I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

A browser that reboots your machine? That’s not a feature, that’s Leon Jacobs’ kind of fun. In 7 Vulns in 7 Days, he unpacks a week-long dive through bloatware and bad privilege boundaries. Join him at BSides Cape Town 2025 for bugs, exploits, and a few laughs at vendor expense.

🚀 Insomni’hack 2026 is coming! 🗓️ March 16-20 @ SwissTech, Lausanne Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF 👉 More details soon: https://t.co/nMZo0LDpS9 🔔 Save the dates & stay tuned! #INSO26 #cybersecurity #CTF #event #Lausanne

Btw we released Pwndbg 2025.10.10 recently with improved kernel debugging, mach-O+Objective-C (LLDB) support, new commands for dumping mallocng (musl) allocator state and much more! See the changelog here! https://t.co/uPIOS3Bjuy

Fantastic @offby1security session with @leonjza on finding bugs in Windows bloatware. It's available on YouTube here:

Starting in just over an hour!

Update!! Due to flight delays we will be running the @offby1security stream with @leonjza "Vulnerability Discovery in Windows Bloatware" on Saturday 18-Oct at 1AM PT / 08:00 UTC. https://t.co/dtvyAn1aic

📢Insomni'hack Call for Paper is now open! The CFP 2026 is now accepting submissions. Want to speak, lead a workshop, or present a case study? We want to hear from you! 🔗 Submit: https://t.co/2VDGS8TzxQ #InsomniHack #CFP #Cybersecurity #Infosec #TechTalks

Frida 17.4 introduces Simmy, a new backend for Apple’s Simulators on macOS. Spawn, attach, and instrument apps — just like on a real device.

https://t.co/o4CGqi5qR0  ← we've just released Paged Out! zine Issue #7 https://t.co/ZEuR7WtUAL ← direct link https://t.co/DFuGBWFb4D ← prints for zine collectors https://t.co/8VN5hGyEux ← issue wallpaper Enjoy! Please please please RT to spread the news - thank you!

It would appear weekends are where I take pictures, procrastinate and kick out blog posts and tools. Here's my latest thing I bring to the table, OmniProx it's a semi dropin replacement for FireProx due to AWS's policy changes. https://t.co/uqCwaZjaSh https://t.co/0iBgpaTsST

Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to @merlos1977 and the @cybersaiyanIT team for making the speaking experience excellent too. 🙃

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. https://t.co/GC5wA2y3EO

Consumed We are what we feed on

🇮🇹👋

Soon™ Private invites at Romhack (@cybersaiyanIT) next week, public release a while later.

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

I had occasion to hack on some Wordpress’es and realised there’s a ton of surface area exposed over the "new" REST interfaces. Here's a small utility to convert it into a OpenAPI/Swagger file so you can explore it in your pentests/bug bounty work. Link below

If you're at RomHack (@cybersaiyanIT) at the end of the month, come tell me your @github username and I'll give you early access to the @sensepost tool repo for PipeTap at the con! 🙃 Below is a demo of the proxy in action. https://t.co/6rOorMYPCL

So far PipeTap can: - Proxy reads/writes (even some async ones). - Be a client, incl. the ability to have the *actual* connection in a remote process for those targets that do client pid validation. - Proxy TCP <-> Named pipe for arbitrary Python clients. - And more to come!

Ofc, I'm aware alternatives exist (and that really, using just a @fridadotre hook you can get far), but I wanted something more versatile.