|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| | Don't Push To Production On Friday | |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

I'm told we are hiring in MSTIC: aka.ms/msticjobs Come for the data, stay for the data. Creative problem solvers have the most impact. If we've worked together, I'm happy to refer you. But...

I just donated to support the Bischoff family after their heartbreaking loss. Every little bit helps during this tough time. Please consider sharing or donating if you can. Thank you. We miss you Zion 🙏gofund.me/5c935853

Happy Friday 🎉

You know Roberto’s stuff is 🔥

The FBI wants you to use end to end encryption for your messages. This is surprising since the FBI has historically treated end to end encryption as if it's only for criminals. They want us to use it because Chinese hackers are in our telecom providers. Is E2EE enough though?

Last of the year: - Exploring "Scripting in Bruno" for #API Hacking lnkd.in/gX9-s-3d - Unveiling the outcomes of the initial execution of Connect-MsGraph⁉: lnkd.in/gp89aNKY Wishing yall a Merry Christmas 🎄🎅❄, festive Holidays, and a prosperous New Year 🎆🎇🥂🍻!

Learn how Microsoft scales Dynamic Application Security Testing (DAST) with automation. Check out Jason Geffner's blog post and BlueHat talk: ➡️MSRC blog: msrc.microsoft.com/blog/2025/01/s… ➡️BlueHat talk: youtube.com/watch?v=kfuOzD…

But everyone can see it!! Awesome job Jonathan Bar Or (JBO) 🇮🇱🇺🇸🇺🇦🎗️ 💪

Microsoft Threat Intelligence has observed North Korean state actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic: tricking targets into running PowerShell as an administrator and then pasting and running code provided by the threat actor.

🐚❄️

🚀 Task Groups in Azure DevOps (ADO): From Automation to Exploitation💥 I break down how misconfigurations can lead to code execution, persistence, and supply chain attacks, plus how to defend against them. manuelberrueta.github.io/supply_chain_s… #AzureDevOps #DevSecOps #RedTeam #pentesting

Who has what access to what in Azure DevOps (ADO)? 🤔 Understanding Azure DevOps permissions is critical for security. 🔍 I walk through how to analyze permissions. manuelberrueta.github.io/supply_chain_s… #AzureDevOps #DevSecOps #RedTeam #Pentesting

#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨 Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.

🎙️ "I think of InfoSec roles these days as very similar to an artist, where you have to have a portfolio of work—even if you haven’t had a job yet." — JS0N Haddix, Arcanum Information Security In this clip, Jason shares his top advice for breaking into security: 🔹 Build a portfolio through

I shared this with my network in LI. I think there some good tips here for folks trying to break in to the field.

We are looking for a junior security researcher 🤠 No university degree or previous work experience required, but MUST be able to demonstrate interest in the field and some basic skills by either: 1. Have published blog post detailing 0-day vulnerability (found by yourself)

Just dropped Hacking Buddy MCP 🧠💥 A proof-of-concept #MCP server exploring how #AI can help in offensive #security + ops. It's a PoC & light in tools, but built to share now, not wait for perfection. 🛠️ Try it out: github.com/ManuelBerrueta…

This is not only advice, is wisdom. Even with good notes, I think this still applies!

🧠 Another great post here! Being able to understand and deliver the story in a meaningful way is crucial. How you deliver it is quite important…don’t over look this!