🌐 Attention Network Defenders! 🚀 Introducing the Eviction Strategies Tool, a game-changer for cyber defenders in #IncidentResponse. Through Playbook-NG & COUN7ER, it helps create tailored containment & eviction plans—even in live crises. 👉cisa.gov/resources-tool…

Just completed the #CloudHuntingGames by @Wiz_io! 🚀 It was a cool experience exploring Cloud IR: cloudhuntinggames.com/certificate/ex…

tmux, where have you been all my life? list-sessions and attach-session are obvious, but send-keys is awesome 🙌The screenshot shows EDRmetry Pulse interactive extension of a single offensive test with manual intervention 🙆‍♂️

The talk about Architecting Security Onion for Enterprise Resilience sounds super interesting 👏

We (+Nir Ohfeld) found a critical vulnerability chain in NVIDIA's Triton Inference Server (CVE-2025-23319) that can lead to full Remote Code Execution (RCE). An unauthenticated attacker can remotely take over the server, a cornerstone of many AI/ML production environments. 🧵

elfspirit - ELF static analysis and injection framework that parses, manipulates, patches, and camouflages ELF files github.com/secnotes/elfsp…

Cloudlens - Explore AWS and GCP services like EC2, S3, IAM, VPC, VM, Storage directly from your terminal 😃 github.com/one2nc/cloudle…

Linux >=6.9: broken AF_UNIX MSG_OOB handling causes UAF read+write project-zero.issues.chromium.org/issues/4230239…

This is one of those types of presentations I love. They remind me of the style of The Hacker Playbook - Practical Guide to Penetration Testing. I've already made some initial notes; now it's time to explore tools I haven't seen before, and they're definitely worth checking out!

I'll be giving my first BlackHat talk at Arsenal Station 5 this morning at 10AM PST. If you're interested in hearing about how AI can be operationalized into the tooling of your favorite command and control framework, swing by 😊 blackhat.com/us-25/arsenal/…

We engineered an attack against GitHub Copilot to add a hidden backdoor via a malicious GitHub issue. See if you would’ve fallen for it: blog.trailofbits.com/2025/08/06/pro…

If your agent gets flooded - detect the flooding. If code gets obfuscated - detect the obfuscation. If ETW gets silenced - detect the silence. If the EDR gets killed - detect the killing. If logs get cleared - detect the clearing. The act of hiding is often more suspicious than

I’m using this on a set of web servers. THOR Cloud runs daily scans, and if a web shell or reverse shell gets dropped, I get an alert in Slack - no manual checks needed. Here’s how to set this up yourself 👇 How to get notified shortly after a web shell lands on one of your

Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k Article by Crusaders of Rust about exploiting a UAF in the network packet scheduler. Researchers manipulated red-black trees to achieve a page-level UAF and escalate privileges. syst3mfailure.io/rbtree-family-…

Good stuff 👏 - Jibril Runtime Security v2.4, featuring Reactions system that transforms passive monitoring into active defense jibril.garnet.ai/customization/… #linux #blueteam

Another Linux eBPF-based agent for security monitoring in the game - Bombini - built on top of Aya library github.com/bombinisecurit…

Dropped a new blogpost. CVE-2025-52970: how I turned a limited, blind OOB read primitive into a full authentication bypass in one of Fortinet’s products :) pwner.gg/blog/2025-08-1…