security.googleblog.com/2025/11/rust... > We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code Wow

Here's the reality: the authoritative sources of truth in the coming decade will not be state-run. They will be decentralized, redundant, peer-reviewed, and often contrary to the state's narrative. And it's crucial we keep that fire alive.

BloodHound v8.0 is here! 🎉 This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID. Read more from Justin Kohler: ghst.ly/bloodhoundv8 🧵: 1/7

so used to the bus that when I got off the train, I looked back and shouted "thank you!'

found the malware author

Working on an MCP for sliver. Can't wait to see how LLMs red team

made a ceramic strawberry matcha set right before the studio closed. time to get back to cyber

spent 8 hours at the pottery studio today

as far as I know, these are numbered sequentially. I love the idea of a senator waiting for the right number to submit a bill

The American public:

Claude stops itself from using potentially dangerous binary "for security reasons" and then immediately comes up with a workaround lol

In the process of trying to figure out how claude code implemented their user input features / repl, I found this little easter egg in the code

This competition had tons of vulnerabilities, backdoors, rootkits etc. for the blue team to detect and defend against. I put all the ansible and terraform for deploying on my GitHub github.com/Adamkadaban/...

red teaming against the blue team novices today

I asked claude code to help me fix some unit tests, and it ended up just deleting all the tests and replacing them with this 💀

Found out recently that my apartment complex has this gorgeous 200 dollar scrabble board from Anthropologie. Game from today

"so I made a chrome plugin to patch Google maps and still show 'The Gulf of Mexico' as the world's smallest form of protest" youtu.be/F5m2JxplnXk?...

Woah since when did HTB have assumed breach machines 🤯

Go supply chain attack taking advantage of Google's Go mirror proxy. socket.dev/blog/malicio...

My recent annoyance with overleaf's docker-compose has led me to discover my new favorite persistence technique. Privileged container with a RestartPolicy of "always"

It traps AI crawlers and sends them down an "infinite maze" of static files with no exit links, where they "get stuck" and "thrash around" for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. #AI #ML #malware

In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests! www.synacktiv.com/publications...

it says a lot about an industry if a free and open source alternative to every product on the market can destroy 1 trillion dollars of “value” in one day lol

Phishing with a little salt…

In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...

This is pretty cool. Nice way to automatically get IoCs from malware samples github.com/RussianPanda...

The Cybersecurity and Infrastructure Security Agency (CISA) safeguards our nation against cyber attacks, including those targeting our elections. Project 2025 contains a push to gut CISA - threatening the our elections and national cybersecurity. ⤵️

Great feature from @jessicalyons.bsky.social on Trump's infosec policy, or lack of it. Dumping many talented security folks from unpaid advisory committees is bonkers.

ADCS honeypot. One more thing I'll have to add to my lab github.com/srlabs/Certi...

archive.org for the white house constitution page. why do I feel like they just deleted everything that was changed in the last 4 years?

Carrie Underwood has gone from singing disapprovingly about an unfaithful man to singing approvingly *to* an unfaithful man.

in related news, swampctf 2024 has now been statically archived at 2024.swampctf.com!

left a subdomain with a dangling DNS record for one day and someone took it over 💀

AWS introduced same RCE vulnerability three times in four years www.reddit.com/r/netsec/com...

Someone on LinkedIn posted something claiming that Crowdstrike only has 14% threat detection and SentinelOne has less than 1%. I was skeptical and replied. It seems comments have been disabled and my comment has since been deleted 💀

Better opsec too 🙌 Time to start working on new detection rules

Recently discovered that the gnome music player app is actually pretty nice

52 hour runtime of bofhound is making me wonder if i could have done a rust rewrite in that amount of time

Two new modules for MSSQL on NXC, thanks to the contributions of @lodos2005.bsky.social and @adamkadaban.bsky.social 🔥 - rid-brute from mssql - mssql_coerce from mssql github.com/Pennyw0rth/N...

Oh by the way

Crypto user convinces AI bot Freysa to transfer $47K prize pool https://cointelegraph.com/news/crypto-user-convinced-ai-bot-transfer-47k

lol

Wow, it looks like the linpeas.sh logging was only added on November 15th. Commit c94c930ce91b21761712e9bb6ca672f9b8e9797b I'm honestly surprised people caught it so quickly

Small technical update: Impacket and therefore NetExec now support LDAP Channel Binding🔥 Finally you can use all the great features NetExec has to offer even in more mature environments

had to confront my roommate about something and my heart rate spiked so much 💀 clearly I can't handle conflict

I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/K...

Apparently i was very active on twitter in 2022 tweetplot.streamlit.app

VulnLab always teaches me something. TIL, it's possible to enumerate domain users and groups via MSSQL, even with just a normal MSSQL account. Just made a PR to add rid-brute functionality to netexec github.com/Pennyw0rth/N...