Justin Elze
@HackingLZ
Followers
67K
Following
117K
Media
8K
Statuses
58K
CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
/tmp/.a
Joined April 2008
I still love FB marketplace I’m currently trying to low ball my way into a 2002 SS Camaro with a locked up motor 😂
3
0
13
This is ridiculously useful. I’m so stoked about it
Friday I met with some pentest teams that told me screenshots were still a pain for them. So I made a plugin today for Caido, It handles everything: highlights, redaction, layout size, headers hiding. Time to level up your screenshot game! Try it out: https://t.co/Io620MVnTz
1
9
65
THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at https://t.co/zVCLwmbXv2 👌
4
71
369
What if you could see sound? Now you can. Download FOTRIC Genie and explore real-time sound mapping on your phone.
3
3
22
Found this in the wild: https://t.co/83NcvDvIej disguised as a python osint tool with only error response, while mshta.exe reaches out for a HTA that executes in memory and if the C2 is active, pulls down an implant, creates schtask and executes the Rhadamanthys stealer. The
1
17
97
"'ConsentFix', a browser-based ClickFix-style attack with OAuth consent grants" ... leveraging the Azure CLI app client to social engineer for easy access into Entra ID 👀 I got nerdsniped by this, so I played with it a bit and tried a drag-and-drop gesture! Video:
6
69
366
New details on multiple state and criminal actors now exploiting React2Shell.
cloud.google.com
Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.
1
58
165
New NTLM relay dropped for MSSQL. Should see some SCCM modules to use it next. @unsigned_sh0rt gave me all kinds of ideas.
This week's wrap-up has some pretty rad MSSQL updates and a module for React2shell. Get it here:
0
15
84
Christmas comes early for the InfoSec Twitter debates
JUST IN - Trump admin prepares to enlist private businesses and cybersecurity firms to mount offensive cyberattacks against foreign adversaries — Bloomberg
17
11
277
This is going to make some really nice phishing websites
I migrated cursor.com from a CMS to raw code and Markdown. I had estimated it would take a few weeks, but was able to finish the migration in three days with $260 in tokens and hundreds of agents. Here's how I did it + all my my usage stats. https://t.co/QIAOmLsffx
2
1
18
Last week, hardware. This week, firmware! Sam is back with a deep dive into his LiDAR Detector and demos a couple prototypes! https://t.co/US87C8ynEc
0
3
7
