
rootsecdev
@rootsecdev
Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
You might like
Just wanted to remind everyone. Azure Cloud training does not need to be super expensive. You just need to know where to look. Because that is what hackers do. #Azure #Cloud #Hacking Books: amazon.com/Penetration-Te… Labs: github.com/iknowjason/Awe… Free SANS Courses (on demand):…
New blog out! It’s not rocket science, but if an attacker has access to Front Door WAF and Log Analytics, they could be skimming plaintext credentials from users thanks to Front Door’s verbose logging.

Your Web Application Firewall (WAF) sees EVERYTHING 👁️ In our new blog, @nyxgeek demonstrates how an attacker with access to #Azure Front Door’s WAF and Log Analytics can potentially skim credentials from a site behind the WAF. Read it now! trustedsec.com/blog/skimming-…
Your Web Application Firewall (WAF) sees EVERYTHING 👁️ In our new blog, @nyxgeek demonstrates how an attacker with access to #Azure Front Door’s WAF and Log Analytics can potentially skim credentials from a site behind the WAF. Read it now! trustedsec.com/blog/skimming-…
I hear some folks in IT may have a banger of a weekend

Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail | by Kevin Beaumont | Oct, 2025 | DoublePulsar doublepulsar.com/red-hat-consul…
Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite, according to researchers who spoke with CyberScoop. scoopmedia.co/432c7D1

Join @Carlos_Perez for our next webinar on October 15 at 1:00PM. We'll draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has encountered in the field. Secure your spot now! trustedsec.zoom.us/webinar/regist…

As it turns out AWS not only made changes to their TOS, they are actively enforcing them. Thus, the current public release of TeamFiltration has been rendered more or less useless for enum and spraying EntraId tenants.
I recently ran into this when I was attempting to expose an access token to a container registry. I got denied... then when I get to looking at things... its not on a private endpoint and I should have access to any network to exfil containers. Nope. This is some hotness on…
I heard @_dirkjan is going to be its own Mitre ID in itself. Loving @DrAzureAD talk on Token Theft Protection. youtube.com/watch?v=YlPkCX…

United States Trends
- 1. Bears 88.5K posts
- 2. Jake Moody 13.4K posts
- 3. Snell 23.7K posts
- 4. Falcons 50.8K posts
- 5. Caleb 48.7K posts
- 6. Bills 140K posts
- 7. Josh Allen 26.2K posts
- 8. #BearDown 2,335 posts
- 9. Jayden 22.7K posts
- 10. Swift 289K posts
- 11. phil 169K posts
- 12. Ben Johnson 4,344 posts
- 13. #Dodgers 15.1K posts
- 14. Joji 27.7K posts
- 15. Turang 4,263 posts
- 16. Troy Aikman 6,341 posts
- 17. Roki 6,084 posts
- 18. Bijan 32.4K posts
- 19. #RaiseHail 8,431 posts
- 20. Happy Birthday Charlie 6,023 posts
You might like
-
DirectoryRanger
@DirectoryRanger -
Will Schroeder
@harmj0y -
inversecos
@inversecos -
S3cur3Th1sSh1t
@ShitSecure -
Grzegorz Tworek
@0gtweet -
ςεяβεяμs - мαℓωαяε яεsεαяςнεя
@c3rb3ru5d3d53c -
Sean Metcalf
@PyroTek3 -
5pider
@C5pider -
Dr. Nestori Syynimaa
@DrAzureAD -
Olaf Hartong
@olafhartong -
Charlie Bromberg « Shutdown »
@_nwodtuhs -
mr.d0x
@mrd0x -
Mehmet Ergene
@Cyb3rMonk -
mpgn
@mpgn_x64 -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid
Something went wrong.
Something went wrong.