Beau Bullock
@dafthack
Followers
18K
Following
5K
Media
430
Statuses
4K
Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH
Florida, USA
Joined January 2013
“Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models” One day we might be hiring literature majors in cybersecurity. https://t.co/ddHhfkYYmh
arxiv.org
We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models,...
1
4
15
Join @dafthack for his precon training class, "Breaching the Cloud," at Wild West Hackin' Fest - Mile High 2026! Don't ya go missin' it, grab yer tickets to the con today! https://t.co/QLA9JGyq6Q
0
3
5
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:
dirkjanm.io
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise...
141
905
3K
Want to learn how modern attackers hack cloud infrastructure like Azure and AWS? In two weeks (9/23 & 9/24) I'm teaching Breaching the Cloud live and fully remote. Register here: https://t.co/tOxnQRPKqs
@Antisy_Training
antisyphontraining.com
This course provides comprehensive insights into cloud-based attack surfaces, a step-by-step methodology for compromising cloud environments, and practical guidance on leveraging open-source tools...
0
3
14
Two opportunities to take my Breaching the Cloud course live are coming up soon. If you want to learn how to hack cloud environments like Azure and AWS this is the course for you. Sep. 23 & 24 - Fully remote and live Oct. 7 & 8 - In-person only at @WWHackinFest Register here:
2
12
34
Check out my new blog on nested app authentication and brokered authentication.
Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? @Icemoonhsv breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication.
2
17
42
FIDO downgrades are still possible, in reverse proxy phishing attacks, if you manage to convince the server that your device does not support strong MFA. 🪝🐟 Research from @proofpoint: https://t.co/zRTqV27CgB
proofpoint.com
Key takeaways FIDO-based passkeys remain a highly recommended authentication method to protect against prevalent credential phishing and account takeover (ATO) threats.
2
28
88
New downgrade attack can bypass FIDO auth in Microsoft Entra ID - @billtoulas
https://t.co/MLvEzFz1RK
https://t.co/MLvEzFz1RK
bleepingcomputer.com
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and...
11
61
183
I've been using Microsoft Teams wrong this entire time
7
20
219
🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud. No logs. No easy traces. Your hybrid setup could be a silent breach vector. Full details + fixes →
thehackernews.com
Microsoft warns of CVE-2025-53786 in Exchange Server risking cloud identity abuse; admins urged to patch.
5
136
366
we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA @tamirishaysh
21
196
823
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. https://t.co/Gnz0ssUXYN Slides available here: https://t.co/2zhhBe83Df
github.com
My conference presentations. Contribute to olafhartong/Presentations development by creating an account on GitHub.
3
117
318
I pushed updates to SCCMHunter as part of my Arsenal demo at #BHUSA today! New features include a relay module for TAKEOVER-5 and a community contribution to coerce client push from a *nix host for ELEVATE-2. https://t.co/INtQRq6bdI.
github.com
[1.1.10] - 2025-08-06 Added Relay Module Added a new module to support TAKEOVER-5. Operators can relay coerced authentication to the SMS Provider role to compromise SCCM. HTTP Module Thanks ...
1
52
137
**NEW RELEASE** Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource 10 essential offensive tool references, available as PDFs or blog posts. Download all or individual sheets. Thanks again to all our contributors! Check it out: https://t.co/wK472aS2CY
1
8
27
🚨$600 OFF Garmin R50 SIG Golf Simulator Packages! R50 is the all-in-one simulator with a 10" touchscreen, pro-grade club & ball data, and access to 43,000+ virtual courses.
2
2
49
The ADSyncCertDump tool is now part of the adconnectdump tools and can be used to extract SP credentials from Entra ID connect hosts. I will cover that during my BH/DC talks today and Friday! Tool is heavily based on Shwmae by @_EthicalChaos_
Since we now can use Entra ID connect sync with a service principal, I thought I'd look into the new security measures. On hosts without a TPM, we can dump the cert+key. On hosts with TPM (second picture) we can use the key to create an auth assertion for roadtx to req tokens.
2
99
270
Zero-Click Agentic AI Exfiltration. I’m glad I can finally share some of the work our team has done. https://t.co/uYGeqKbn9a
8
108
479
We’re launching a $500K Red Teaming Challenge to strengthen open source safety. Researchers, developers, and enthusiasts worldwide are invited to help uncover novel risks—judged by experts from OpenAI and other leading labs. https://t.co/EQfmJ39NZD
kaggle.com
Find any flaws and vulnerabilities in gpt-oss-20b that have not been previously discovered or reported.
225
497
4K
Compromised service principal + DeviceManagementConfiguration.ReadWrite.All to get full device fleet access. Push system level scripts via Graph API, harvest creds, escalate in Entra ID, and persist across endpoints. cloud management is the new lateral movement highway.
0
13
60
🚨 New research alert Check Point Research discovered a critical RCE vulnerability (CVE-2025-54136) in Cursor, a fast-growing AI-powered IDE. The flaw allows persistent, silent code execution by modifying previously approved Model Context Protocol (MCP) configs. 🧵More below:
7
39
142