Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jack Cable Profile picture
Jack Cable
@jackhcable
Ethical hacker. CEO & Co-founder @CorridorSecure. Prev: @CISAgov @HSGAC @KrebsStamos @TrustVanta @DefenseDigital. @Stanford CS.
Jul 8 7 tweets 2 min read
Update: @cluely filed a DMCA takedown for my tweet about their system prompt, alleging that it contained "proprietary source code"

Making legal threats against security researchers is not a good look, and I encourage Cluely to reflect on this and open doors to researchers. 🧵 Image Cluely alleged that my tweets contained "proprietary source code". But:
1. This didn't require any circumvention. Every Cluely user at the time of my Tweet had a copy of the prompt on their computer (and it's still available at )github.com/cluely/release…
Jun 21 4 tweets 2 min read
I reverse engineered @cluely – and their desktop source code exposes their entire system prompts and models used.

What's inside? 🧵 Image Cluely instructs the prompt to "NEVER mention the specific LLM providers", but we can see that Cluely uses GPT 4.1 (in most cases) and can also use Claude Sonnet 3.7. Image
May 5, 2023 12 tweets 5 min read
Excited to share new research with Ian Gray, Ben Brown, Vlad Cuiujuclu and Damon McCoy.

This is the first in-depth peer-reviewed research into the Conti leaks. We mapped over $80 million in new payments to Conti.

Read the paper:

Some takeaways 🧵 arxiv.org/abs/2304.11681
Image This paper was published as part of the APWG Symposium on Electronic Crime Research, for which we received the best paper award.

May 13, 2022 5 tweets 4 min read
Excited to be presenting work @stanfordio by @f00th0ld, @GSmaragdakis, and myself analyzing the ransomware payments ecosystem (based on $101M in payments from @ransomwhere_!)

See agenda at cryptosymposium.org

Read the preprint at arxiv.org/pdf/2205.05028…. Some takeaways 👇 Image While ransomware has been around a while, the advent of Ransomware as a Service (RaaS) has led to a massive increase in profit for ransomware cybercriminals. Image
Jul 8, 2021 6 tweets 2 min read
Today, I'm excited to launch Ransomwhere, the open, crowdsourced ransomware payment tracker. Check out the site and contribute data at ransomwhe.re and follow @ransomwhere_ for updates.

Thread on where I see this going: Today, there's no comprehensive public data on the total number of ransomware payments. Without such data, we can't know the full impact of ransomware, and whether taking certain actions changes the picture.

May 13, 2021 11 tweets 4 min read
Just finished 2x read-through of the new Executive Order. The EO can significantly shift not only how the federal gov treats cybersecurity, but also the state of security across industry and broader public sector. A thread on what I’m hoping to see from it. 🧵 First: CISA! @CISAgov is at a defining moment coming out of 2020 as a several years-old agency. The EO entrusts CISA with well-deserved responsibilities, and this will further elevate its role leading the charge to secure the federal gov and critical infrastructure.
Apr 19, 2021 7 tweets 3 min read
Read this bipartisan letter from election officials charting a path forward for CISA to keep fighting disinformation about electoral processes.
CISA has gained remarkable trust from election officials in a few years. Why? Election security is not political
sos.state.co.us/pubs/newsRoom/… Remember where we came from: in 2017, the National Association of Secretaries of State passed a resolution opposing the designation of elections as critical infrastructure, expressing concerns in interfering with state sovereignty over elections.

static.politico.com/21/52/bbea4304…