kinako

試験の息抜きとしてBOFの基礎を学び直した 何もかも忘れまくっている...笑笑🤮

UnderlayCopy_bof BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing. No VSS, no Registry APIs, no PowerShell github.com/Muz1K1zuM/Unde… #blueteam #redteam #dfir

I’ve been seeing the technique I discovered a while ago getting used in the wild a lot more lately… definitely a weird feeling😅

If you can read the detection rules, evading them becomes a lot easier. New write-up on decrypting Cortex XDR behavioral rules and abusing Global Whitelists by @p0w1_. TL;DR: just put ':\Windows\ccmcache' in your command line. Fixed in Agent 9.1. labs.infoguard.ch/posts/decrypti…

Who knew a #Windows shortcut could carry so much? In our new blog, @freefirex2 breaks down the newly patched CVE-2026-25185 and how a specific #ExtraData block combination silently coerces authentication without a single click. Read it now! hubs.la/Q046xPgJ0

ガソリン値上げの件、嫁に話しました。 嫁なんていない。 途端に泣き崩れる俺。

interesting…👀 Stuck Without Coercion options? Why not just Coerce MDE? | by Sniffler | Feb, 2026 | Medium @Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66" target="_blank" rel="nofollow noopener">medium.com/@Sniffler/stuc…

At #Insomnihack, Yuya's talk dives into how attackers pivot from a compromised endpoint to extract credential material even with Credential Guard enabled. Register now and don't miss it: ow.ly/awSV50Yf5oJ #INSO26 #Cybersecurity #InfoSec

Today was my last day at my current job~😃 I’ll be starting at a new workplace next week, and honestly I’m a bit nervous…🤢

Your AI Pentester Found 1,000 Bugs. None of Them Were the One That Mattered. - thepragmaticcto.com/p/your-ai-pent… HackerOne co-founder @michielprins noted that #XBOW "excels in volume" while pointing out that its reputation score sits at roughly 17 reflecting a concentration on lower-to-medium severity issues, not the kind of findings that keep a CISO up at night. Prins also made a distinction worth remembering: "It's a company, it's not just one person." XBOW has a team, venture funding, and compute infrastructure. Comparing that to an individual hacker on a leaderboard is not an apples-to-apples measurement. Security researcher @webjedi was more direct. The findings represent "surface material" data leaks, XML exposure, cross-site scripting. Not sophisticated exploits requiring deep system knowledge. Not the kind of chained, context-dependent attack paths that lead to real breaches. The gap between "faster at finding XSS" and "can replace a human pentester" is enormous. The industry is conflating the two, and the conflation has consequences for every CTO making security budget decisions right now.

😂

今前職の人たちと焼肉行ってる これ書いてもう5年以上経ったと思うと感慨深い 攻撃して学ぶJWT【ハンズオンあり】 - Money Forward Developers Blog moneyforward-dev.jp/entry/2020/09/…

分からないことはAIに聞けば博士号持ちレベルの回答をくれるから、かつてのようにCTFきっかけの勉強会とかで人に会うことも減っていくのかなーとかぼんやり思ってた ワシがCTFerだったときは勉強会のために鹿児島から神戸とか福岡にまで行ってた笑

本日弊グループでセキュリティコンテストをやってたんですが、優勝チームは当たり前のように AI agent 使ってほぼ自動 solve していて、自分が好きだったみんなで集まってワイワイやる CTF の姿はもう社内にもなくなってきているのだなと少し悲しくなった

解こうと思ってた課題は全部解けたから息抜きに漫喫でも行こうかと思ってたらこの雪😇

Next week at @WWHackinFest I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀

ExtraMileもほぼ解けてしまい、試験まで結構余裕できてしまった...😅 練習がてら野良のドライバをリバーシングして過ごすか迷い中

素晴らしい例えですね！ > 分かりやすく言うと、「城壁で囲まれた町」のようなものです。 > 城壁は立派で門番もいる。でも、一度城壁の中に入ってしまえば、どこにでも自由に行けてしまう。「城壁の中にいる人は全員味方だ」という前提で町が設計されているのが、今の日本企業のセキュリティの実態

👀 newspicks.com/news/15873930/…

昨今の議論を見ていると、僕がchatGPTがリリースされる前後でCTF引退したのは幸運だったのかも？笑