Huge news coming soon.. 🤐

Amazing Pistol 1 course with Warrior Poet Society and Warrior Poet Society.. looking forward to Pistol 2 and 3 tomorrow/Friday. Highly recommend this dude! Phenomenal instructor, great conversations, and teaches immediate results!

Definitely will be my next training if it’s available again. In the mean time, here’s your chance. Fault injection is the new hotness.

Vulnerability in Putty:

'attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key'

* Revoke keys immediately including public in authorized_keys
* Generate a new key pair and replace

chiark.greenend.org.uk/~sgtatham/putt…

🔥 from Jason Lang! youtu.be/i2cJ1vYK5c8

I love how AWS lets you create lots of FireProx API Gateways but when you go to clean things up, they rate limit you on the delete -- you get side tracked waiting -- and they never get removed.

This was from defcon 19. So much crazy stuff happened that year, maybe I’ll write a book one day.

Can someone help me get this installed, it’s not working on my MacBook Pro

⁦HackSpaceCon⁩ view from the hotel roof

Just walked through this again practicing.. going to bring that 🔥! Definitely don’t want to miss this.

Ever wondered what hacking was like in the wild days of the 80s/90s/00s? Come take a journey back in time into the underground world of hackers/crackers. I'll unravel the stories/techniques/culture that defined this crazy era at HackSpaceCon tomorrow 4pm in End0r (9030)

Going to have to play with this one. Outlook RCE PoC

GDB dashboard: a modular visual interface for GDB (GNU Debugger) in Python - via #gcu github.com/cyrus-and/gdb-…

auth bypass confirmed!

> INFO:paramiko.transport:Authentication (password) successful!

mm_keyallowed_backdoor cmd 1 allows to override the response for mm_answer_authpassword with a custom one. if you set it to { u32(9), u8(13), u32(1), u32(0) } you can login with any pass 🤓

XZ back door goes deep in the weeds. Backdoors have come along way since unrealircd and kernel.org / linuxfoundation targeting

🚀I'm finally releasing GraphSpy to the public!🕵️
A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments!

github.com/RedByte1337/Gr…

Windows session hijacking via SCCM cloud.google.com/blog/topics/th…