Saturday, May 9, 2026

ёprstcon is about you

We're running ёprstcon — a community one-day conference 
in Moscow on May 26. Open call for anyone whose talk fits 
the room — online or offline.


ёprstcon is about you, your con, man :)


What it is:
- 200-300 attendees, mostly security folks, plus an unusually 
 curious crowd from adjacent fields
- No sponsors, no VIP, no panel discussions about "the future 
 of cyber". Pallets instead of seats. Projectors. Microphones. 
 People.
- Two parallel tracks: technical (research, tooling, demos) 
 and what we call "the room next door" — culture, music, 
 science from non-IT fields. Adjacent to the main hall, 
 same audience, different register.
- Inspired by....

#CCC, we love you.

What we're looking for:
- A 15-40 minute talk, on-site or via livestream
- Topic: original research, honest post-mortems, things you 
 built and lost sleep over, unusual angles on familiar 
 - Anything you've wanted to give somewhere but it 
 didn't fit a "standard" CFP
- Q&A after, moderated by someone in the room

What we offer:
- A live, attentive audience that won't scroll Instagram 
 during your talk
- The recording stays yours. We publish it on our channel 
 with full credit and a link to whatever you want.
- A community that engages afterward — not business cards, 
 but real conversations on Telegram and email.

What we don't offer:
- Honoraria. No sponsors, no money, and no power to stop us now.
- Travel logistics.
- Marketing reach.

If you have a talk that's been sitting in your drawer because 
it doesn't fit the usual conference format, this might be 
its room.

Soft deadline: May 18. Submission — title, 
abstract (whatever length), preferred slot.

qqlan@ya.ru / @yoprtsorgs on Telegram
https://www.yoprst.me/

— Sergey, on behalf of ёprstcon organisers
Read more »
Posted by at No comments:

Tuesday, April 28, 2026

agent-audit

Forensic auditor for local AI coding agents (Claude Code, Codex CLI, OpenClaw) and project-surface scanner for repos containing skills, plugins, and MCP manifests. Reads session logs, configs, and instruction files, detects known-bad patterns using 296 bundled rules in total, including 167 static-file-applicable rules for scan-project, plus native ASAMM detectors, produces a report, and optionally cross-verifies findings using any combination of installed CLIs, direct API keys, or local LLMs.

https://github.com/scadastrangelove/agent-audit/
agent-audit is one of the implementation projects in the broader ASAMM effort. In ASAMM terms, this repo is the practical measurement and auditing layer: it turns agent-safety patterns into something you can run against real repos, local agent homes, session traces, skill collections, plugin registries, and MCP manifests.
Posted by at No comments:

Saturday, April 18, 2026

 

The Builder's Manifesto

Cybersecurity in a world where code is worth nothing

Another agent today.

It's all over Reddit, in every Telegram channel. "I built it over the weekend." "It found a 0-day." "It writes better code than me." Screenshots, demos, euphoria, panic.

Back in the late 80s, when we were pushing ASCII characters across endless green terminals in assembly and FOCAL, nobody thought this would turn into a trillion-dollar industry. We just wanted the machine to obey us, not the other way around.

Now it obeys itself. And we're not the ones making the rules anymore. The rules are making us.

Let's unpack this.

Read more »
Posted by at No comments:

Saturday, April 11, 2026

Agentic SAMM


While hunting Claude-planted RCE in Ouroboros, someone had a thought about spirals, Steps Into Infinity, and what OWASP SAMM is missing for agentic development. The result is ASAMM — a security framework extension for teams whose agents have already started biting back.

The core claim: SDLC is not a cycle. It is a spiral. Each iteration returns to the same phase — design, implementation, verification — but the system changed, the tools changed, and the threat model should have changed with them. Most do not.

https://github.com/scadastrangelove/asamm

What is inside:

Read more »
Posted by at No comments:

Sunday, March 22, 2026

The Confused Matrix

President Bramp of the United States stepped before the cameras at 03:17 Washington time.



https://medium.com/p/7016de25ab3e


Posted by at No comments:

Thursday, March 12, 2026

Mind the gravity

A black-box scanner sends its prayers into the dark.

Blackhole answers with pages, headers, flows, lies, half-truths, and—when needed—the unpleasant courtesy of ground truth.


Blackhole is a Python ASGI mock server for black-box scanner testing, education, and reproducible benchmarking. It serves vulnerable-looking behavior from replay profiles and explicit stateful mini-flows, while exposing a truth/scoring API to compare scanner findings against expected cases.

In other words: a scanner can hallucinate, overfit, panic, or boast. Blackhole keeps the receipts.

And every white hat should remember: all requests eventually fall into the black hole.
https://github.com/scadastrangelove/zhet-blackhole
Read more »
Posted by at No comments:

Wednesday, January 21, 2026

I JUST WANTED TO… GRAFUNA RED TEAM

Observability is about visibility.

Visibility works both ways. If you can see it, someone else can too.

This post is the polite version of a talk I gave. The impolite version is the repo.


https://github.com/scadastrangelove/zeronights2025-GRAFUNA 

Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)