https://t.co/41EtihxSNx It's been well over 20 days to say a single f... word on the hackerone report I have with them. @Hacker0x01, @TMobile when can I publicly disclose?

Zero to Hero: The process of reversing and exploiting complex vulnerabilities!

Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.

We are excited to announce our friend @corg_e will be the new manager of vx-underground merchandise. In the following days (or weeks?) we will have a new e-commerce domain. tl;dr kawaii merchandise, or something

@testanull

@vxunderground maybe start replying to hackerone reports

I have like 50 RCE bugs on this BB target. But EVERY time I have submitted a bug to this company it's a dup. So I'm conditioned to not submit them. I think bug bounties are creating some type of bystander effect...

January 22, 2023 — AS21859 — ZEN-ECN [US] — leaked 1348 prefixes creating 1349 conflicts with 44 ASNs in 8 countries. Propagation: 100%. Duration: 1 hour 20 minutes.

When I see TikTok being used as C2, this is how I know I’m getting too old for this shit

https://t.co/ZF7NGbdlCS

Get idea. Buy domain. Watch domain expire. Repeat.

Palo Alto vs Crowdstrike giving credit. 😂 cc @Purp1eW0lf

It’s like I always say: “These sequence diagrams aren’t going to animate themselves!” CVE-2021-1732 (win32k kernel type confusion -> OOB-R/W) (Based on https://t.co/EmpEzw3nyq)

Another one bites the dust 😎

SANS (free) Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains by @Jean_Maes_1994 This workshop requires a large local LAB (40+ GB zip file download). https://t.co/oN31HXf359 #infosec #pentesting #sans

New blog post on a recent collab with @UsmanMansha420 where I bypassed Akamai WAF to get RCE on a Java application with Spring EL injection. Spent some time writing about the process of constructing the custom payload. Hope you enjoy!

Fortinet heeft een kwetsbaarheid verholpen in FortiOS SSL-VPN. De kans/schade van de kwetsbaarheid met kenmerk CVE-2022-42475 beoordelen wij als high/high. Er is reeds beperkt actief misbruik waargenomen. Lees het beveiligingsadvies hier:

Often people read write ups and because they don’t understand them they assume that the writer must be very fucking smart, maybe it just wasn’t written well. On the flip side when something is written well and people understand, they fail to recognise the value of the author.

Voorstel, als een overheidsorganisatie zijn ligging niet op orde heeft. Stil leggen, tot dat het wel in orde is. https://t.co/XsqsOChJVL