The more eyes the merrier...

So much fun this morning, a Microsoft signed #mimikatz Thank you Johnny Shaw for your research and a such beautiful code Now, will wait for people to understand that the "source file" can be really another thing than a file on the disk

Tremendous news everyone (in offsec)! There's a bypass for the new GuardDuty InstanceCredentialExfiltration finding! It's via VPC endpoints! (I caution this is with limited testing)

If it's useful for anyone, I'm making my AWS API client public. This is what I used to uncover two XSS vulns in the AWS Console and is based off the silent permission enumeration research I did a while ago. I have to stress it is VERY hacky software. github.com/Frichetten/aws…

Well that was a very difficult but fun exploit to write. We've reported to Linux and will do a write-up soon (David Bouman and myself). Details redacted since it's not patched yet.

I wrote up some thoughts around using stolen IAM credentials. This covers how to check if they are valid, how to use them, and covers some operational security concerns along with some potential tips for defenders to detect shady activity. hackingthe.cloud/aws/general-kn…

Some tips on crafting your submission to KubeCon / CloudNativeCon, from my perspective as a previous program committee member reading them: 0. No sales pitches. We eject them first. You waste a little of my time and a lot of your time even typing one in.

After 3 years of development, today we proudly announce & celebrate the first release of a new hypervisor-based user-mode & kernel-mode debugger, HyperDbg. 🎉 As an alternative to #Windbg, HyperDbg is mainly built for analyzing, reversing, and fuzzing! github.com/HyperDbg/Hyper…

So, that’s a fun conversation to read…

In case you missed it, Charlie Clark and Andrew just released some _awesome_ work that just landed into Rubeus' master branch- "Diamond Tickets"! Check out more details at semperis.com/blog/a-diamond…. Great work Charlie and Andrew!!

Diamond #kerberos attack now part of #Rubeus. Original research by Tal Be'ery & Michael Cherny

Cooperation is a key. Very much agree. Truly hope that In the open source age it can actually happen. So much redundant work is done over the years by security industry to overcome “traceability” shortcomings of vendors.

New cloud security research! We found a vulnerability in AWS AppSync that allowed us to trick the AppSync service to assume roles in other accounts, allowing us to access their resources. securitylabs.datadoghq.com/articles/appsy…

My awesome colleague Nick Frichette has found a cross-tenant vulnerability in AWS AppSync, allowing an attacker to access data in victim's accounts. Write-up: securitylabs.datadoghq.com/articles/appsy… AWS security bulletin: aws.amazon.com/security/secur…

Well structured and easy to understand. Like when potentially complicated subject is made approachable.

I am really not sure why that *truely* a surprise. We should be sad, but actually this is one of those “not again!!!” sort of things…

Truly impressive and inspiring presentation it was. Kudos Benny Zeltser and Jonathan Lusky

Very interesting talk. Thank you Hyrum Anderson .

Exciting news! Tracee's new version v0.13.0 is here, and it brings a brand new user experience through policies. With policies, you can easily define rules for specific workloads. Check out the release notes for more info! github.com/aquasecurity/t… #Tracee #eBPF #RuntimeSecurity

We've recently launched VEX Hub, and today we have its first contribution from Rancher! Now Trivy users who scan Rancher projects (k3s, longhorn, harvester, etc) will get the most accurate vulnerability reports, post Rancher team's vulnerability triage. Additionally >>