WitchyPurpleSec
@witchypurplesec.bsky.social
InfoSec "professional" | privacy advocate | public speaker | nerd | podcaster
https://witchypurplesec.com/
Mentally I'm in the hit 90's film Hackers at all times
On a voyage for the One Piece
https://witchypurplesec.com/
Mentally I'm in the hit 90's film Hackers at all times
On a voyage for the One Piece
Just being on the web store for download shouldn't give extensions a pass on you personal or professional security review. It's still worth doing your research and understanding what the extension does before you use it. The requirements for publishing to the store may not cover your risk appetite.
Over 30 harmful Chrome extensions with 75M+ installs secretly stole login info and tracked activity. Even trusted-looking add-ons can hide threats—stay alert to what’s running in your browser. #CyberSecurityAlert
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data.
www.bleepingcomputer.com
December 24, 2025 at 2:37 PM
Just being on the web store for download shouldn't give extensions a pass on you personal or professional security review. It's still worth doing your research and understanding what the extension does before you use it. The requirements for publishing to the store may not cover your risk appetite.
I always found it so odd that Microsoft's out of box configuration was basically a house with every door and window open. Its so easy to miss a configuration setting during an initial deployment that could create a security nightmare down the road. I feel like this is a step in the right direction.
Microsoft Teams strengthens messaging security by default in January
Microsoft Teams strengthens messaging security by default in January
Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious.
www.bleepingcomputer.com
December 23, 2025 at 3:24 PM
I always found it so odd that Microsoft's out of box configuration was basically a house with every door and window open. Its so easy to miss a configuration setting during an initial deployment that could create a security nightmare down the road. I feel like this is a step in the right direction.
Great now I'm suspicious of both cats and zebras.
EDR flagging your payload for high entropy? Principal Security Consultant Mike Saunders has a fix.
In this Red Siege Knowledge Brief he dives into Jargon, Mike's tool that disguises raw shellcode as innocent English words.
🔗 youtu.be/5PivPCtwyqA?...
#hacking #infosec #cybersecurity
In this Red Siege Knowledge Brief he dives into Jargon, Mike's tool that disguises raw shellcode as innocent English words.
🔗 youtu.be/5PivPCtwyqA?...
#hacking #infosec #cybersecurity
Shellcode Obfuscation Made Simple
YouTube video by Red Siege
youtu.be
December 22, 2025 at 6:46 PM
Great now I'm suspicious of both cats and zebras.
Reposted by WitchyPurpleSec
New year ahead, fresh momentum. Take 40% off everything with code HOLIDAY40 and fill your shelf with books that help you build real skills and reach the next milestone you’ve been working toward. Ends Jan 2 at 11:59 PM PST.
nostarch.com
nostarch.com
December 18, 2025 at 7:04 PM
New year ahead, fresh momentum. Take 40% off everything with code HOLIDAY40 and fill your shelf with books that help you build real skills and reach the next milestone you’ve been working toward. Ends Jan 2 at 11:59 PM PST.
nostarch.com
nostarch.com
I've been selected to speak at #RSAC 2026! This year I'm covering two different topics. One session covering #CyberSecurity strategy and one on #Governance. More to come as we get closer to the event!
#GRC #InformationSecurity #Conferences
#GRC #InformationSecurity #Conferences
December 17, 2025 at 4:32 PM
I've been selected to speak at #RSAC 2026! This year I'm covering two different topics. One session covering #CyberSecurity strategy and one on #Governance. More to come as we get closer to the event!
#GRC #InformationSecurity #Conferences
#GRC #InformationSecurity #Conferences
I think it's just music made by poorly constructed AI models that literally think its just the sound of different items banging metal in a 10 minute mp3 you can only download by providing them your social security number.
Everytime someone mentions "bare metal" in my timeline my brain wonders: "What new genre is this?"
December 17, 2025 at 3:58 PM
I think it's just music made by poorly constructed AI models that literally think its just the sound of different items banging metal in a 10 minute mp3 you can only download by providing them your social security number.
At the intersection of this privacy and security issue there is... sadness... and photos from your wedding probably...
It's weird how people forget that privacy issues can become security or safety issues.
