Tomás F. @tomasfg

2026 reality check on privacy The FBI openly buys your location history from data brokers, no warrant needed, just cash for commercially available tracking data. Confirmed in Senate hearings this year. Meanwhile, massive breaches keep dumping SSNs, health info, and addresses (CarGurus: 12M+ users; others hitting millions monthly). Privacy teams are shrinking while AI quietly infers your health risks, politics, and future behavior from scraps of data. We now have more “privacy controls” than ever, toggles, consents, laws in dozens of states and the EU AI Act. yet actual privacy is collapsing. Smart devices listen. Cameras scan faces in public. Your data trains models you never consented to. This isn’t conspiracy. It’s policy, economics, and apathy meeting at scale. Governments and corporations treat personal information as a resource to buy, sell, or weaponize. Once your digital shadow exists, retracting it is nearly impossible. The dangerous shift: We’ve accepted constant surveillance as the cost of modern life. Every “allow” click normalizes it further. If privacy becomes a luxury only the paranoid or wealthy can afford, the rest of us live in a monitored panopticon by default. Concrete steps still matter: Use signal/encrypted tools where possible, minimize app permissions, support actual privacy-by-design defaults instead of theater, and question tools that demand your life story to function. But individual habits won’t fix systemic collection. Without real pushback, stronger defaults, limits on inference and brokering, accountability for buyers like law enforcement, privacy doesn’t “erode.” It gets deliberately dismantled one dataset at a time. What specific tracking have you noticed getting worse this year?

Ladies and gentlemen - here is a Notepad* RCE you've always wondered whether it was possible. msrc.microsoft.com/update-guide/v… *Well, the modern, AI-powered one.. Who could have thought that with more features you bring more bugs.

In our new blogpost, @noraj_rawsec shows how one can abuse Unicode characters to bypass filters and abuse shell globbing, regexp, HTTP query parameters or WAFs when #MySQL strict SQL mode is off 👇 synacktiv.com/en/publication…

The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP. By @Defte_ Writeup: sensepost.com/blog/2025/is-t… PR to impacket: github.com/fortra/impacke… Demo: youtu.be/3mG2Ouu3Umk

NetExec v1.4.0 has been released! 🎉 There is a HUGE number of new features and improvements, including: - backup_operator: Automatic priv esc for backup operators - Certificate authentication - NFS escape to root file system And much more! Full rundown: github.com/Pennyw0rth/Net…

GOADv3 🏰 is almost ready ! You can now try the v3-beta version 🥳 📂 Repository : github.com/Orange-Cyberde… 📖 Documentation : orange-cyberdefense.github.io/GOAD/ What's new ? 🧵👇

Find every sync users without privileged roles who own a privileged group : MATCH p = (u:AZUser)-[r:AZOwns]->(g:AZGroup) WHERE NOT (u)-[:AZMemberOf|AZHasRole*1..]->(:AZRole) AND (g)-[:AZMemberOf|AZHasRole*1..]->(:AZRole) AND u.onpremisesyncenabled RETURN p You'll thank me later

#FakePotato (CVE-2024-38100) post is out! Check out the short write-up on this unexpected vulnerability 😅 decoder.cloud/2024/08/02/the…

Excellent analysis from Santander's security team on fake SSH (CVE-2024-6387) exploits. The Wild West of Proof of Concept Exploit Code (PoC) santandersecurityresearch.github.io/blog/sshing_th…

One year ago, @T00uF and I did a talk at @_leHACK_ about DPAPI and #DonPAPI. Well, we've completely rewritten it to add a lot of new features. DonPAPI 2.0 available now 🚀 ▶️github.com/login-securite…

🎟️ ¡Las entradas para el Congreso Navaja Negra están a punto de salir a la venta! El 4 de junio, asegura tu lugar y aprovecha los DESCUENTOS EARLYBIRD para la edición Nº 12. ¡No te quedes fuera! #NN12ED 🖤💛

Goad small update ! 🏰 🥳 i added scenarios to complete some compromise path. - files with secrets in shares - gmsa account - asrep account on essos - write dacl on container - unconstrained delegation on user - protected user - sensitive user - ppl github.com/Orange-Cyberde…

Excellent research work for anyone interested in Wi-Fi security MiTM by exploiting cross-layer interactions between WPAs and ICMP csis.gmu.edu/ksun/publicati… #wifi #infosec #cybersecurity #wireless

keyboard_arrow_left Previous keyboard_arrow_right Next

Releasing a complete rewrite of "Understanding Windows Lateral Movements" - 71 more slides - Better explanations - Less errors and bad assumptions If you liked the 2019 version, you should check this one out Available at attl4s.github.io

keyboard_arrow_left Previous keyboard_arrow_right Next

Major GOAD refactor and update today 🥳 Add RDP bot user Add Webdav support Ansible inventory was refactored, you can now find it on the lab folder (ad/sevenkingdoms.local/inventory). And now you can easily build your own lab from the template : github.com/Orange-Cyberde…

Mindmap upgrade version 2023_02 thx to @Jenaye_fr and @DaahtK for the help. Full quality here : orange-cyberdefense.github.io/ocd-mindmaps/i…

(1/5) New kid in town 🔓 Following last week sudden regain of interest in KeePass trigger system abuse, I decided to prepone the release of KeePwn: an Impacket-based script dedicated to KeePass discovery and secret extraction for red teamers! github.com/Orange-Cyberde…

Looking for AD pentesting methodology ? Start with the great blogpost series from @M4yFly, a must read !

Mayfly @M4yFly

4 years ago

Goad writeup part 11 is up. This one is about acl/ace exploitation. mayfly277.github.io/posts/GOADv2-p…

8 96 313 0 81

Goad writeup part 11 is up. This one is about acl/ace exploitation. mayfly277.github.io/posts/GOADv2-p…

In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. 👀 sensepost.com/blog/2022/cert…