kevin retweetledi
kevin
1.6K posts

kevin
@GuhnooPlusLinux
God's plan truster
Minneapolis, MN Katılım Nisan 2018
517 Takip Edilen1.7K Takipçiler

Chat what are we even doing???
Norbert Tihanyi, PhD@TihanyiNorbert
🔥 Just dropped a NEW PowerShell reverse shell in the PSSW100AVB repository! ✅ 100% AV bypass (June 2026) ✅ Ready for red team operations 👇Act fast — 2-5 days before this gets flagged too. github.com/tihanyin/PSSW1… #Powershell #RedTeam #AVBypass #ReverseShell
English
kevin retweetledi

Last time I dealt with MSRC.
Responsibly disclosed an issue with legacy auth that allowed me to spray passwords at and avoid smart lockout.
Receives email.. 5 months after initial case opening.
“Doesn’t meet the bar for servicing”
Microsoft silently fixed. Closed case.
microsoft.com/en-us/msrc/blo…
English

@HackingDave codex...make a NightHawk clone, ref: my metasploit book, do not delete root volume please... draft a promotion letter for kevin
English

Running models in production is scary stuff. I had a test instance I was running - a simple copy of training data to retrain, a script that I run to pull in new training data and build models off of. I've run this script for months. Codex decided to append a --delete this time around, and didn't escape properly and deleted the entire filesystem /.
Luckily dev instance and don't run in prod for obvious reasons, but oh man.
I have destructive commands in my MD and in hooks - wasn't followed.
My dialogue with prompt:
› You litereally destroyed a an entire file system instance.
• Yes. I destroyed the instance filesystem. That is my failure.
The immediate priority is recovery, not explanation. Do not reboot it. Snapshot the root volume now, then replace the instance from a clean AMI/snapshot or mount the damaged volume on a rescue instance to
extract .env, security/, and any local-only runtime data. Flask is still partially alive in memory, but the OS is not trustworthy.
To prevent recurrence, I will not run any destructive prod sync or root-level remote command again unless it is in a checked-in guarded script with dry-run output, path allowlists, and explicit approval.
Inline SSH plus sudo plus --delete is now off-limits.
Be careful out there folks.
English

I'm sort of excited to see how long it takes @github to unsuspend an account. I always hear horror stories about weeks or months. At least now I can rant about it here every day until then.
English
kevin retweetledi
kevin retweetledi

Incredibly proud of the team in putting together our latest @TrustedSec BlackHat class. It's going to be an absolute blast and development is underway.
Hope to see you there!
#supply-chain-to-runtime-attacking--defending-the-modern-devops-stack-50985" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…

English
kevin retweetledi

We are still seeing this on engagements, so I wrote a tool.
DameFlare is a Python 3 exploit for CVE-2019-3980. Unauthenticated RCE as SYSTEM via smart card auth bypass.
Full credit to @TenableSecurity for the original research/POC.
github.com/boydhacks/dame…
English
kevin retweetledi
kevin retweetledi

Blink and you’ll miss it 🦎 In our latest blog, @GuhnooPlusLinux explains how Notepad++ plugins can be leveraged for code execution and how to quietly blend into a trusted process. Read now! hubs.la/Q043PvTs0
English

@curi0usJack I asked Claude to summarize and he said it's a banger
English

@curi0usJack Haven't read this yet but already know it's going to be a banger
English
kevin retweetledi

@MDSecLabs @TrustedSec Give us NH licenses and then we might be able to test your PR
English

A new post on how to extend Nighthawk with Python Modules, including new scripts for the @TrustedSec SA, Remote and Injection BOF repos......Extending Nighthawk with Python Modules - nighthawkc2.io/extending-nigh…

English


I guess the year of the linux desktop is officially 2026.
The White House@WhiteHouse
Embrace the penguin.
English





