Today I found a Zero day bug....

Dear people who has mass pinged all major discord the past few days, what are your demands & goals.

I JUST BOUGHT A HOUSE, Im proud okay dont judge me

🤯🤯🤯 OffSec 🥇🩸?

#Windows11 It all makes sense now why Microsoft wanted to buy Discord, I belive they wanted to embed it directly into the OS just like they are now doing with Teams. Neat...

Why do lots of people spin up a simple web server using python(or any other version in their preferred language) instead of using Apache or nginx? What are your toughs? 🤔

Today I learned that #Samsung washing machines has the safety precaution that the person using the machine should be over the age of 8.

.g0t mi1k ? (sorry, just had to)

I've created a tool that's supposed to help a penetration tester to automate some OSINT parts of an engagement. A feature finds URI containing PDF files based on simple google dorking, an option is present if you want to download them. github.com/0xtobu/enumit

Happy new year everyone!

I am happy to announce that I have passed the OSCP Exam from OffSec! a journey that started in 2015 has finally ended, thank you for many MANY hours of frustration, but rewarding lessons.

This is bad…

It's insane how naive small businesses are towards security. All businesses have value for someone, criminals are just calculating risk vs rewards.

Web application guru's, is it wrong of me to say that Burp can be dumb?

As a reminder to the people who is looking for credentials on an engagement; Look for pcap files, I recently found a share that had a pcap on it from a sysadmin debugging kerberos authentication. I was able to crack the TGS that was within the pcap and get DA.

I am happy to announce that I’ve passed the Offensive Security Experienced Penetration tester (OSEP) exam. This is a great course and I would highly recommend it. OffSec

So OSCP+ requires to be renewed every 3 year or so, its clear that offsec is wants to enter the arena with SANS. Focusing on even more on AD seems to be a mistake IMHO, but I do like the idea of assumed breach context. I believe that pentest is all about "penetrating" the system.