Big news! I started @CoastlineCyber, a boutique cyber security consulting firm dedicated to strengthening your organization's security posture. 💪

RT @al3x_n3ff: How to find the Entra ID sync server - A new NetExec module🔎. Inspired by the great Entra ID talks at #Troopers25, I looked….

RT @al3x_n3ff: Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥. TL;DR:.If the Windows Se….

Vibe exploit development is a thing, and you should embrace it.

Oooo. Poc!.

Tired of vulnerability scanners that miss because they don't have a plugin? VulnSeer combines Nmap service detection with OpenAI/Anthropic intelligence to provide contextual vulnerability analysis. Here is my scan of

RT @JonnyJohnson_: Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been workin….

If you all can take a moment, simply visit this website. It will automatically vote for my wife's business to win a local radio contest!. Thank you!.

I just saw someone typing a letter and not using chatGPT like a sociopath.

RT @Cyb3rC3lt: Python version of BadSuccessor by Cybrly.

RT @akamai_research: Today we unveil BadSuccessor - a new no-fix Active Directory privilege escalation technique. We will explore the rece….

Is there no QA at Fortinet? Seriously, mind boggling how people are buying these. Literally buy ANYTHING else at this point.

If I boil myself down into an LLM I would try to make a hybrid SFT + RAG with vector search:. - SFT layer for your core playbooks for workflows. - Vector search layer for continuous CVE database updates. - Tool aug. so that test results are fed back to the LLM’s reasoning.

If you want to find 0 Days. You should learn the following RFCs:. RFC 7230.RFC 7235.RFC 7540.RFC 7519. A high number of CVEs stem from improper implementation of these RFCs.

I think LLMs are advancing offensive security faster than defensive. I'm noticing that my team is encountered .with fewer constraints, while defenders are facing all kinds of integration issues.

Telnet is used in:. PLCs - Industrial Automation.Serial Converters - Industrial Infrastructure.Oscilloscopes - Scientific Research.Monitoring Stations - Environmental Research.DSL Modems - Telecomm.Signage - Retail.Irrigation Controllers - Agriculture. So, I guess we'll see. .

Phishing in the email inbox/SMS seems like it's shifting. Phishing is in the browser (Ads), the IDE, the vendor portal, or the Chrome extension store seems like the new thing. Is anyone testing these or are we just hoping EDR catches it?.

RT @_logangoins: I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most….

RT @pentest_swissky: iDRAC to Domain Admin.

PowerShell + ChatGPT = beautifully formatted Word docs on command. Just discovered this, and I’m never going back.

RT @ShitSecure: As this is public now - an alternative to modifying AppIds to make them use the interactive user via the remote registry yo….