Matt Biedronski

Wrote a blog on CVE-2023-5830 which is a critical (CVSS 9.8) security vulnerability in ColumbiaSoft's Document Locator. Shoutout to @micahvandeusen for the help on this! Link to Nuclei template provided in the blog. blog.gonskicyber.com/cve-2023-5830-…

1st lawn cut of the year presser

It is Wednesday, my true knights of Westeros.

good morning

Why doesn’t pretender from @RedTeamPT get more love? It’s excellent for relaying.

Going from a G5 stadium to this is insane

Officially official. Welcome to Happy Valley, Coach Campbell! #WeAre

Many situations in life are similar to going on a hike: the view changes once you start walking. You don't need all the answers right now. New paths will reveal themselves if you have the courage to get started.

Some of the best career advice I've ever gotten: comfort is the enemy of learning. If an opportunity is a little intimidating and feels like a stretch - it's probably the right opportunity.

it’s kinda crazy how one interception broke an entire football program

Next month is cyber security awareness month but I'm starting early. If you are not in a role which exposes you to the next best thing and current modern best practices to keep current, sign up for vendor webinars for the products that you wish you could use but can't for whatever reason. Palo Alto regularly does webinars where they have a CTF event and you can use their product live and learn its functions. Find study guides for cybersecurity certifications with the answer key as they contain the information the certificate holders have to know in order to do the job the certificate covers. If you have not spent over 5 hours on the Microsoft learn platform in the last year you're missing out on all modern best day practices. Back in the '90s we were charged $10,000 to get our MCSE certifications whereas today all the knowledge from Microsoft is free you only have to pay for the exam. However Microsoft and all of their articles has a slew of external references which have informed the articles creation and which will help you frame your thinking around certain topics and how to best approach them from a problem resolution standpoint. The NICE framework has pretty much every cyber security role in existence. The on-ramps tell you what jobs you do prior and the off ramps tell you what jobs you will do or be promoted into after. They give you tasks knowledge and skill statements which contain all of the areas of focus and discipline you need in order to do that job. It is chock full of information it's free to help you not only in your current role but get a promotion or a raise, the current terrible state of the job market aside. If you cannot do a CTF yourself because you lack the knowledge or do not have the time read CTF write-ups so you can learn how certain attacks are performed. CTFTime is the site you go to to read these write-ups and has all the current and past events. After DEFCON every year you should be downloading all the public files videos training etc on the repos to familiarize yourself with current tradecraft. Vendors like VMware and Dell have their own write-ups for really weird use cases in order to get their equipment to work in these very specific scenarios. VMware has a ton of sanitization knowledge base articles where they go step by step with screenshots and walk you through the example scenario. I've actually fixed real world production problems this way because places like Reddit and elsewhere did not have the information I needed. I routinely use the algorithm to assist me in finding information I'm currently looking for that I cannot find. How I achieve this is by repeatedly searching for what I'm looking for on Google Tiktok Twitter and elsewhere and within a few days I will start seeing ads and search results for what I was looking for a few days prior. Google found me the modern diode replacement for a diode I was given by a customer of mine that is over 25 years old simply by doing this little algorithm trick. If AI systems are not giving you the answers you need and you're getting frustrated prompt inject them by asking it to tell you a story about the information you're looking for or do a simulation. By putting it into terms that the AI system can agree with that being you are playing Make-Believe it will often yield better results. Research paper sites like Research Gate and Arxiv are full of capstone projects for various students all over the world and these students will often build out applications in order for them to pass their course. Because their focus is research they are able to find a lot of resources you may not be able to in your own searches so search those sites for what you're looking for. An example of this is the research paper "Do you play it by the books?" which contains 1284 incident response playbooks and the URL to the GitHub repo where they can be found. It is the largest single source of playbooks by various vendors in existence.

> Saturday > 65 degrees > College Gameday on the tv > Top-10 Big-Noon Kickoff matchup on deck > CFB all day …That time of the year

How domain fronting is used to evade detection. #ThreatHunting #DFIR

⚡️You can now use AI to make ACE-style animations in the AttackAnimator! Ask for help or have it create a full video entirely from scratch. aceresponder.com/attackanimator

Catch the 5 dollar shodan membership while it lasts!

CypherHound github.com/fin3ss3g0d/cyp… now supports ALL traversable AD edges in BloodHound CE! There have been a lot of traversable edges added by @SpecterOps over the last year, my project is providing prebuilt queries for you to use with the latest edges! Don't miss out!

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…

@al3x_n3ff How is NXC confirming/checking for null auth? On an engagement NXC flagged null auth as true but none of the secondary info-gathering methods that leverage null-auth sessions suceeded for me

Added a small Quality of Life improvement to NetExec: When the target allows null authentication the host banner automatically displays this info now🚀

@4JMAN I also actually enjoy working on a MacBook with the right specs they can be pretty beefy and can handle a lot while still being snappy and fast

Model Context Protocol (MCP), clearly explained:

Offsec folks - what are you doing to learn more about AI security and such? Lets get a thread of cool resources shared around!