the Tao of @xntrik.wtf
1 1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
When the vuvuzela harmonies joined in… truly sublime. Brought a tear to my eye
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
Back due to popular demand! For those that missed yesterday’s talk… bsky.app/profile/fre....
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
@xntrik.wtf on stage once again for an interpretive dance/drum solo encore!

You need an updated profile pic however mate…
Xntrik on stage at CyberCon
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
@xntrik.wtf on stage once again for an interpretive dance/drum solo encore!

You need an updated profile pic however mate…
Xntrik on stage at CyberCon
3 1 3
fre.bsky.social
Frenchie @fre.bsky.social · Nov 27
Will there be an encore to the drum solo?
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 26
Truly inspirational drum solo mate, thank you

bsky.app/profile/fre....
fre.bsky.social
Frenchie @fre.bsky.social · Nov 26
Front row seats for @xntrik.wtf’s CyberCon Keynote!

It was a pleasure to hear about his long & illustrious career.

The 17-minute avant-garde- jazz drum solo certainly was… certainly unique!
Xntrik on stage
1 1 1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 26
I’m still wrapping my head around his metaphor of:

“Extra extra small spandex bike shorts: 3 lessons this taught me about B2B sales & post-breach incident response at a large professional social media tech company”
3
fre.bsky.social
Frenchie @fre.bsky.social · Nov 26
Front row seats for @xntrik.wtf’s CyberCon Keynote!

It was a pleasure to hear about his long & illustrious career.

The 17-minute avant-garde- jazz drum solo certainly was… certainly unique!
Xntrik on stage
3 1 14
Reposted by Frenchie
mccune.org.uk
Rory McCune @mccune.org.uk · Nov 25
Very handy tool I came across today github.com/mike-engel/j... from @mike-engel.com , useful for viewing k8s service account tokens!
Screenshot of decoding a Kubernetes service account token using the jwt utility described in the skeet.
3 8 24
fre.bsky.social
Frenchie @fre.bsky.social · Nov 23
a man in a suit and tie is screaming with his mouth open and the words `` loud noises '' written on his face .
ALT: a man in a suit and tie is screaming with his mouth open and the words `` loud noises '' written on his face .
media.tenor.com
1
fre.bsky.social
Frenchie @fre.bsky.social · Nov 14
a dog on a leash with the words i 'm a little excited
ALT: a dog on a leash with the words i 'm a little excited
media.tenor.com
1 2