It's weird how people forget that privacy issues can become security or safety issues.
NEW: A flaw in the website of Hama Film, a photo booth maker with presence in Australia, UAE and the U.S., exposes pictures and videos of its customers.
Security researcher alerted the company last month, no answer. We reached out to the company a few times, no answer.
Security researcher alerted the company last month, no answer. We reached out to the company a few times, no answer.
Flaw in photo booth maker’s website exposes customers’ pictures | TechCrunch
Hama Film makes photo booths that upload pictures and videos online. But their backend systems have a simple flaw that allows anyone to download customer pictures.
techcrunch.com
December 12, 2025 at 5:09 PM
At the intersection of this privacy and security issue there is... sadness... and photos from your wedding probably...
It's weird how people forget that privacy issues can become security or safety issues.
It's weird how people forget that privacy issues can become security or safety issues.
I went from IT to SysAd to CyberSec. I see a lot of people say you "have" to do SOC first to break into #cybersecurity but that's not true. The same path doesn't have to work for everyone. In this persons case I would take the SysAd role in a heartbeat but that's what works for me.
December 11, 2025 at 6:59 PM
I went from IT to SysAd to CyberSec. I see a lot of people say you "have" to do SOC first to break into #cybersecurity but that's not true. The same path doesn't have to work for everyone. In this persons case I would take the SysAd role in a heartbeat but that's what works for me.
OWASP continues to be a guidepost and key resource pool for baselining your security. With the rapid adoption of AI and teams struggling with budgets their AI Top 10 publications are going to be invaluable over the next several years.
genai.owasp.org/2025/12/09/o...
genai.owasp.org/2025/12/09/o...
December 10, 2025 at 9:47 PM
OWASP continues to be a guidepost and key resource pool for baselining your security. With the rapid adoption of AI and teams struggling with budgets their AI Top 10 publications are going to be invaluable over the next several years.
genai.owasp.org/2025/12/09/o...
genai.owasp.org/2025/12/09/o...
Happy RSAC Speaker Selectionmas to those who celebrate. I hope Santa Hugh Thompson and the rest of the RSAC elves brought you the speaking engagement confirmation you were hoping for.
December 10, 2025 at 7:06 PM
Happy RSAC Speaker Selectionmas to those who celebrate. I hope Santa Hugh Thompson and the rest of the RSAC elves brought you the speaking engagement confirmation you were hoping for.
"While companies often highlight research that benefits them, today’s leading AI labs are given an unusual level of authority to self-report the risks and capabilities of the technology they’re racing to deploy." Is heavy quote that summarizes just a single oddity (issue) around AI and business.
NEW: Four sources tell @mzeff.bsky.social that OpenAI has become reluctant to publish research on the negative economic impacts of AI, including job displacement.
At least two members of OpenAI's economic research team have recently quit over that perceived pullback.
At least two members of OpenAI's economic research team have recently quit over that perceived pullback.
OpenAI Staffer Quits, Alleging Company’s Economic Research Is Drifting Into AI Advocacy
Four sources close to the situation claim OpenAI has become hesitant to publish research on the negative impact of AI. The company says it has only expanded the economic research team’s scope.
www.wired.com
December 9, 2025 at 9:23 PM
"While companies often highlight research that benefits them, today’s leading AI labs are given an unusual level of authority to self-report the risks and capabilities of the technology they’re racing to deploy." Is heavy quote that summarizes just a single oddity (issue) around AI and business.
We've normalized sharing photos of our friends and families for so long this is an unfortunate but not entirely unexpected consequence. Always contact your loved ones directly if you think there's a problem and agree on a secret password or phrase only your loved ones know to prove it's you.
FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof
FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof
cybersecuritynews.com
December 8, 2025 at 9:47 PM
We've normalized sharing photos of our friends and families for so long this is an unfortunate but not entirely unexpected consequence. Always contact your loved ones directly if you think there's a problem and agree on a secret password or phrase only your loved ones know to prove it's you.
Reposted by WitchyPurpleSec
#OnThisDay in 1981, Simon & Simon aired “Trapdoors”—likely the first non–sci-fi depiction of computer hacking on US TV. 💻📞
Teen Robbie Rist uses an Apple II + acoustic modem to access a bank—2 years before “hacker” hit mainstream media.
