Leon van Niekerk

Checking a Linux system for CopyFail exploitation traces with THOR Cloud Lite The video is 1 min long It shows: - creating a THOR Cloud Lite campaign - copying the one-liner - running it on a Linux system - reviewing the first findings in the report Actual scan time: ~3 minutes The scan shows traces in: - SSH session memory - Bash history - command execution artifacts So with less than a minute of manual work, you can check a Linux system for CopyFail exploitation traces using a free tool No agent rollout, no complex setup, no “please install this platform first” ritual https://t.co/pRujz5bSEq

Sci-Hub is an evil website that pirated 85M+ research papers and made them freely available And now they've added AI to their database to make Sci-Bot. It answers your questions using latest, full-text articles. But DO NOT use it. We should all try to make billion-dollar academic publishers richer. I'm putting the link below so you know how to avoid it.

Some Linux Commands That Serve No Actual Purpose But Are Fun: • sl – type ls wrong and a steam locomotive appears 🚂 • cowsay – a cow says literally anything you want • fortune – random wisdom, quotes, or nonsense • lolcat – rainbow-colors any output 🌈 • cmatrix – Matrix-style falling code • rev – reverses text character-by-character • tac – cat, but backwards 😺 • figlet – massive ASCII text banners

I am a Microsoft security architect. In 1994, researchers discovered RC4 was fundamentally broken. We made it the default cipher in Windows anyway. By 2000, every machine on Earth was running it. We called it "battle-tested." Technically true. It lost every battle. In 2013, more researchers confirmed it was still broken. We published a knowledge base article thanking them for their passion. In 2015, the entire industry formally deprecated it. We kept it enabled by default. Compatibility is more important than security. Security is just compatibility with not being hacked. Hospitals ran their patient records through it. Banks authenticated their transactions with it. Fortune 500 companies trusted their crown jewels to it. The Ascension breach happened. 5.6 million patient records. 140 hospitals offline. Ransomware walked through our cipher like it wasn't there. It basically wasn't. Senator Wyden called it "gross cybersecurity negligence." He demanded an FTC investigation. We released a statement thanking him for his continued partnership. After 26 years of careful consideration, we've made a decision. We're going to disable RC4 by default. In mid-2026. We're giving everyone 18 months notice. Because we believe in thoughtful transitions. We've been thoughtfully transitioning since the Clinton administration. Two Clintons could have run for president in the time we've been "evaluating options." Some things are just hard to kill off. Like a legacy cipher. Or institutional momentum. Or the phrase "we take security seriously." We do take it seriously. We just don't take it urgently. Urgency is for startups. We're a mature organization. We mature our vulnerabilities like fine wine. 26 years. That's not negligence. That's commitment.

Last week our CISO asked me to present on “zero trust architecture.” I don’t know what that means. I make $340,000 a year. I haven’t touched a firewall since Obama’s first term. But I have a CISSP. I passed by memorizing acronyms. I still don’t know what half of them stand for. I opened my presentation with “assume breach.” Everyone nodded gravely. I said “defense in depth” three times. The board was captivated. Then a junior analyst raised her hand. She asked how we’d implement microsegmentation. I felt a cold sweat. I said, “Great question. Let’s take that offline.” She persisted. I said we should “leverage AI-driven solutions.” She asked which ones. I said, “The cloud-native ones.” She looked confused. I told her confusion was natural. I said, “Security is a journey, not a destination.” The CEO started clapping. I don’t know why. But others joined in. The analyst stopped asking questions. I ended with “security is everyone’s responsibility.” This meant it was no one’s responsibility. Especially not mine. We got breached two weeks later. I blamed the analyst for “creating a culture of doubt.” She got put on a PIP. I got promoted to VP. Resilience isn’t about preventing failure. It’s about surviving it. Preferably while others don’t.