Liam 🦆
@liamosaur.ragequ.it
Australian hacker.
Foghlaimeoir Gaeilge.
Tír Bundúchasach. Mar a bhí sí i gcónaí, beidh sí go deo.
Foghlaimeoir Gaeilge.
Tír Bundúchasach. Mar a bhí sí i gcónaí, beidh sí go deo.
I am sad to inform you that Calibri is now officially woke
December 10, 2025 at 2:20 AM
I am sad to inform you that Calibri is now officially woke
ASD's social media team launch an attempt to get another category added to the #hacklore "this is not a realistic threat, please stop worrying about this" list 😔
I find this advice inexplicable and hard to align with any real-world threats
I find this advice inexplicable and hard to align with any real-world threats
December 1, 2025 at 1:04 AM
ASD's social media team launch an attempt to get another category added to the #hacklore "this is not a realistic threat, please stop worrying about this" list 😔
I find this advice inexplicable and hard to align with any real-world threats
I find this advice inexplicable and hard to align with any real-world threats
For some dumb reason "you can just add Szechuan pepper to the sauce" had never occurred to me before this conversation. Freshly pounded peppercorns, laoganma crispy chilli oil, black vinegar, soy + a pack of hoisin duck dumplings straight from the freezer. Took less than 10 minutes to cook
November 30, 2025 at 2:18 AM
For some dumb reason "you can just add Szechuan pepper to the sauce" had never occurred to me before this conversation. Freshly pounded peppercorns, laoganma crispy chilli oil, black vinegar, soy + a pack of hoisin duck dumplings straight from the freezer. Took less than 10 minutes to cook
To give a concrete example - my team did some work earlier in the year analysing data from about 2.5k pentest reports. Looking at critical issues found during webapp pentesting, this mostly matched the OWASP Top10. But there was one standout difference - our #2 issue was File Upload Vulns...
November 27, 2025 at 5:54 AM
To give a concrete example - my team did some work earlier in the year analysing data from about 2.5k pentest reports. Looking at critical issues found during webapp pentesting, this mostly matched the OWASP Top10. But there was one standout difference - our #2 issue was File Upload Vulns...
...This is OWASP's own summary of the Top10. The goal is not just abstract/academic categorisation - it's to provide an *actionable resource* to devs about what they need to be concerned about. "Be concerned about this abstract category" is not as useful advice as something more concrete would be...
November 27, 2025 at 5:54 AM
...This is OWASP's own summary of the Top10. The goal is not just abstract/academic categorisation - it's to provide an *actionable resource* to devs about what they need to be concerned about. "Be concerned about this abstract category" is not as useful advice as something more concrete would be...
Hot take about the updated OWASP Top10 - it's a great resource, but I have some concerns about the trend in categorisation. If the goal was "create categories that cover the top critical security risks to web applications", the new Top 10 would nail it. But the stated goal is slightly different...
November 27, 2025 at 5:54 AM
Hot take about the updated OWASP Top10 - it's a great resource, but I have some concerns about the trend in categorisation. If the goal was "create categories that cover the top critical security risks to web applications", the new Top 10 would nail it. But the stated goal is slightly different...
"absolutely no idea who chewed that blue thing up"
November 26, 2025 at 3:22 AM
"absolutely no idea who chewed that blue thing up"
I got sick of meetings filling up my day around lunchtime, leaving me without a time to eat, so I wrote a Power Automate flow that detects when I'm close to having no time for lunch and auto-reserves a lunch slot in my calendar
November 25, 2025 at 1:29 AM
I got sick of meetings filling up my day around lunchtime, leaving me without a time to eat, so I wrote a Power Automate flow that detects when I'm close to having no time for lunch and auto-reserves a lunch slot in my calendar
Apparently there's a rumour going around that I was actually born with my beard. Absolutely ridiculous. To disprove this slander, here is a photo of me at age 14, sans beard
November 12, 2025 at 9:04 AM
Apparently there's a rumour going around that I was actually born with my beard. Absolutely ridiculous. To disprove this slander, here is a photo of me at age 14, sans beard
Would you believe this gaslighting little shithead has actually already been fed dinner?
November 11, 2025 at 9:10 AM
Would you believe this gaslighting little shithead has actually already been fed dinner?
An ABC producer asked if I could do a live deepfake of Julia Zemiro for... reasons. After a weekend of learning how to train a deepfake model, I recorded a segment for a pilot that eventually became Crime Night! You can see my short segment 18 mins into this episode: iview.abc.net.au/show/crime-n...
November 9, 2025 at 12:48 AM
An ABC producer asked if I could do a live deepfake of Julia Zemiro for... reasons. After a weekend of learning how to train a deepfake model, I recorded a segment for a pilot that eventually became Crime Night! You can see my short segment 18 mins into this episode: iview.abc.net.au/show/crime-n...