A proto-Whiz Kids story from creator Phil DeGuere.
Teen Robbie Rist uses an Apple II + acoustic modem to access a bank—2 years before “hacker” hit mainstream media.
A proto-Whiz Kids story from creator Phil DeGuere.
December 8, 2025 at 4:50 PM
#OnThisDay in 1981, Simon & Simon aired “Trapdoors”—likely the first non–sci-fi depiction of computer hacking on US TV. 💻📞
Teen Robbie Rist uses an Apple II + acoustic modem to access a bank—2 years before “hacker” hit mainstream media.
A proto-Whiz Kids story from creator Phil DeGuere.
Teen Robbie Rist uses an Apple II + acoustic modem to access a bank—2 years before “hacker” hit mainstream media.
A proto-Whiz Kids story from creator Phil DeGuere.
There is no rule book for getting into CyberSec. Every person I've ever talked to had a different path and they vary wildly. What matters is that you are eager to learn and help. A good manager will recognize that and hire you in a second. Skills can be taught but your heart and drive are yours.
After over 1000 applications, the poster has landed a full-time job in vulnerability remediation at a large corporation. They graduated a year ago with a degree in Cybersecurity Analytics/Operations and had one internship. They advise against believing you must start at a help desk.
It can be done
The search is finally over. After 1000+ applications I finally landed a full time position doing vulnerability remediation at a large corporation. I graduated about a year ago with a bachelors degr...
reddit.com
December 8, 2025 at 8:53 PM
There is no rule book for getting into CyberSec. Every person I've ever talked to had a different path and they vary wildly. What matters is that you are eager to learn and help. A good manager will recognize that and hire you in a second. Skills can be taught but your heart and drive are yours.
Reposted by WitchyPurpleSec
Someone should make a isdowndetectordown website, and then also put it on cloudflare.
December 5, 2025 at 9:04 AM
Someone should make a isdowndetectordown website, and then also put it on cloudflare.
I commissioned new art for The Spooky Cyber Story Club podcast! I worked with an actual human artist on Fiverr and I couldn't be happier with the results.
You can listen on most major platforms or on my RSS site:
rss.com/podcasts/the...
#HumanArt #CyberSecurity #Podcast #CyberHorrorStories
You can listen on most major platforms or on my RSS site:
rss.com/podcasts/the...
#HumanArt #CyberSecurity #Podcast #CyberHorrorStories
December 5, 2025 at 6:29 PM
I commissioned new art for The Spooky Cyber Story Club podcast! I worked with an actual human artist on Fiverr and I couldn't be happier with the results.
You can listen on most major platforms or on my RSS site:
rss.com/podcasts/the...
#HumanArt #CyberSecurity #Podcast #CyberHorrorStories
You can listen on most major platforms or on my RSS site:
rss.com/podcasts/the...
#HumanArt #CyberSecurity #Podcast #CyberHorrorStories
Kevin McCallister is a social engineer. Look at how he handles the grocery store clerk in Home Alone and his entire hotel scheme in Home Alone Lost In New York.
#Cybersecurity #Holidays #SocialEngineering #Hacker
#Cybersecurity #Holidays #SocialEngineering #Hacker
a close up of a young boy 's face with the number 3 in the background
ALT: a close up of a young boy 's face with the number 3 in the background
media.tenor.com
December 1, 2025 at 1:58 PM
Kevin McCallister is a social engineer. Look at how he handles the grocery store clerk in Home Alone and his entire hotel scheme in Home Alone Lost In New York.
#Cybersecurity #Holidays #SocialEngineering #Hacker
#Cybersecurity #Holidays #SocialEngineering #Hacker
If you aren't 100% sold on giving my new #Cybersecurity podcast a listen. Maybe this short clip will help you decide if the remaining 10 minutes is worth your time. The Spooky Cyber Story Club is available on most major podcasting platforms.
rss.com/podcasts/the...
rss.com/podcasts/the...
November 22, 2025 at 6:44 PM
If you aren't 100% sold on giving my new #Cybersecurity podcast a listen. Maybe this short clip will help you decide if the remaining 10 minutes is worth your time. The Spooky Cyber Story Club is available on most major podcasting platforms.
rss.com/podcasts/the...
rss.com/podcasts/the...
