We are still looking for crew for July, if you fancy getting behind the scenes access to the con, and all the perks that go with it, sign up here: docs.google.com/forms/d/e/1FAI…

Roll on tomorrow

Can’t beat solid talks and a great badge! BSides Exeter

I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :) logan-goins.com/2025-04-25-scc…

AMSI Bypass via RPC Hijack (NdrClientCall3) This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC github.com/andreisss/Ghos…

HELLO NAHAMCON 2025 CTF IS MAY 23 TO MAY 25 BEN ASKED ME TO HELP PROMOTE AND I FORRGOOTTT PLEASE REGISTER AND PLAY OUR GAME jh.live/nahamcon-ctf I WILL CONTINUE TO SPAM UNTIL SHOWTIME AND DURING EVENT SORRY BUT IT WILL BE FUN I PINKY PROMISE

ZPS has a new site with some pretty cool changes to pricing, labs, and exams. Read more here: zeropointsecurity.co.uk/blog/new-site-…

if you're looking for a Pocket replacement, I built Obsidian Web Clipper — it's open source and works with any app that supports Markdown (not just Obsidian)

I'm teaching an intro to cloud security workshop on July 11th. This is a pay what you can course so you can take it for free. I'll also be teaching the full version of my Breaching the Cloud course at Wild West Hackin' Fest in October. Registration links below: Workshop:

Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…

Nothing like scratching the bug bounty itch with several crits to end the night. Now to rest ready for Steelcon

PSA to anyone struggling, don't be told that "you're just worried", "you're just feeling sad", "you're overthinking things"... depression, anxiety, OCD, ADHD, Autism are killers. Talk, and advocate for yourself!

Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257.... labs.watchtowr.com/pre-auth-sql-i…

#x33fcon 2025 talks: Dominic Chell 👻 - Hiding in Plain Sight > youtu.be/GyoxCTYPAus

💻 ModuleOverride – Changing a Tyre Whilst Driving – zer0phat & kreep teach process injection using existing memory sections to run malicious shellcode. Hands-on demos and detection strategy discussions at @redteamvillage_ during DEF CON 33! ⚡

Here’s my slides from today’s “Regex For Hackers” talk at DEFCON with Ben Sadeghipour, bookmark this for some exciting news in the near future docs.google.com/presentation/d…

Had an awesome time at #DefCon 33. Lots of new discoveries, first time speaking at the #redteamvillage along with zer0phat and met lots of cool people. Looking forward to the next one!

Developing a scriptable (pwndbg-like) debugger for windows. Few more things we need to iron out but will be releasing soon 🐸

PDQ SmartDeploy versions prior to 3.0.2046 used static, hardcoded encryption keys for cred storage. Low-privileged users could potentially access admin creds from registry or deployment files. Garrett unpacks his testing in his latest blog post. ghst.ly/4mjyuvw