TechByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔ ⚠️
@techbytom
Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.
Potrebbero piacerti
This article explores a novel attack technique that combines Ghost SPNs and Kerberos reflection to elevate privileges on SMB servers, highlighting a critical gap in traditional detection methods. It details how attackers can exploit stale or misconfigured Service Principal Names…
Aardvark is a labor of love and mission for the whole team. We are super excited to bring it to you. Sign up for the beta immediately!!!
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. openai.com/index/introduc…
Just yesterday, I’d get chastised for hacking and told it’s not allowed if I asked @OpenAI for this functionality.
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. openai.com/index/introduc…
I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…
I merged a PR from @ScoubiMtl that now includes compatibility with BHCE. Thanks @ScoubiMtl ! github.com/hausec/Bloodho…
github.com
GitHub - hausec/Bloodhound-Custom-Queries: Custom Query list for the Bloodhound GUI based off my...
Custom Query list for the Bloodhound GUI based off my cheatsheet - hausec/Bloodhound-Custom-Queries
GrapheneOS always uses a hardware memory tagging for the Linux kernel, all of the base OS processes with a couple exceptions and third party apps known to be compatible. Users can enable it for all third party apps with a toggle. How it's being used also matters quite a lot.
Number of calls != amount of support time. I’m not saying passwords and their problems are a thing we should have to deal with, but be careful with how you contextualize statistics.
🔐 Password resets account for nearly 40% of help desk calls, costing orgs time and money. @SpecopsSoftware’s uReset lets users reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification. ➡️ bleepingcomputer.com/news/security/… #sponsored
I dumped a lot of hours into this back in the day. Definitely need to give it a revisit.
Descent started life as an Apogee game. About 16 months into development we sold the publishing rights to Interplay, to allow us to better fund and focus on our internal Build engine games. I knew Descent was gonna do super well, and still regret that we had to sell the…
Back in July, Neeraj Gupta introduced DeepPass2, a smarter secret scanner that finds both API keys/tokens & contextual passwords using BERT + LLM validation. The model & tool code are now live! Model ➡️ ghst.ly/3KTLkmm Code ➡️ ghst.ly/3L96jS5 🧵: 1/2
Heard about infosec githubs getting taken down. Dunno if that's an ongoing trend, but either way, might be a good time to grab a backup. You can make a backup of ALL your GitHub data by using the export feature. Settings > Account > Export account data
Same
I have a mental illness that makes me think that people will change their minds if I present the correct arguments with the appropriate facts and data.
I love this concept.
🍎 This is probably the king of all CTFs. Apple has introduced a concept of achieving "target flags" (built-in in their OS) in their #bugbounty program similar to CTFs. They are giving up to $2M (zero click exploits) for finding the flags 🔥
Yoooo can’t believe I missed this - love it It’s on my list to do something with domains & the cli, here was a TUI I prototyped with opentui that I want to get published
Gross.
BREAKING: Microsoft says it'll block you from setting up Windows 11 with a local account. A Microsoft account is now a requirement during OOBE (out of the box experience). Microsoft says a local account does not allow Windows 11 to set up properly, and users skip "critical…
Normally I use patch_review.py for my monthly reporting on patch Tuesday patches. @KevTheHermit did an amazing job with it. But since I'm more of a PowerShell guy, I finally came around and moved the codebase to ps1. If you like #PowerShell feel free: github.com/f-bader/MSRC-P…
SockTail - a small binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy on port 1080. It's meant for red team operations where you need network access into a target system without setting up port forwards or noisy tunnels. github.com/Yeeb1/SockTail
Make sure to turn off AV when running installers 😉
SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows installer and update processes to elevate privileges. github.com/hackerhouse-op…
United States Tendenze
- 1. Good Sunday 57.4K posts
- 2. Dodgers 819K posts
- 3. #sundayvibes 4,546 posts
- 4. Nigeria 866K posts
- 5. World Series 440K posts
- 6. Talus 20.6K posts
- 7. Scott Adams 2,296 posts
- 8. Yankees 17.5K posts
- 9. Blessed Sunday 16.2K posts
- 10. Yamamoto 256K posts
- 11. All Souls Day 5,034 posts
- 12. Daylight Savings Time 7,007 posts
- 13. Standard Time 9,523 posts
- 14. Carlos Manzo 370K posts
- 15. Oakley 2,269 posts
- 16. Will Smith 57.1K posts
- 17. jungkook 400K posts
- 18. Harrison Ford 12.4K posts
- 19. NYC Marathon 1,504 posts
- 20. Miguel Rojas 49.7K posts
Something went wrong.
Something went wrong.