Non-infosec post this time. I try to stray away from talking about my personal life here as much as I can especially when it comes to my family. In November 2023 my son Oliver was diagnosed with level 3 Autism Spectrum Disorder.

I fell down the Kubernetes security rabbit hole. So I wrote a deep-dive on attack techniques, detection engineering, and scripts to test everything in a lab. Shoutout to @GrahamHelton and @raesene for their previous work! https://t.co/5wlHqIZD8X

Moonwalk++ stack telemetry bypass (@KlezVirus), a pile of Mediatek CVEs (@hyprdude), AppleScript decompiler (@__pberba__pberba__>__), SCOM hacking (@unsigned_sh0rt + @breakfix), and more!

[RELEASE] As promised, I’m releasing the first blog post in a series. It covers the gaps still present in current stack-based telemetry and how Moonwalking can be extended to evade detection logic and reach “on-exec” memory encryption. Enjoy ;) https://t.co/4Yf28y7cT4

New NTLM relay dropped for MSSQL. Should see some SCCM modules to use it next. @unsigned_sh0rt gave me all kinds of ideas.

dMSA key construction secrets by @RedPanda4Good at @BlackHatEvents #BHEU #Arsenal

Wow, @secbughunter sharing some big news from @msftsecresponse: Critical vulnerabilities are now in-scope for bounties by default 🔥 The small print: https://t.co/5rNlPBautP

Check out our two part blog series with @unsigned_sh0rt following our BlackHat EU talk

Some interesting talks from @BlackHatEvents #BHEU today: ▪️You Win Some, You CheckSum by @EliranPartush ▪️SCOMmand And Conquer by @unsigned_sh0rt & @breakfix ▪️SOAPwn by @chudyPB

Blogs are up!

Hope to see you there!!

Start making your way over to #BHEU Arsenal Station 5 for @bagelByt3s' session on LudusHound, a tool that rebuilds real-world AD environments using actual BloodHound data. 👉 https://t.co/HyDGactVVq

☝️This blog post is the perfect primer ahead of @unsigned_sh0rt & @breakfix's #BHEU talk TOMORROW. https://t.co/bxW5PYyhyl

SCOM is one of the most deployed, but least researched, System Center products. @synzack21 breaks down how it works + how to build a lab to test new tradecraft.

Generic AD labs don’t cut it. Stop by @bagelByt3s' #BHEU Arsenal session and hear about LudusHound, a tool that rebuilds real-world AD environments using actual BloodHound data. Learn more 👉 https://t.co/HyDGactVVq

:O

Don't forget to grab yer tickets for WWHF @ Mile High 2026! -> https://t.co/QLA9JGyq6Q Check out Jason Haddix's talk, "Attacking AI - The New Frontier," from Wild West Hackin' Fest @ Deadwood 2025!

See you all next week...excited to present with @breakfix at #BHEU! 💣

SCOM monitors critical systems, but insecure defaults make it a powerful attack vector. At #BHEU, @unsigned_sh0rt & @breakfix show how to abuse SCOM for credential theft, lateral movement, and domain escalation, plus how to defend it. https://t.co/bxW5PYyhyl

Stack spoofing isn’t dead. Hear from @klezvirus at #BHEU on how modern detection still breaks, and unveils the first CET-compliant stack spoofing framework. Learn more ➡️ https://t.co/3ffbujgNPE

Anyone else seeing this behavior with Claude? I'll start a new chat without extending thinking but in the response to a message it's enabled. I skimmed settings to see if I could stop it but didn't see anything. Not a huge issue just an annoyance.