We have seen many tweets recently about silly malware concepts like "syscalls", "unhooking", or "obfuscation". Here is our #1 #RedTeamTip to avoid EDRs. Use an RPG-7 to obliterate the computer. The EDR cannot detect your malware if the computer is not operational

sqli go brrrr

unauth sqli go

I found 2 Blind time-based SQL Injections in X-Forwarded-For: header just using Burp Intruder. Made a list of 500+ HTTP request and tested one by one for 3+ hours, here is the result.. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z #BugBounty

in-n-out burger 😅

We lost a lot of good #security industry folks today at Rapid7. I know of some incredible (and incredibly kind) researchers, software devs, offsec engineers, support team members, and consultants (IR, pen testing) who are looking for work right now — trawl LinkedIn + hire them <3

I feel this every time I have to reboot my printer because it won’t print.

stored xss go brr?

bending over backwards for a client who didn’t read the SoW is fuckin wild

me with these xss vulns

i mean there’s tons of other reasons to stop using this ram hungry app but add this to the list i guess

why ppl so afraid to use password managers? i promise it’s more secure and easier to use than your notes app

fun fact: the 16” mbp is heavy enough to activate the passenger airbag in a q5

me takin over the network:

cve? from me? we’ll see

when you SSH into a server and the last login shows a location you’ve never been to