Browser exploits don’t always succeed.
In @medioxor's latest blog post, he breaks down Chrome V8 memory corruption exploits and shows how failed attempts can leave detectable artifacts in renderer crash dumps enabling proactive detection.
Check it out ⬇️ ghst.ly/4kvM8v7
The biggest problem in #infosec isnt less skilled people or cost of security, its the ego of leadership or top level managers who value their pride so much more over productivity and results, that they are ready to take down the company with them just to bolster their ego.
Howdy!
I am collecting some statistics for a project and wanted to hear from yall.
How many hours does you/your team spend on:
1. Planning/deploying/configuring infrastructure for red team operations
2. creating/configuring payloads for red team operations
Any info helps!
Lol basically bug bounty platform guy that does fuck all is pissed because the customer can get bugs without their platform.
I’ve had many times where I tried to disclose and the company just refers me to their Bugcrowd. We technically should have right to refuse use of any platform to disclose.
Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: pentestpartners.com/security-blog/…
🧵Some of my favorite LDAP queries. I let you all infer which tools to use them with. Most of these are from places around the web, nothing new. Just a list.
1. Find all DCs:
(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
This was going to be a short post that I wrote up in like an hour yesterday morning, but there seems to be some interest in this so I'll flesh out the idea a bit more after my 40 mile ride today, stay tuned
Wrote up a blog about using Frida to emulate EDR capabilities, both for testing offensive code and developing detections. It feels like a supercharger when you can develop detections and bypasses super quickly without tons of overhead. Might post it next week.
It's crazy how little MFA on an internal network does. I need DUO to RDP to the server.
OK. I'll just use crackmapexec or smbexec and execute everything that way...
1 Followers 171 FollowingRecruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/gm07Jl773X
2.4M Followers 2K FollowingOpen Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
17K Followers 290 Following🐴Pwnie Award Winning & Nation State funded psyop featuring 6 AI Anime Waifus and a Pup™ singing about APTs, Grifters, & Snake Oil in InfoSec
🖤🩷💚💙💜🤍
291 Followers 258 FollowingI break things, occasionally on accident.
Christ Follower, Father, Wheaton football alum, Veteran
I have been known to hack for chick-fil-a.
185K Followers 3K FollowingJUNE - L’CHAIM - TRANS DISINFO INFLUENCER - host of https://t.co/xgwrwxPCMc and https://t.co/EQX9r52yiX podcasts - social media at https://t.co/lDuPqscjXt
4K Followers 406 FollowingRed Teamer & Security researcher
Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo
bsky: https://t.co/zISpgvDSWc
1K Followers 324 FollowingDon't hate me 'cause I'm beautiful.
I like breaking shit.
Red Teamer & PenTester.
Cat lover.
NetExec maintainer.
CPTC Director & Apps Team Lead.
58K Followers 3 FollowingOfficial account maintained by the CVE™ Program to notify the community of new CVE IDs. Posts contain abbreviated details. Full CVE Records on https://t.co/ALn4YvUtom