Joshua Wright
@joswr1ght.bsky.social
Professional hacker, accidental educator. Rhode Island is not an island.
That’s me! 🙌
Check out @joswr1ght.bsky.social 's talk, "Hackventure: Having Fun With IDOR Attacks," from Wild West Hackin' Fest @ Mile High 2025! www.youtube.com/watch?v=hzrh...
Grab your tickets for Wild West Hackin' Fest - Deadwood 2025! --> wildwesthackinfest.com/wild-west-ha...
Grab your tickets for Wild West Hackin' Fest - Deadwood 2025! --> wildwesthackinfest.com/wild-west-ha...
Hackventure: Having Fun With IDOR Attacks | Joshua Wright
YouTube video by Wild West Hackin' Fest
www.youtube.com
March 16, 2025 at 11:52 AM
That’s me! 🙌
On Thursday I presented at Way West Hackin’ Fest in Denver to a group of friends, colleagues, and my son! I appreciate this community of people who come together to learn, to be supportive, and to have fun! (Slides and hopefully video shared soon.) Thank you #wwhf!
February 8, 2025 at 1:46 PM
On Thursday I presented at Way West Hackin’ Fest in Denver to a group of friends, colleagues, and my son! I appreciate this community of people who come together to learn, to be supportive, and to have fun! (Slides and hopefully video shared soon.) Thank you #wwhf!
I have a friend who became blind in her 50s almost overnight. Helping her with using computers has helped me understand the need for better accessibility in a way that I never understood before.
We can all do better in making technology more accessible. Please do.
bees.substack.com/p/making-hac...
We can all do better in making technology more accessible. Please do.
bees.substack.com/p/making-hac...
Making Hacking Accessible
The guide on how to make hacking accessible
bees.substack.com
February 1, 2025 at 4:33 PM
I have a friend who became blind in her 50s almost overnight. Helping her with using computers has helped me understand the need for better accessibility in a way that I never understood before.
We can all do better in making technology more accessible. Please do.
bees.substack.com/p/making-hac...
We can all do better in making technology more accessible. Please do.
bees.substack.com/p/making-hac...
This video from Dave Plummer really helped me understand the implications and methods behind DeepSeek. Worth a listen! youtu.be/r3TpcHebtxM?...
Deepseek R1 Explained by a Retired Microsoft Engineer
YouTube video by Dave's Garage
youtu.be
January 28, 2025 at 6:49 PM
This video from Dave Plummer really helped me understand the implications and methods behind DeepSeek. Worth a listen! youtu.be/r3TpcHebtxM?...
Today I realized I’m the person people at work turn to when they have Git questions or problems.
Me.
How did we fall so far? 😬
Me.
How did we fall so far? 😬
January 10, 2025 at 6:04 PM
Today I realized I’m the person people at work turn to when they have Git questions or problems.
Me.
How did we fall so far? 😬
Me.
How did we fall so far? 😬
Happy birthday to the unusual number of my cybersecurity friends who all have January 1st birthdays on Facebook! 🧐🧐🧐
January 2, 2025 at 1:47 PM
Happy birthday to the unusual number of my cybersecurity friends who all have January 1st birthdays on Facebook! 🧐🧐🧐
Reposted by Joshua Wright
TIL about github.com/iknowjason/e..., a useful utility to assist in figuring out “what cloud provider/region is this entity deployed in?”
$ ./edge -single 140.179.144.130
…
[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]
$ ./edge -single 140.179.144.130
…
[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]
GitHub - iknowjason/edge: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean. - iknowjason/edge
github.com
December 14, 2024 at 2:42 AM
TIL about github.com/iknowjason/e..., a useful utility to assist in figuring out “what cloud provider/region is this entity deployed in?”
$ ./edge -single 140.179.144.130
…
[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]
$ ./edge -single 140.179.144.130
…
[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]
Reposted by Joshua Wright
Important for parents/anyone guiding/mentoring kids-especially middle/high school: make sure they know ChatGPT etc are mostly WRONG and should never be used as sole sources!! It’s an important lesson because the (VC-fueled) tech media fawns over the lie engines as if they’re the second coming.
December 10, 2024 at 4:59 PM
Important for parents/anyone guiding/mentoring kids-especially middle/high school: make sure they know ChatGPT etc are mostly WRONG and should never be used as sole sources!! It’s an important lesson because the (VC-fueled) tech media fawns over the lie engines as if they’re the second coming.