Check out this grouse pallet I found at #kawaiicon
November 8, 2025 at 1:29 AM
Check out this grouse pallet I found at #kawaiicon
I didn't like the harsh direct light from the naked globe above my desk (and it reflected off my bald head on video calls). Couldn't find a light shade I liked, so I got a studio lantern diffuser and mounted it to the ceiling over the globe 💡🏮
October 28, 2025 at 2:39 AM
I didn't like the harsh direct light from the naked globe above my desk (and it reflected off my bald head on video calls). Couldn't find a light shade I liked, so I got a studio lantern diffuser and mounted it to the ceiling over the globe 💡🏮
And while we're on the topic of "things non-security people shouldn't worry about", VPNs are snake oil and don't increase your personal security. If anything, they may weaken it. About all they're good for is streaming region-locked content. Don't take security advice from snake oil salesmen
October 23, 2025 at 9:43 PM
And while we're on the topic of "things non-security people shouldn't worry about", VPNs are snake oil and don't increase your personal security. If anything, they may weaken it. About all they're good for is streaming region-locked content. Don't take security advice from snake oil salesmen
Counterpoint: no, they can't
Source: this has never happened
Source: this has never happened
October 23, 2025 at 9:32 PM
Counterpoint: no, they can't
Source: this has never happened
Source: this has never happened
Henlo frens. I am back after a sabbatical. If you're at #CyberconMelb25, you can catch me talking about what we learned by analysing the results of 2,500 pentests at 14:50 in room 212 today melbourne2025.cyberconference.com.au/sessions/ses...
October 14, 2025 at 9:46 PM
Henlo frens. I am back after a sabbatical. If you're at #CyberconMelb25, you can catch me talking about what we learned by analysing the results of 2,500 pentests at 14:50 in room 212 today melbourne2025.cyberconference.com.au/sessions/ses...
Just another day on the Internet with an apostrophe in my surname. GG broadcom
July 15, 2025 at 12:03 AM
Just another day on the Internet with an apostrophe in my surname. GG broadcom
Y Gelli, Cymru / Hay-on-Wye, Wales. The town of books. Population 1,600. 30 bookshops.
I love this sign. Sharp. Crisp. Clear. A work of art 😍
I love this sign. Sharp. Crisp. Clear. A work of art 😍
May 31, 2025 at 11:01 AM
Y Gelli, Cymru / Hay-on-Wye, Wales. The town of books. Population 1,600. 30 bookshops.
I love this sign. Sharp. Crisp. Clear. A work of art 😍
I love this sign. Sharp. Crisp. Clear. A work of art 😍
Harsh. But fair.
Hay-on-Wye, Wales
Hay-on-Wye, Wales
May 31, 2025 at 10:20 AM
Harsh. But fair.
Hay-on-Wye, Wales
Hay-on-Wye, Wales
The logo of the bus company I'm using. Perfection.
May 24, 2025 at 7:34 AM
The logo of the bus company I'm using. Perfection.
The improvement that some upgraded lighting makes to image quality is huge.
Pic 1: Overhead light. Head looks like a full moon, shadows all over face, no background separation.
Pic 2: Key light + fill light. Skintones look much more natural and healthy. Added a blue LED at the guitar just for fun
Pic 1: Overhead light. Head looks like a full moon, shadows all over face, no background separation.
Pic 2: Key light + fill light. Skintones look much more natural and healthy. Added a blue LED at the guitar just for fun
May 5, 2025 at 6:35 AM
The improvement that some upgraded lighting makes to image quality is huge.
Pic 1: Overhead light. Head looks like a full moon, shadows all over face, no background separation.
Pic 2: Key light + fill light. Skintones look much more natural and healthy. Added a blue LED at the guitar just for fun
Pic 1: Overhead light. Head looks like a full moon, shadows all over face, no background separation.
Pic 2: Key light + fill light. Skintones look much more natural and healthy. Added a blue LED at the guitar just for fun
Today my team released a report which draws on a year of pentest data - 2,500 engagements for 800 customers. 26,000 individual findings. We analysed this data to look for the root causes of the most common high-risk issues, and compared issues across industries.
April 7, 2025 at 11:44 PM
Today my team released a report which draws on a year of pentest data - 2,500 engagements for 800 customers. 26,000 individual findings. We analysed this data to look for the root causes of the most common high-risk issues, and compared issues across industries.
The Australian parliament has this too. We even have an odd name for these questions - "Dorothy Dixers" en.m.wikipedia.org/wiki/Dorothy...
February 27, 2025 at 7:42 PM
The Australian parliament has this too. We even have an odd name for these questions - "Dorothy Dixers" en.m.wikipedia.org/wiki/Dorothy...
Very hard to tell who to believe here 🤔
February 19, 2025 at 9:55 AM
Very hard to tell who to believe here 🤔