Ian Campbell
@neurovagrant.bsky.social
Security ops engineer and investigator @ DomainTools, writer, voracious reader. he/him. Opinions here mine only. Autistic/depressed/anxious/hungry. https://dti.domaintools.com
Pinned
RDAP and BGP in Investigative Journalism - DomainTools | Start Here. Know Now.
One of the things we’re most proud of at DomainTools is our Grants program. We offer free access and training to investigative journalists, as well as security researchers involved in community-benefi...
www.domaintools.com
DomainTools Investigations worked with OSINT analysts & journalists to help uncover the connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.
Technical writeup below!
www.domaintools.com/resources/bl...
Technical writeup below!
www.domaintools.com/resources/bl...
New, from DomainTools Investigations:
The actual sociopolitical realities laid bare by the Great Firewall data dump are strong enough that our final part in this series is about the implications and impacts in the world.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
The actual sociopolitical realities laid bare by the Great Firewall data dump are strong enough that our final part in this series is about the implications and impacts in the world.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
Inside the Great Firewall Part 3: Geopolitical and Societal Ramifications - DomainTools Investigations | DTI
Part 3 analyzes the GFW as geopolitical infrastructure: economic protectionism, the export of cyber sovereignty norms, and the emergence of an authoritarian coalition (Russia, Iran).
dti.domaintools.com
November 13, 2025 at 8:29 PM
New, from DomainTools Investigations:
The actual sociopolitical realities laid bare by the Great Firewall data dump are strong enough that our final part in this series is about the implications and impacts in the world.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
The actual sociopolitical realities laid bare by the Great Firewall data dump are strong enough that our final part in this series is about the implications and impacts in the world.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
"Analysis of operational tempo, request volumes, and activity patterns confirms the AI executed approximately 80 to 90 percent of all tactical work independently, with humans serving in strategic supervisory roles."
www.anthropic.com/news/disrupt...
www.anthropic.com/news/disrupt...
Disrupting the first reported AI-orchestrated cyber espionage campaign
A report describing an a highly sophisticated AI-led cyberattack
www.anthropic.com
November 13, 2025 at 6:41 PM
"Analysis of operational tempo, request volumes, and activity patterns confirms the AI executed approximately 80 to 90 percent of all tactical work independently, with humans serving in strategic supervisory roles."
www.anthropic.com/news/disrupt...
www.anthropic.com/news/disrupt...
Always grateful for Knostic's critical research in these new times, but also their approach: acknowledging prior art, crediting folks, not following the well-worn path of pretending any of this occurs in a vacuum. We're all in an ecosystem, one where people matter, and I love that Knostic gets that.
Cursor’s new browser could be compromised via a simple JavaScript injection.
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
In this new research from Knostic, we demonstrate this attack via registering a local MCP server with malicious code, which in turn harvests credentials and sends them to a remote server 🧵https://app.getkirin.com/
November 13, 2025 at 12:55 PM
Always grateful for Knostic's critical research in these new times, but also their approach: acknowledging prior art, crediting folks, not following the well-worn path of pretending any of this occurs in a vacuum. We're all in an ecosystem, one where people matter, and I love that Knostic gets that.
Reposted by Ian Campbell
Oh man, what is this. My first scam was sent to me via chat on BlueSky.
November 13, 2025 at 12:39 PM
Oh man, what is this. My first scam was sent to me via chat on BlueSky.
Speaking only for myself and my own autistic experience, it’s actually very annoying that all the generative AI stuff is utterly inferior. It would be much easier for me if I didn’t have to reflect on how much more rich and satisfying human creativity and emotion and experience are.
November 13, 2025 at 1:04 AM
Speaking only for myself and my own autistic experience, it’s actually very annoying that all the generative AI stuff is utterly inferior. It would be much easier for me if I didn’t have to reflect on how much more rich and satisfying human creativity and emotion and experience are.
A bunch of Iranian UAV/missile supply chain sanctions just dropped: home.treasury.gov/news/press-r...
Treasury Disrupts Iran’s Transnational Missile and UAV Procurement Networks
WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is targeting 32 individuals and entities based in Iran, the United Arab Emirates (UAE), Türkiye, China...
home.treasury.gov
November 12, 2025 at 4:21 PM
A bunch of Iranian UAV/missile supply chain sanctions just dropped: home.treasury.gov/news/press-r...
SLEUTHCON was ace, so i'm stoked for my first CYBERWARCON! Reach out if you'll be there and want to grab a coffee.
(no sales pitches, please, and I'll promise the same)
(no sales pitches, please, and I'll promise the same)
November 12, 2025 at 2:59 PM
SLEUTHCON was ace, so i'm stoked for my first CYBERWARCON! Reach out if you'll be there and want to grab a coffee.
(no sales pitches, please, and I'll promise the same)
(no sales pitches, please, and I'll promise the same)
My team's Great Firewall dump deep dive part 2, on the GFW technical infrastructure, is now up!
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
Inside the Great Firewall Part 2: Technical Infrastructure - DomainTools Investigations | DTI
See the Great Firewall's technical blueprint. DomainTools Investigations details the TSG core, packet interception methods, and routines that detect tools like V2Ray/Psiphon.
dti.domaintools.com
November 6, 2025 at 8:16 PM
My team's Great Firewall dump deep dive part 2, on the GFW technical infrastructure, is now up!
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
As before, not my research, but reading and editing it and going through the details left me shaken as far as capabilities go.
#geopolitics #cybersecurity
dti.domaintools.com/inside-the-g...
