bsides.london #Security #BSides #London #BSidesLDN2025

Episode 22: Social Engineering, Gas Mark 4, and AGAs with Rachel Tobac! Tib3rius & Andy Swift are joined by Rachel Tobac to talk social engineering war stories...and more! Links below!

Tib3rius Andy Swift Rachel Tobac Spotify: open.spotify.com/show/3PeV2Fhf8… Apple Podcasts: podcasts.apple.com/us/podcast/acr… Amazon Music: music.amazon.com/podcasts/cfa20… YouTube: youtube.com/channel/UC5L2Q…

Not my usual pool but... I'll take it! Spot the nob head swimmer 😂

Sometimes in exploit development we will find a buffer that is vulnerable to buffer overflow; but lacks size to place a shellcode. In comes Egg Hunters. We attach a phrase unlikely to be found in the virtual address space to our shellcode and try to find other areas in memory

People shouldn’t be scared by this CrowdStrike report. I don’t even know why they added the “AI-enabled ransomware” part -probably a PR idea that nobody stopped The real issue is wrong risk perception. CISOs worry about what sounds new instead of what actually causes incidents.

Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access? github.com/kfallahi/Under… 400 lines Powershell - easy peasy ❤️🔥

Lol... This...

I had the weirdest dream... A client asked me to pentest a dinosaur egg. 🥚🤷

I go away on holiday for one week and now we are all going back to 'on prem' right? RIGHT? #azure #aws

I dropped a packet of Maltesers on the plane home. Did you know..they are round?...and...planes fly at funny NOT FLAT angles. It was like aviation pinball. Didn't stop me eating a fair few I found near the toilet though...were they mine? hard to tell...were they tasty? yes.

How cool is this though.... Right!?!?

Another Nim C2-Framework developed by Jakob. Can't believe you actually wrote the whole client in Nim as well 😂 Nice one! github.com/jakobfriedl/co… Including a Blog for parts of it: jakobfriedl.github.io/blog/nim-c2-tr…

Right...now I am back from holiday...FFmpeg...I'm late to the party I know... The beauty of OSS is someone makes a cool project, puts it out there, it might become huge, useful...people may even grow to rely on it, even build their core products around it's availability... I

This.

YUS!

I actually didn't know this was a thing, but honestly this sounds like a great model...looks like it has some decent backing and covers some pretty cool projects....

I actually hadn't come across this before: certbot-dns-route53.readthedocs.io/en/stable/ Nice way of automating dns challenges. Note the limited permissions you need though...don't go giving the keys to the kingdom ehhhhhhhhhhhhhhhhhh #certbot #aws

Captive cage nuts for server racks can go fuck themselves.