Jorge Orchilles
@jorgeorchilles
Followers
11K
Following
18K
Media
1K
Statuses
14K
SANS Principal Instructor & Author #SEC565 | #RedTeam | #PurpleTeam | #PenTest | #C2Matrix Creator | ATT&CK & Atomic Red Team Contributor | Published Author
South Florida
Joined January 2009
We’re guilty as charged… but hear us out. Yes, SCYTHE 5.0 is a special snowflake, because it learns your network, adapts attacks, and validates your SIEM like a pro. Frosty. Fast. Freakishly smart. Check it out → https://t.co/vlfcjY6f7x
#cybersecurity
1
2
3
Great article by @StevenLevy on @WIRED. Took me a bit to read through it, process, and then share. Highly recommend you take the time to read it. I also feel "politically homeless"
wired.com
Tech got what it wanted by electing Trump. A year later, it looks more like a suicide pact.
0
0
2
We're really bringing the 🔥 with our next Nighthawk release - Janus - https://t.co/hxp6M8XkWO
1
23
111
nvm we figured it out
678
4K
47K
Behind the curtain of “charity,” the same elite networks pull every string — shaping education, media, and policy from the top down. When philanthropy becomes theater, democracy takes a back seat.
5
21
120
5 days to patch is not going to be quick enough any more:
0
0
1
Handful of #Photos from #SFISSAHTF2025 #Conference @ #BRiC, this morning. Tomorrow: @SFISSA #HackTheFlag & #ChiliCookoff #SFISSAHTF @HackMiami
1
4
5
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack - @serghei
https://t.co/aDOxLBspzA
https://t.co/aDOxLBspzA
bleepingcomputer.com
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.
18
137
343
I have always told my offensive team, “your job is to make your job harder”
People still don't realize that if you look at the last 15-20 years of pentesting, there has been an arc where it was "easy" or easier because of training, free tools, free research, lack of EDR, places not investing in security and everything else you're now slowly seeing the
2
2
26
This is a GRE PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion https://t.co/Ou2gVyKWAh
github.com
This is a GRE PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion - 123ojp/GREtunnel-scanner
0
4
19
In a few short days, @jorgeorchilles and Jason Lamar will show you how to take control of your security posture—before attackers make their move. This is your chance to learn proven offensive security strategies that work. Register now: https://t.co/l3lbXYAnXR
0
1
3
Great C2 talk at BlackHat 2025 by @UNC1739 Ghost Calls: Abusing Web Conferencing for Covert Command & Control Slides: https://t.co/bMnhcLYUyX Tool release:
github.com
A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom. - praetorian-inc/turnt
0
25
96
@greend4rk @defcon @nostarch You can get the early access ebook here (and also optionally pre-order the final physical book if you’d like!) https://t.co/6gSGvP1NR9
nostarch.com
A comprehensive, hacker-written guide for security professionals looking to plan and implement real-world penetration testing, or “red team,” operations.
1
1
3
🌟 The Good: Black Hat 2025 Highlights ⚠️ The Bad: Rising Risks in AI Adoption CISO Concerns: Unanswered questions about model tampering, training data poisoning, and new prompt injection threats. 🛡️ The Solution: Starseer’s Answer to AI Trust #AgenticAI #AISecurity #AITrust
1
1
2
Some things you just never get over. ❤️
7
16
218
Part 1/3 of my journey into Agentic AI blogpost series is out. https://t.co/jTx99b5aC2
redteamer.tips
If you’ve ever worked in an offensive security role, you know the feeling. You spend weeks simulating an adversary, meticulously finding vulnerabilities, and chaining together exploits. You write a...
1
3
9
Hackers don’t wait. Why should you? Join @jorgeorchilles and Jason Lamar to discover how offensive security can help you get ahead of threats—before they hit. 🗓️ Aug 20 | 1:00 PM EDT Register now 👉 https://t.co/NuW2jhapYr
0
1
2
Like the google hacking database but for bloodhound:
specterops.io
The BloodHound Query Library is a community-driven collection of BloodHound Cypher available at https://queries.specterops.io
0
4
8
Jorge Orchilles (@jorgeorchilles), Senior Director of Readiness and Proactive Security at @Verizon, offers an up-close glimpse at the thinking that drove his move to #exposuremanagement with Tenable. Read the insights: https://t.co/IjBO6hSxvH
0
1
8
oh, boy ... CVE-2025-33073 SMB Client Elevation of Privs is wild https://t.co/piQIg0lDV7
Windows SMB Client Elevation of Privilege Vulnerability CVSS Score: 8.8 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Do I have to say more? https://t.co/SbFqsTWTSN
1
47
142