kevin
1.6K posts
kevin
@GuhnooPlusLinux
Sensitive young man
Minneapolis, MN Katılım Nisan 2018
519 Takip Edilen1.6K Takipçiler
@HackingDave codex...make a NightHawk clone, ref: my metasploit book, do not delete root volume please... draft a promotion letter for kevin
English
Running models in production is scary stuff. I had a test instance I was running - a simple copy of training data to retrain, a script that I run to pull in new training data and build models off of. I've run this script for months. Codex decided to append a --delete this time around, and didn't escape properly and deleted the entire filesystem /.
Luckily dev instance and don't run in prod for obvious reasons, but oh man.
I have destructive commands in my MD and in hooks - wasn't followed.
My dialogue with prompt:
› You litereally destroyed a an entire file system instance.
• Yes. I destroyed the instance filesystem. That is my failure.
The immediate priority is recovery, not explanation. Do not reboot it. Snapshot the root volume now, then replace the instance from a clean AMI/snapshot or mount the damaged volume on a rescue instance to
extract .env, security/, and any local-only runtime data. Flask is still partially alive in memory, but the OS is not trustworthy.
To prevent recurrence, I will not run any destructive prod sync or root-level remote command again unless it is in a checked-in guarded script with dry-run output, path allowlists, and explicit approval.
Inline SSH plus sudo plus --delete is now off-limits.
Be careful out there folks.
English
English
I'm sort of excited to see how long it takes @github to unsuspend an account. I always hear horror stories about weeks or months. At least now I can rant about it here every day until then.
English
kevin retweetledi
A question I get quite often when advocating for people to write blogs is some variation of: Is it worth even doing blogs/writeups of "simple" things like ctfs or setting up things in a lab?
The short answer is: yes, absolutely.
The long answer is more nuanced:
English
kevin retweetledi
Incredibly proud of the team in putting together our latest @TrustedSec BlackHat class. It's going to be an absolute blast and development is underway.
Hope to see you there!
#supply-chain-to-runtime-attacking--defending-the-modern-devops-stack-50985" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…
English
kevin retweetledi
We are still seeing this on engagements, so I wrote a tool.
DameFlare is a Python 3 exploit for CVE-2019-3980. Unauthenticated RCE as SYSTEM via smart card auth bypass.
Full credit to @TenableSecurity for the original research/POC.
github.com/boydhacks/dame…
English
kevin retweetledi
kevin retweetledi
Blink and you’ll miss it 🦎 In our latest blog, @GuhnooPlusLinux explains how Notepad++ plugins can be leveraged for code execution and how to quietly blend into a trusted process. Read now! hubs.la/Q043PvTs0
English
@curi0usJack I asked Claude to summarize and he said it's a banger
English
@curi0usJack Haven't read this yet but already know it's going to be a banger
English
kevin retweetledi
@MDSecLabs @TrustedSec Give us NH licenses and then we might be able to test your PR
English
A new post on how to extend Nighthawk with Python Modules, including new scripts for the @TrustedSec SA, Remote and Injection BOF repos......Extending Nighthawk with Python Modules - nighthawkc2.io/extending-nigh…
English
I guess the year of the linux desktop is officially 2026.
The White House@WhiteHouse
Embrace the penguin.
English
Net-NTLMv1 is outdated, insecure, and must go. 🛑
To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment.
Read more: bit.ly/4qpV6MJ
English