If you are looking for a fun (free) team building opportunity or you like game/challenge based learning the #HolidayHack challenge is live now and always a blast.
#CounterHack #CTF #KringleCon
www.sans.org/cyber-ranges...
#CounterHack #CTF #KringleCon
www.sans.org/cyber-ranges...
Holiday Hack Cybersecurity Challenge 2025 | SANS Institute
Join the global cybersecurity community in the most festive and challenging event of the year! The SANS Holiday Hack Challenge cyber range offers FREE, high-quality, and super fun hands-on cybersecuri...
www.sans.org
November 7, 2025 at 6:31 PM
If you are looking for a fun (free) team building opportunity or you like game/challenge based learning the #HolidayHack challenge is live now and always a blast.
#CounterHack #CTF #KringleCon
www.sans.org/cyber-ranges...
#CounterHack #CTF #KringleCon
www.sans.org/cyber-ranges...
While my podcast logo is a bit basic and rough now I'm hoping to have something better by next episode. I've actually had some stellar experiences on Fiverr so I'm commissioning something there. I know AI could make me... something... but I'd prefer a human artist.
November 4, 2025 at 10:13 PM
While my podcast logo is a bit basic and rough now I'm hoping to have something better by next episode. I've actually had some stellar experiences on Fiverr so I'm commissioning something there. I know AI could make me... something... but I'd prefer a human artist.
Thinking about swapping my phone out for a newer device (last years model) so I can run a security focused OS full time. I already use a privacy focused OS on my travel phone so I think im ready to go full time on my primary device.
November 4, 2025 at 3:04 PM
Thinking about swapping my phone out for a newer device (last years model) so I can run a security focused OS full time. I already use a privacy focused OS on my travel phone so I think im ready to go full time on my primary device.
It's Halloween! So it's a great day to announce my new horror themed #cybersecurity #podcast, The Spooky Cyber Story Club! In future episodes I'll be interviewing CyberSec, InfoSec, and Red Team professionals to discuss their cyber horror stories.
rss.com/podcasts/the...
rss.com/podcasts/the...
The Spooky Cyber Story Club | Podcast on RSS.com
The Spooky Cyber Story Club is here to cover all of your cybersecurity horror stories. Instead of monsters, madmen, ghouls, and ghosts, The Spooky Cyber Story Club covers breaches, incidents, hacker e...
rss.com
October 31, 2025 at 1:11 PM
It's Halloween! So it's a great day to announce my new horror themed #cybersecurity #podcast, The Spooky Cyber Story Club! In future episodes I'll be interviewing CyberSec, InfoSec, and Red Team professionals to discuss their cyber horror stories.
rss.com/podcasts/the...
rss.com/podcasts/the...
Dropping a fun project on Friday that mixes my beloved Halloween vibes with #Cybersecurity. I'm pumped to get spooky and help out the CyberSec and InfoSec communities at the same time.
a picture of a fire in the woods was taken by a person named the black
ALT: a picture of a fire in the woods was taken by a person named the black
media.tenor.com
October 28, 2025 at 7:33 PM
Dropping a fun project on Friday that mixes my beloved Halloween vibes with #Cybersecurity. I'm pumped to get spooky and help out the CyberSec and InfoSec communities at the same time.
Always remember AI needs a human element. We have to stop acting like it's infallible. I truly belive we aren't in the Trough of Disillusionment yet. When it comes to AI it feels like the Peak of Inflated Expectations is long and arduous because of the its perceived simplicity and ROI.
October 25, 2025 at 7:25 PM
Always remember AI needs a human element. We have to stop acting like it's infallible. I truly belive we aren't in the Trough of Disillusionment yet. When it comes to AI it feels like the Peak of Inflated Expectations is long and arduous because of the its perceived simplicity and ROI.
If you run into anyone who works at Amazon on the AWS team today give them a hug and buy them a beer because this probably wasn't a great day.
October 20, 2025 at 9:01 PM
If you run into anyone who works at Amazon on the AWS team today give them a hug and buy them a beer because this probably wasn't a great day.