Gabe The Goober

What happens when hashcat team is bored and find a challenge in the rfid hacking world ? Magic ! #proxmark #hashcat

I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.

not sure why, but releasing Pyre - Ghidra's decompiler running fully in your browser. Drop an ELF / Mach-O / PE / wasm, navigate decompiled C with cmd-click + xrefs in Monaco. No server, no upload, binaries must never leave the page... source. github.com/ant4g0nist/pyre deployed at: pyre.fuzzing.science

Windows 11 24H2 LPE vulnerability (CVE-2026-21250) → Local privilege escalation → Potential SYSTEM access Exploit PoC is public 👇 exploit-db.com/exploits/52546 Patch or mitigate ASAP. #CyberSecurity #Infosec #Pentesting

@piratesfan1111 @wildfreakouts While true… this proves very little by itself boss. It’s useful to disprove alibis tho! 🫡

@wildfreakouts Wait til they find out you can track iPhones location at the time of the shooting.

Guy records himself doing a drive by on his opps house

The latest Proxmark3 release is called BREAKMEIFYOUCAN! Not a random name. That is the actual 3DES factory default key NXP burned into every MIFARE Ultralight C they shipped since 2008. Somebody finally broke it properly. The paper drops the keyspace from 2^112 down to 2^28. Counterfeit cards fall in under 60 seconds from a single card interaction. The tooling is merged: github.com/RfidResearchGr… #Proxmark3 #RFID #NFC #MifareUltralightC #NXP #OpenSource

Fun little idea for obfuscating shellcode aside for the classic XOR @doobthegoob/agent-smith-obfuscating-shellcode-via-matrix-transformation-s-9e45af897591" target="_blank" rel="nofollow noopener">medium.com/@doobthegoob/a…

Oh this is clean. A searchable, filterable RFID attack reference. HID Prox, MIFARE, EM4100, animal tags, organized by frequency AND tool (Proxmark, Flipper, Chameleon...). This is the cheat sheet that used to live in your notes app. Bookmark it! you'll thank yourself on your next physical engagement. redteam.vip/ram-rfid-attac…

CVE PoC Search watchstack.io/intel/poc-sear…

RCE via a malicious SVG in mPDF @brun0ne/rce-via-a-malicious-svg-in-mpdf-216e613b250b" target="_blank" rel="nofollow noopener">medium.com/@brun0ne/rce-v…

meet VMkatz, github.com/nikaiw/VMkatz

PlayStation 4 emulator for Windows, Linux and macOS github.com/shadps4-emu/sh…

Researcher releases PoC exploit code for EventLogin, a TOCTOU flaw in Windows MS-EVEN RPC allowing remote file writes. Patch now. securityonline.info/poc-disclosed-…

Capturing NTLMv2 hashes with alligator clips Here is the article: hackers-arise.com/network-forens… #pentesting #redteam @three_cube @_aircorridor

An agent just pwned a 32K star repo via GitHub Actions awesomeagents.ai/news/hackerbot…

Finally got this virtual iPhone running iOS 26.1 up and running on macOS. It's jailbroken and going to help with security research a ton. Big thank you to @wh1te4ever for this. This is not for the average user and is complicated to set up. Highly recommend Codex and/or Claude to assist. For those interested, the project is here: github.com/wh1te4ever/sup… And the writeup is here: github.com/wh1te4ever/sup…

...now in macOS binaries 🫣 (at least, first time I've seen it)

Account Takeover via Password Reset Poisoning Tips :- 1- During signup or password reset flow replace the Host header value with:- Host: attacker.com 2- Observe that the email verification or password reset link got poisoned credit: @wadgamaraldeen #bugbountytips

Gemini 3 Deep Think generated a real-time 3D WiFi radar that maps every network around you as glowing nodes in a Matrix-style space — in one shot. It used Pearson correlation to infer which APs are physically close, since RSSI alone isn't enough.

‼️ CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: 9.8 PoC: github.com/hakaioffsec/In… PoC Published: March 26th, 2026