@StarkatSecurity @splendid_hf Cybergibbons 🚲🚲🚲 Much of hacking is about understanding systems better than those who built them, and using that knowledge to do what is supposed to be "impossible".

I’m a little concerned that the weather for Kawaiicon is going to trick everyone into thinking that this is what a Wellington winter is like

New blog post: Golang code review notes - A quick summary of some of the bug classes in Go elttam.com/blog/golang-co…

Sometimes it’s not you, it’s them 🙄😂😭 #academia

You: "Why even try to do cybersecurity if hackers are computer geniuses" Actual hackers:

Nick Schadegg 9News Queensland I'd be so embarrassed if I was his mum. Imagine your son working for channel 7 or 9 as a gutter journo. I'd disown him.

The good people at PentesterLab have again given us 8x 12 month, 8x 3 month and then also a bunch of one month subscriptions for prizes and giveaways through #WACTF! 🙏🙏🙏

This is gonna be a “won’t fix” from us, so will be a reliable signal for threat hunting. If you expose your control interfaces you deserve to get a caught :-)

would be pretty hilarious if twitter disappeared and i went on to lead a peaceful life full of meaning and beauty. like lmao

Thanks to a lot of help from C Sto and his BananaPhone repo, I was able to get indirect syscalls to work in go! github.com/susMdT/go-indi…

You've seen Advent of Code, now get ready for Ramadan of Code. It's 30 days of no coding.

yes, please do enlighten me. email me at [email protected]

My advisor is buying me a new laptop. I just learned that the delivery is going to be intercepted by Penn so they can “set up the machine”. I pressed, and they said they were installing spyware software called CrowdStrike.

to all audiophiles out there

New blog post: PwnAssistant - Controlling /home's via a Home Assistant RCE elttam.com/blog/pwnassist…

We were looking at Home Assistant as a team recently and identified a Critical pre-auth vuln that led to RCE (CVE-2023-27482), have a read of the discovery process and details #homeassistant #CVE

From the top: Snaffler not Snaffle, they didn't mention Princess of PowerShell , it isn't an AD audit tool, it doesn't help with "collection analysis and reporting" of pentest data, it's still not called snaffle, it's not especially user friendly, it doesn't collect network and system (1/n)

Operational security is always a big topic in the information security industry, but I doubt most red team consulting firms consider the importance of program security. Tooling and techniques leveraged in one operation can directly affect the security and success of another

C Sto And for anyone that doesn't want to read the blog post, the tooling is here: github.com/redskal/obfusc…