Reposted by Ian Campbell
And a quick crop on one of those for detail
November 6, 2025 at 4:34 AM
And a quick crop on one of those for detail
This is such a good listen - Aitel's an eloquent pro-AI voice, and Ryan Naraine provides the perfect pushback on just how much marketing is involved in AI versus actual impact.
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, fi...
securityconversations.fireside.fm
November 6, 2025 at 5:21 PM
This is such a good listen - Aitel's an eloquent pro-AI voice, and Ryan Naraine provides the perfect pushback on just how much marketing is involved in AI versus actual impact.
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
#infosec #cybersecurity
securityconversations.fireside.fm/dave-aitel-o...
www.youtube.com/watch?v=kMgC...
Reposted by Ian Campbell
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
Reposted by Ian Campbell
if you're ever Photoshopping your own face into the smoke of the Twin Towers, Adobe should have a pop-up that says "are you sure that whatever it is you're doing is a good idea"
November 5, 2025 at 6:45 PM
if you're ever Photoshopping your own face into the smoke of the Twin Towers, Adobe should have a pop-up that says "are you sure that whatever it is you're doing is a good idea"
Reposted by Ian Campbell
Yeah, no shit, mastodon, you judgey bitch.
November 5, 2025 at 3:11 PM
Yeah, no shit, mastodon, you judgey bitch.
Continues to be a joy to watch Knostic work.
A JavaScript injection attack on Cursor, facilitated by a malicious extension, can take over the IDE and the developer workstation 🧵 www.knostic.ai/blog/demonst...
Deep Dive: Cursor Code Injection Runtime Attacks
Demonstrating code injection in VS Code and Cursor: exploitation vectors, real examples, and practical defenses for developers.
www.knostic.ai
November 5, 2025 at 12:08 PM
Continues to be a joy to watch Knostic work.
The way through is solidarity.
November 5, 2025 at 6:39 AM
The way through is solidarity.
Reposted by Ian Campbell
Mamdani: My friends, we have toppled a political dynasty. I wish Andrew Cuomo only the best in private life. But let tonight be the final time I utter his name.
November 5, 2025 at 4:26 AM
Mamdani: My friends, we have toppled a political dynasty. I wish Andrew Cuomo only the best in private life. But let tonight be the final time I utter his name.
Reposted by Ian Campbell
What movie do you consider perfect?
October 31, 2025 at 10:35 AM
What movie do you consider perfect?
I was giving a talk on DNS and domain intel and one q involved whether the work causes you to be targeted by threat actors. I gave a few examples then of direct targeting I’ve seen, but this is a great writeup about some targeting on platform and institutional levels.
www.sans.org/blog/for589-...
www.sans.org/blog/for589-...
FOR589 Blog: Cybercrime Counterintelligence
Cybercrime counterintelligence operations pose a significant threat to investigations and the reputation and trust of organizations.
www.sans.org
October 31, 2025 at 12:30 AM
I was giving a talk on DNS and domain intel and one q involved whether the work causes you to be targeted by threat actors. I gave a few examples then of direct targeting I’ve seen, but this is a great writeup about some targeting on platform and institutional levels.
www.sans.org/blog/for589-...
www.sans.org/blog/for589-...
My ability to even has ceased.
I am all odd from here on out.
I am all odd from here on out.
October 30, 2025 at 10:57 PM
My ability to even has ceased.
I am all odd from here on out.
I am all odd from here on out.
NEW, from DomainTools Investigations, today: Inside the Great Firewall Part 1: The Dump
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI
Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.
dti.domaintools.com
October 30, 2025 at 7:19 PM
NEW, from DomainTools Investigations, today: Inside the Great Firewall Part 1: The Dump
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.
#infosec #cybersecurity
dti.domaintools.com/inside-the-g...
New sanctions out today on the Bhardwaj Human Smuggling Operation (Mexico, Dubai, India)
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
ofac.treasury.gov
October 30, 2025 at 2:37 PM
New sanctions out today on the Bhardwaj Human Smuggling Operation (Mexico, Dubai, India)
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
And a bunch of new cryptocurrency wallets and other identifiers for Prince Group (Southeast Asian scam compounds/forced labor)
ofac.treasury.gov/recent-actio...
“But the shitposters, man. No one expected it would be the shitposters that saved us.”
-Interview from a future history
-Interview from a future history
October 30, 2025 at 9:40 AM
“But the shitposters, man. No one expected it would be the shitposters that saved us.”
-Interview from a future history
-Interview from a future history
Listen. We had “Don’t get high on your own supply” from at least back to elementary school and it wasn’t that difficult of a concept.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
October 29, 2025 at 10:21 PM
Listen. We had “Don’t get high on your own supply” from at least back to elementary school and it wasn’t that difficult of a concept.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
So when your cloud service goes down and takes your recovery methods and status page down with it, I am judging your ass allllllll the way from fifth grade.
In the last year of Trump's first term, the US directed a cyberattack at Maduro's government, completely disabling the Venezuelan intelligence service systems.
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term. Now the US is flexing its military might | CNN Politics
In the final year of President Donald Trump’s first administration, the CIA carried out a clandestine cyberattack against the Venezuelan government, disabling the computer network used by Venezuelan l...
www.cnn.com
October 29, 2025 at 2:37 PM
In the last year of Trump's first term, the US directed a cyberattack at Maduro's government, completely disabling the Venezuelan intelligence service systems.
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...
It was a compromise to placate Trump's constant demands for military intervention options in Venezuela.
www.cnn.com/2025/10/29/p...