Embedding files in HTML with data URIs enables dropper/file smuggling techniques without relying on JavaScript. <a href="data:application/zip;base64,YOUR_BASE64_HERE"download="example.zip">Download ZIP File</a>

Excited to share Hai vaknin and mine latest exploration into #AzureStorageAccounts! 🚀 Discover how Read/Write permissions can be exploited for privilege escalation & lateral movement. 🔗 tinyurl.com/azstorageaccou…

ZOMG, I am seeing people who self-brand as "cybersecurity influencer" on LinkedIn... NON IRONICALLY. OMFG. How exactly we arrive here? :-)

Following my last tweet on Event 5007 about low-privileged users being able to see exclusion paths, I found something even cooler! Using MpCmdRun.exe -Scan -ScanType 3 -File "<path>" reveals if a path is excluded. If excluded, MpCmdRun.exe skips the scan and you get a popup. If

Amazing

Uncovering critical vulnerabilities in D-Link routers felt like they were left there intentionally! Yehuda Smirnov #CVE #mitre #dlink

Eleven children killed while playing soccer Eleven children killed while playing soccer Eleven children killed while playing soccer Eleven children killed while playing soccer Eleven children killed while playing soccer Eleven children killed while playing soccer

Just found a new, smarter way to reveal Defender exclusion paths using MpCmdRun.exe-way better than the old Event Log 5700 method. Always cool to level up the game! 🔥 You can check it out on our new blog, Friends & Security: blog.fndsec.net #CyberSecurity

Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them

116-112 - all three judges from Ukraine ? lol

The last time PlayStation servers were down this long, millions of credit card details got stolen. Just saying… 🤔🎮

Excited to speak at Blue Hat IL 2025! I’ll be showcasing SharpExclusionFinder, a tool we built to uncover endpoint security exclusion paths without admin rights. Because sometimes, the best way to break security… is to just read what’s already there. 😏 See you there! 🔥

Been digging into ways to bypass SentinelOne . Anyone explored interesting techniques lately?

CONTEXT-only injection No VirtualAllocEx. No WriteProcessMemory. We show how pure register-/stack manipulation can: Load a DLL with a pointer-only LoadLibrary call Spin up a remote thread via NtCreateThread that self-allocates & self-writes inside the target Chain APC-safe

Don't miss RedirectThread from Yehuda Smirnov, Hai vaknin, Argentix, and Noam in this edition!