Time travel pentest: Invalidate findings because they have been patched between discovery and reporting

https://t.co/G1D6Eyse7y

The first million is your talent. $10M from systems. $100M from building leaders. $1B from branding. If you have ADHD and get stuck, know where you are on that path, so you’ll know what to focus on next.

found on streetview

Thanks to @cogiceo for letting me work on this, and to @SkelSec for his "winacl" library. If you want to learn more about DACL structure and how it works, check out this article: https://t.co/BtuyPsXcnx

I recently had the opportunity to talk about Evilginx on the Click Here podcast from The Record. I reflected on the moral considerations surrounding the double-edged nature of developing offensive security tools. Enjoy the Frankenstein reference 😅 https://t.co/41jKsfq3sB

I might be drunk AF, but this chart clearly shows that humans (without bikes) are one of the most efficient movers only surpassed by horses and salmon? Also, where is the datapoint on horses on a bike?

It's Sunday evening and I'm doing some local LLM fun. It takes hours to finish. I wanna play a game in the meantime. FFFFFAAAAAAAAAAAA

You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)

7) Grabbing DPAPI blobs from the host with volumiser is also possible 8) Use pypykatz for LSA secrets, decrypt DPAPI blobs with DPLoot Credits for tooling to: @_EthicalChaos_ @SkelSec @_zblurx 🥰 (3/3)

Bitcoin and Ordinals can both be viewed as conceptual art. Bitcoin explores the concept of digital ownership. Ordinals, the concept of immaterial objects. @OnChainMonkey (OCM), expressed through a distinctive PFP, is conceptual art created around the question of how far one can

Finally a bloodhound collector inter-domain in bloodyAD v2.1.25! Thanks to the amazing work of @SkelSec (don't hesitate to support his project octopwn) and some custom code of mine named the reacher to reach every DC alive 😈

The bottom line is: I find it asinine that decisionmakers betting that all this crap will replace developers.

the best part that blew my mind is that sonet just lies "here are 'test cases' and they all check out so everything works" like the fuck it is. all tests it wrote provide no output so it'd be impossible to even see if something went wrong, and ofc the code didn't even start XDXD

all models failed spectacularly (problem was with padding) and every single time I check for comparisons 99% of the results are "hey look how these 4 models one-shotted a crappy mario game" like who the fuck cares?

sonet, o3, gpt, all of these models are just simply so friggin bad at creating something that hasn't been created before (or maybe there are 2 obscure implementations of the problem at hand) I wasted the past 4 hours to get one part of an SMB server to be implemented

Why would the US Government allow Argentina Beef to be labeled as “Product of the USA?”? The establishment GOP got wiped out in the 2025 elections because they have abandoned fiscal conservatism. Plus a deep dive on how cattle farmers are being decimated by the political class in

Okay, a short rant on vibe-coding: I use cursor for some (mostly frontend brrrr) code and it usually helps. Sometimes I ask the llm to give some ideas or potential fixes based on errors I have not yet encountered. BUT whenever there is an issue >10 steps ALL of them break down

Sometimes I play with the thought of making a training teaching ppl how to make the changes themselves

pushed an update to pypykatz just now. NOT yet on pip, because first I'm waiting for feedback if it reliably works. The main issue it solves is the parsing of the new 24H2 update introduced some changes which made parsing not work https://t.co/qZRCcJBviJ

After a break, I’ll be back to Black Hat EU 2025 to share new developments in call stack spoofing techniques and tradecraft. Likely my final public contribution to technique. Hope it'll inspire brilliant minds to build something great! See you there! #BHEU #offsec #SpecterOps

Unwind

where is @SwiftOnSecurity when you need a retweet

Every time I get really dunk in front of my computer there is a fight with myself to restrain myself from airing all my grievances with the ITsec community and the way they treat FOSS developers in this space.