Here, here. --break-system-packages is unnecessarily foolish.
Debian's decision to nerf pip for Python package management continues to do nothing for users except break everything that was working previously.
December 3, 2024 at 5:41 PM
Here, here. --break-system-packages is unnecessarily foolish.
"Our job is to make it safe, not to tell [users] not to click on things on the *thing clicking machine that we gave them*" @metlstorm.risky.biz
I'm planning on repeating this quote quietly to myself at least once a week for the rest of my days.
www.youtube.com/watch?v=Rxye...
I'm planning on repeating this quote quietly to myself at least once a week for the rest of my days.
www.youtube.com/watch?v=Rxye...
Risky Business Weekly (771): Palo Alto's firewall 0days are very, very stupid
YouTube video by Risky Business Media
www.youtube.com
December 3, 2024 at 2:57 PM
"Our job is to make it safe, not to tell [users] not to click on things on the *thing clicking machine that we gave them*" @metlstorm.risky.biz
I'm planning on repeating this quote quietly to myself at least once a week for the rest of my days.
www.youtube.com/watch?v=Rxye...
I'm planning on repeating this quote quietly to myself at least once a week for the rest of my days.
www.youtube.com/watch?v=Rxye...
December 2, 2024 at 10:00 PM
Article by Bogdan Calin on using local LLMs to improve endpoint/file discovery. I'm not sure how practical this is for pen testers, but optimizing requests to avoid WAFs is real. www.invicti.com/blog/securit...
Brainstorm Tool Release: Optimizing Web Fuzzing With Local LLMs
Brainstorm is a new, smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
www.invicti.com
November 30, 2024 at 1:32 PM
Article by Bogdan Calin on using local LLMs to improve endpoint/file discovery. I'm not sure how practical this is for pen testers, but optimizing requests to avoid WAFs is real. www.invicti.com/blog/securit...
Reposted by Joshua Wright
If you haven't checked out @404media.co, I'd like to suggest that you do so at your earliest opportunity. There is some incredible writing happening there...
www.404media.co
www.404media.co
404 Media
404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.
www.404media.co
November 29, 2024 at 10:23 PM
If you haven't checked out @404media.co, I'd like to suggest that you do so at your earliest opportunity. There is some incredible writing happening there...
www.404media.co
www.404media.co
I tell all my students that Julia Evans @b0rk.jvns.ca is a treasure. Check out the Big Zine sale for some wonderful guides on all sorts of useful IT topics!
Wizard Zines is doing another Big Zine Sale again this year on **Friday, November 29th**! One day only.
here’s a google calendar link for the duration of the sale if you want a reminder: wzrd.page/cal
here’s a google calendar link for the duration of the sale if you want a reminder: wzrd.page/cal
November 23, 2024 at 4:31 PM
I tell all my students that Julia Evans @b0rk.jvns.ca is a treasure. Check out the Big Zine sale for some wonderful guides on all sorts of useful IT topics!
Reposted by Joshua Wright
Happy 37th anniversary of the Max Headroom Incident, to those who celebrate.
November 22, 2024 at 8:37 AM
Happy 37th anniversary of the Max Headroom Incident, to those who celebrate.
This Wired article on Russian threat actors exploiting WiFi to gain access to a nearby target is 🧑🍳🤌💋. www.wired.com/story/russia...
Years ago I visited the NSA Cryptological Museum, and the docent told me about an old motel across the street from the base, owned by Russian expats. 🧐🧐🧐 Old = New
Years ago I visited the NSA Cryptological Museum, and the docent told me about an old motel across the street from the base, owned by Russian expats. 🧐🧐🧐 Old = New
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
www.wired.com
November 22, 2024 at 4:30 PM
This Wired article on Russian threat actors exploiting WiFi to gain access to a nearby target is 🧑🍳🤌💋. www.wired.com/story/russia...
Years ago I visited the NSA Cryptological Museum, and the docent told me about an old motel across the street from the base, owned by Russian expats. 🧐🧐🧐 Old = New
Years ago I visited the NSA Cryptological Museum, and the docent told me about an old motel across the street from the base, owned by Russian expats. 🧐🧐🧐 Old = New
I'm working on content as a RSA keynote panel hopeful. Any thoughts on what's worrying about SaaS security? I have a few ideas here.
November 22, 2024 at 4:25 PM
I'm working on content as a RSA keynote panel hopeful. Any thoughts on what's worrying about SaaS security? I have a few ideas here.