Cybersecurity & Network Security Engineer @Cisco 🛜
Zero Trust, Wireless Security, IR, Python Automation
Writing about security systems
Public Speaker 🎤
Threat Intelligence Sources (for example, Cisco Talos, open-source intelligence (OSINT), AlienVault, Threat Connect)
Adversary emulation tools to emulate the behavior and capabilities of an adversary (for example, Caldera, Scythe, Cobalt Strike)
Specialized tools interpret massive data volumes to reduce the data analysis time (eg Azure Hunter, Real Intelligence Threat Analytics (RITA), AC-Hunter from Active Countermeasures, Elasticsearch, Logstash & Kibana (ELK) Stack, CyberChef, NetworkMiner & memory forensics tools)
Network and endpoint telemetry data from NSM & EDR tools (for example, firewalls, IPS, NetFlow, Security Onion NSM tools, Cisco Secure Endpoint)
SIEM, Security Orchestration, Automation, and Response (SOAR), and XDR (for example, Splunk Enterprise, Splunk Phantom, Cisco XDR)
Threat hunting - not all automated security solutions can detect cyber threats ; proactive approach is needed.
Time to respond to threats is critical factor. Attack dwell time, during which an adversary has access to compromised systems before being detected.
Built Python-based AWS security posture scanner as a hands-on learning project.
CloudGuard Automator checks for common cloud misconfigurations across: IAM, S3, CloudTrail and EC2 Security Groups
GitHub: https://t.co/kQpVmSGfk7
#CloudSecurity#AWS#Python#SecurityAutomation
Built a small wireless security automation lab using Python + Scapy.
The project explores how wireless behavior can be detected, scored, and logged in a defensive lab setup.
Learning- wireless monitoring, Zero Trust and security automation.
GitHub: https://t.co/fNVurPa61G
Built v2 of SOC Incident Response Automation Toolkit.
Security automation is not just about detecting alerts. It is about converting raw signals into structured findings that are easier to review, prioritize, and act on.
GitHub:https://t.co/BE02NztqXT
#Python#SecurityAutomation
As quantum computing evolves, networks will play a foundational role in helping systems work together. 🛜
Always a delight collaborating with @Cisco 🥳🔥
#cisco#AI#science#finance#quantum#switch
From science to finance, connected quantum systems could unlock possibilities beyond what individual machines can achieve today.🌐
Our Universal #Quantum Switch, a working research prototype, is helping systems communicate across networks. Learn more: https://t.co/D6ILsZkL8z
🚨 METATRON - Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux
Source: https://t.co/GSD7xR3qq7
A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment.
Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with a locally hosted large language model (LLM), eliminating the need for cloud connectivity, API keys, or third-party subscriptions.
METATRON is a CLI-based penetration testing assistant written in Python 3 that accepts a target IP address or domain and autonomously orchestrates a suite of standard reconnaissance tools.
#cybersecuritynews
Udemy, Zara and now even Canvas 💀
Shinyhunters are creating a havoc but its high time for companies to protect their data properly!
This should be a awakening call 🚨
New breach: Zara was named as a ShinyHunters victim last month, after which data containing 197k unique email addresses was published. Impacted data included customer support records, product SKUs and order IDs. 60% were already in @haveibeenpwned. More: https://t.co/0hIQbqoBCk
No tap. No download. No click. Scary android vulnerability! 💀
It allows Remote code execution (RCE) as shell user, giving the attacker “master key” to device.
Attacker needs to be on same local network or in physical proximity.
Update device to May 2026 Security patch SOON🚨
🛡️ Critical Android Zero-Click Vulnerability Grants Remote Shell Access
Source: https://t.co/EUEZkh4CEa
Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component.
It allows an attacker to gain remote shell access without requiring a single tap, download, or click from the device owner. Threat actors can launch this zero-click attack proximally, meaning they only need to be on the same local network or in physical proximity to exploit a vulnerable mobile device.
#cybersecuritynews #Android
Deux groupes cybercriminels font du vishing en 2026. Pas de malware. Pas de CVE. Juste un coup de téléphone.
Le process : appel vocal → page SSO malveillante → credentials capturés → accès direct à tous vos SaaS connectés en quelques minutes.
Cordial Spider et Snarky Spider opèrent presque entièrement dans les environnements SaaS légitimes. Aucune trace. Aucun binaire à détecter.
C'est le vrai shift des attaques en 2026 : l'humain est le vecteur, pas la machine.
Votre EDR ne verra rien. Votre SIEM non plus.
La seule défense ? Former vos équipes à reconnaître une page SSO fake. C'est trivial à faire, personne le fait.
☕
Massive cybercrime setup based in China!
Operation uses central backend- Paperclip and agent-based workflow system-OpenClaw.
With step-by-step workflow - Planning, Review, Dispatch, Recon, Scan, Validate, and Report on the stolen data.
#cybercrime#cybersecurity#security
Locard's Exchange Principle -
Entity interacting with env in active IR will always take and leave evidence from them. Evidence left behind is called trace evidence as it can be used to lead to attacker.
Hidden Costs of Custom AI-
When deploying custom model, take ownership of system (requires active management)
Model degrades (user behavior changes) -> data distribution shifts-> model predictions worsen -> retrain model-> gather new data, run, validate & push to prod
#AI#genAI
Cross-Reference & Fact-Check in LLM prompts -
The level of rigor you apply should depend on the importance of the information you are checking.
L1 : first & quickest filter to catch obvious nonsense
L2 : originally from primary sources
L3 : original source
#genAI#LLM#AI
Prompt Injection-
An attacker crafts malicious prompt that tricks AI into ignoring its previous instructions and performing an unintended action, such as revealing sensitive information from its system instructions, bypassing safety guidelines, or generating harmful content.