maxicorbs

148 posts

maxicorbs

@CorbridgeMax

Principal Security Consultant based in London

Se unió Ocak 2016

106 Siguiendo127 Seguidores

maxicorbs@CorbridgeMax·21 Mar

This week in 'Securing AI: A Learning Journey' I got hands on with the awesome #spikee tool. I also broke down the differences between prompt injection and jailbreaking attacks in the world of LLM cybersecurity. Check it out: maxcorbridge.substack.com #AI #cybersecurity

English

maxicorbs@CorbridgeMax·13 Mar

🚀My biggest AI watershed moment since getting ChatGPT to write a poem in Jamaican dialect. I’ll be diving deeper into the security side of all this in my new blog 'Securing AI: A Learning Journey' Join the ride! 🧵👇 #AI #VibeCoding #MCP #LLMs maxcorbridge.substack.com

English

maxicorbs retuiteado

JUMPSEC LABS@JumpsecLabs·17 Eki

Imagine the feeling of a long-forgotten canary token triggering in one of your client's estates, which leads you down a path to catch and remove a sophisticated red team... No need to imagine, as @umairq_ has written up a blog: labs.jumpsec.com/active-cyber-d…

English

514

maxicorbs retuiteado

JUMPSEC LABS@JumpsecLabs·31 May

Tool Release! We've been having a lot of fun recently bypassing swathes of security controls using alternative web technologies to smuggle payloads right past mail security products. We've open-sourced the tool that we've been using to leverage WASM: github.com/JumpsecLabs/WA…

English

536

maxicorbs retuiteado

JUMPSEC@JUMPSEC·29 Nis

A great weekend for our #Adversary simulation team at @BSidescymru. Big shout out and thanks to Sunny and @CorbridgeMax for fantastic presentations and some great insights. A job well done! @JumpsecLabs #redteam #bsides

English

209

maxicorbs retuiteado

JUMPSEC LABS@JumpsecLabs·26 Nis

🚨 Tool Release 🚨 We've just open-sourced our #automation scripts for setting up #vulnerable #Azure environments to practice #cloud red teaming. It's basically free to run and has hints to help you along your journey if needed 💪 #AHHHZURE github.com/gladstomych/AH…

English

7.8K

maxicorbs retuiteado

JUMPSEC@JUMPSEC·17 Nis

Great to see @Maxicorbs, at @UKCyberWeek presenting insights about #cloud #redteaming and security concerns that are being introduced & how red teamers and threat actors are leveraging them to great effect! #azure, #aws #gcp #security #cybersecurity #risk

English

339

maxicorbs@CorbridgeMax·11 Oca

@0xLegacyy Just to clarify, the results of this poll do not count as a professional permission slip 😛

English

Jord@0xLegacyy·10 Oca

Is it ethical to use leaked code signing certificates for engagements? Something I've been pondering for a while. If you have a different answer please share 🙏 #redteam #infosecurity #Pentesting

English

1.7K

maxicorbs@CorbridgeMax·21 Ara

I did another thing

JUMPSEC LABS@JumpsecLabs

Ending the year with a CVE from our Head of Adversarial Simulation @CorbridgeMax. Unauthenticated users are served the default Superuser account name and if the default password has been changed in IBM backup products, a single point of failure for backups labs.jumpsec.com/advisory-cve-2…

English

maxicorbs@CorbridgeMax·16 Kas

🫠

Alexander Leslie@aejleslie

…what. I don’t know what to say about this one. Is this a first? It appears that the ALPHV (BlackCat) ransomware group has…filed an SEC complaint on behalf of one of their victims. Are we entering into a new era of extortion via compliance failure? I have questions…

ART

maxicorbs@CorbridgeMax·31 Eki

🤯

Hunter - Gaming News@HUN2R

Nickmercs just leaked that he didn't get any of his sub money on Twitch Twitch took 100%, and Nick was given a MG (minimum guarantee) every month

ART

maxicorbs retuiteado

JUMPSEC LABS@JumpsecLabs·29 Eyl

The vast amount of data that builds up during a #purpleteam engagement can quickly become overwhelming if not managed properly. Check out our experience of using the #opensource framework VECTR to solve this problem! labs.jumpsec.com/vectr-for-purp…

English

943

maxicorbs@CorbridgeMax·27 Eyl

@tde_sec Ahahaha

Filipino

T@tde_sec·27 Eyl

@CorbridgeMax the accuracy

mpgn@mpgn_x64

The redteam when they do social engineering over the phone and the client download and execute the file "invoice.pdf.exe"

English

119

maxicorbs retuiteado

T@tde_sec·11 Eyl

We warned Microsoft back in June about the risk of external tenant interaction being used for initial access, I’m honestly expecting the prevalence of this to sky rocket in coming months. That doesn’t even take into account the IDOR they chose not to fix. labs.jumpsec.com/advisory-idor-…

ICSNick@IcsNick

Did an investigation regarding DarkGate delivered by Teams together with my fantastic colleague Jakob Nordenlund at @Truesec. A lot of good IoC for all defenders! truesec.com/hub/blog/darkg…

English

10.7K

maxicorbs@CorbridgeMax·4 Eyl

What a career 🤯#GOAT in my eyes

OpTic FormaL@FormaL

Seems like everyone’s been doubting us, except us. We know how to work through things together and I’m so proud of my team for the recent improvements. HCS Fort Worth CHAMPS #Greenwall

English

102

maxicorbs retuiteado

T@tde_sec·2 Ağu

Having the external collab setting as default (allowing cross org comms) has allowed us use that technique during red teams on several occasions. It also led to @CorbridgeMax and I finding this: labs.jumpsec.com/advisory-idor-… Not limiting external collab is a real, impactful gap.

Microsoft Threat Intelligence@MsftSecIntel

Microsoft has identified highly targeted social engineering attacks by the threat actor Midnight Blizzard (previously NOBELIUM) using credential theft phishing lures sent as Microsoft Teams chats. Get detailed analysis, IOCs, and recommendations: msft.it/60199EEkv

English

342

maxicorbs retuiteado