optional
@optionalctf
The proud owner of two brain cells. HTB with @barctf | OSCP, CRT, CRTL
قد يعجبك
Introducing C2structor, a deployment tool to automate red team infrastructure within AWS. Utilising Terraform and Ansible to allow for seamless customisation to each individual's use-case. Currently supports C2 deployment, redirectors and phishing inf. github.com/optionalCTF/C2…
[RELEASE] As promised, I’m releasing the first blog post in a series. It covers the gaps still present in current stack-based telemetry and how Moonwalking can be extended to evade detection logic and reach “on-exec” memory encryption. Enjoy ;) klezvirus.github.io/posts/Moonwalk…
Venom C2 tool drop! 🐍 During a recent red team engagement we needed a simple python agent that needs no dependencies to setup persistence on some exotic boxes we landed on. Some had EDR so we didn't want anything off-the-shelf. The server, agent, and client were made…
Labour's 1984 shit show is already showing cracks and backfiring. Can't wait to see the shit show Digital ID gets compromised because they rushed to implement something no one wants...
Discord has begun sending e-mails notifications about a cybersecurity incident which occurred September 20th, 2025. It appears people who submitted support tickets are the ones primarily impacted. Literally peoples entire identity stolen from this shit
It gets better ;) I totally forgot about this little persistence method, lol
Hahaha, wow... 😮 If you leave App passwords enabled and enforce MFA through per-user MFA, the MFA enrollment wizard actually makes the user to create an app password 🤯
AWS quietly updated T&Cs to ban “Fireprox”style use of API Gateway closing a handy pentest trick. @ZephrFish and @turvsec already rolled alternatives such as Omniprox and Flareprox. Banning tools only hampers legit testers, attackers will proxy anyway.
This release is probably going to be one of our biggest and most impactful! Kudos to the team @peterwintrsmith @modexpblog @s4ntiago_p @GigelV41464 @saab_sec 🙌
PDQ SmartDeploy versions prior to 3.0.2046 used static, hardcoded encryption keys for cred storage. Low-privileged users could potentially access admin creds from registry or deployment files. @unsigned_sh0rt unpacks his testing in his latest blog post. ghst.ly/4mjyuvw
Developing a scriptable (pwndbg-like) debugger for windows. Few more things we need to iron out but will be releasing soon 🐸
Here’s my slides from today’s “Regex For Hackers” talk at DEFCON with @NahamSec, bookmark this for some exciting news in the near future docs.google.com/presentation/d…
Had an awesome time at #DefCon 33. Lots of new discoveries, first time speaking at the #redteamvillage along with @zer0phat and met lots of cool people. Looking forward to the next one!
💻 ModuleOverride – Changing a Tyre Whilst Driving – @zer0phat & @kreepsec teach process injection using existing memory sections to run malicious shellcode. Hands-on demos and detection strategy discussions at @redteamvillage_ during @defcon 33! ⚡
Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257.... labs.watchtowr.com/pre-auth-sql-i…
PSA to anyone struggling, don't be told that "you're just worried", "you're just feeling sad", "you're overthinking things"... depression, anxiety, OCD, ADHD, Autism are killers. Talk, and advocate for yourself!
Finally landed on an OCD diagnosis yesterday, the fucking relief is unreal. Not like it's a shock, but it's been a loooooong time to get to this point. Look after your mental health h4xx0rz! youtube.com/watch?v=NDBRjB…
youtube.com
YouTube
Sick In The Head
Nothing like scratching the bug bounty itch with several crits to end the night. Now to rest ready for Steelcon
Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…
I'm teaching an intro to cloud security workshop on July 11th. This is a pay what you can course so you can take it for free. I'll also be teaching the full version of my Breaching the Cloud course at @WWHackinFest in October. Registration links below: Workshop:…
antisyphontraining.com
Workshop: Introduction to Cloud Security - Antisyphon Training
Join us for this pay-what-you-can, hands-on, virtual workshop with Antisyphon Instructor, Beau Bullock as he provides a foundational understanding of cloud security, exploring essential concepts and...
if you're looking for a @Pocket replacement, I built Obsidian Web Clipper — it's open source and works with any app that supports Markdown (not just Obsidian)
United States الاتجاهات
- 1. Seahawks 30.8K posts
- 2. Rams 41.3K posts
- 3. Puka 29.5K posts
- 4. Salem 27.6K posts
- 5. #TNFonPrime 2,505 posts
- 6. Kenneth Walker 1,318 posts
- 7. Sam Darnold 2,351 posts
- 8. Kennedy Center 95.9K posts
- 9. Jalen Johnson 1,872 posts
- 10. Hornets 5,665 posts
- 11. Jobe N/A
- 12. McVay 2,659 posts
- 13. Hunger Games 55K posts
- 14. Terrance Ferguson N/A
- 15. New Hampshire 10.9K posts
- 16. Colby Parkinson 1,700 posts
- 17. Trae 15.1K posts
- 18. #LARvsSEA N/A
- 19. Kubiak N/A
- 20. Lamelo 3,613 posts
قد يعجبك
-
Brett Buerhaus
@bbuerhaus -
dawgyg - WoH
@thedawgyg -
HackerSploit
@HackerSploit -
Pentester Land
@PentesterLand -
Rana Khalil 🇵🇸
@rana__khalil -
Nicolas Grégoire
@Agarri_FR -
Tib3rius
@0xTib3rius -
André Baptista
@0xacb -
Somdev Sangwan
@s0md3v -
STÖK ✌️
@stokfredrik -
Suraj
@PwnFunction -
Patrik Grobshäuser
@ITSecurityguard -
MorningStar
@0xMstar -
spaceraccoon | Eugene Lim
@spaceraccoonsec -
PinkDraconian
@PinkDraconian
Something went wrong.
Something went wrong.