With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarch! 🎉 "Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing. https://t.co/2syCI1JmDd

Phorion Threat Report: a backdoored Cursor extension was used to deploy the Paradox Stealer infostealer into macOS developer workflows. The post breaks down the full infection chain, detection opportunities and why IDE extensions have become a reliable point of initial access.

I wrote a thing about some recent dabbling with AppleScripts

I got a sneak preview of this research and it’s a must-see for anyone attacking or defending macOS environments! 🍎🍪

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️

Finally disclosing the critical supply chain attack I've spent the last 6 months preventing: 🧵

I just finished reading my signed early edition of Practical Purple Teaming: The Art of Collaborative Defense by @ajpc500 (Alfie Champion), and it was an excellent read. The book serves as a complete survey of the tactics, tools, and procedures involved in purple teaming. It

💜💜💜

🚀 Super excited to finally share that I have been working on a startup for over a year: @offensys! Offensys provides an enterprise platform for automated advanced attack simulations to enable continuous posture validation. 🌐Check out our new website: https://t.co/h00eOYbJx5

If you haven’t already, check out @Print3M_’s research on File System APIs here: https://t.co/DFFcVPTD2s We went down the exfil path for this research, but certainly some abuse potential there!

🚨 I am publishing my research on the File System API. FileJacking might used to establish Initial Access. Key points: - File smuggling via File System API - Backdooring files directly from a browser - Reading / creating folders and files from a browser https://t.co/9apA0IrNCv

Friday 2pm. Come say hi! 💜

See you in Vegas! 👀✍️📚🎰

A short GitHub repository explaining on weaponizing WSL file extensions https://t.co/DytprnESX3 #redteam

A few yrs ago, when we began building https://t.co/Un5ApOoI7D, a piece of me wondered if we'd see the innovation and creativity in the threat landscape to justify writing this kind of blog. This is the fifth(!) time we've put together our Top 10 and... the answer is 100% yes 😅

Cool to see our Sigma rule for FileFix detection being merged today 🚀🩵 https://t.co/WnpN4JSt9U

Turns out the same ClickFix mitigation of ‘disabling’ the Win+R shortcut (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun DWORD 1) also prevents exploitation of the address bar FileFix technique💡

TIL that there's a Defender 365 detection for use of the Microsoft logo from a wiki page - "Phish_HTML_WithMsLogoFromWiki_A" 🤣

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. https://t.co/wOlMwj4las

Our Phishing Attack Technique Explorer is now live! 😈🔍 Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion https://t.co/gV29vxgOvk

Using Mythic and VECTR on your purple teams? 💜 I’ve just open-sourced a new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings. https://t.co/Jm7En6gshy