You can find my Microsoft BlueHat #BlueHat presentation slides on my GitHub at the below URL. Thanks to the organizers for having me and for those that attended my talk! github.com/h4wkst3r/Confe…

🔥🔥🔥 cloud.google.com/blog/topics/th…

💭 How is the Mandiant Red Team using AI to revolutionize adversarial emulation? Learn how we leverage #AI and #LLMs to process unstructured security data and better defend organizations. Read the post → bit.ly/4fPHGUI

FLARE is releasing a tool today that I've been working on over this year that helps break down binaries into smaller functional clusters and uses Gemini to describe their relationships, behavior and the overall malware functionality. It's called XRefer and it is out for you to

Looking forward to speaking at #SOCON2025 next year on some interesting hybrid attack paths! specterops.io/so-con/#talks

T-Minus two weeks until my first Mandiant blog as the principal author drops as well 🥳 (Detailing the discovery of CVE-2023-6080)

the test scripts for Sleep lang are a trip

Our blog on CVE-2023-6080 is here 💥 check it out! We detail the discovery and exploitation process, going from low privilege to SYSTEM 😎 cloud.google.com/blog/topics/th…

spencer And the use the rainbow tables by Nic Losby to crack it back to NTHash!

Had a lot of fun digging into COM stuff with bohops recently! We ended up finding a way to laterally move without dropping a file. ibm.com/think/news/fil…

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week offensivecon! googleprojectzero.blogspot.com/2025/05/breaki…

Great paper - awesome that they included the costs associated. If the rumors that foundational models are operating at a massive loss are true how much would we expect this to change in the future?

I'm not sure what Gemini is doing under the hood, but after changing models, chunking strategies, adding titles, correctly setting TaskType has been the biggest impact for improving RAG

Prime Day is going well

New blog! Here's our case study on using LLMs for accelerating offensive R&D. Our post details how we used Large Language Models to identify and exploit trapped COM objects. Next week at BlackHat we'll drop even hotter stuff on offensive AI research. 🔥 outflank.nl/blog/2025/07/2…

End of an era.