Kaden Butt

@sudobunni I get OSS updates pretty basically, just through the explorer view on GitHub looking at trending repos

One of my goals is to support open source maintainers in whatever ways I can. However, I'm currently struggling to keep up with what's happening in the open source space (trending projects, active maintainers, etc). Does anyone have any resource recs to stay up-to-date on that stuff?

intercom-client has also been popped by TeamPCP: npmjs.com/package/interc… @intercom

🚨 The popular PyPI package lightning has been compromised in a supply chain attack. Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials. This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python

i should probably add to the noise and earn internet points like everybody else screaming about copy dot fail or mini shai hulud or cpanel hacks or github rce or password manager pwnage or codex goblins or zomg ai or whatever else is ‼️🚨BREAKING🚨‼️today but i'm just tired man

Arrived back in Australia early this week after an exciting trip to the US of A to attend SOCON hosted by @SpecterOps. I had the pleasure of meeting a lot of really smart people in the cyber industry including founders, prominent voices, tech leaders, researchers, and more.

Day three of the Adversary Tactics: Detection course by @SpecterOps has come to a close. Today we dove into tradecraft analysis that resulted in the design and deployment of high fidelity alerts built from signals aligned with the peak of the pyramid of pain model.

We're so back @primeagen

Day two of the Adversary Tactics Detection course finished with @SpecterOps, this developed and enforced concepts necessary for successful detection and hunting programs including data documentation, quality, normalisation and intelligence dissemination.

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques. Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇

Had day one of the Adversary Tactics: Detection (ATD) course yesterday with @SpecterOps. It covered the foundational concepts needed for successful detection engineering and threat hunting programs that detect and find REAL threats

they called it mythos because no one’s ever gonna see it They’re literally trying to rage bait us

Absolutely stoked to be invited by @SpecterOps to attend SOCON 2026 next week and listen and learn from some of the best in the industry. Especially excited for CICD related security, operationalising attack path management in an enterprise environment, and the training.

@juiceboy_of_abj CLI..

So if you buy a new laptop and mistakenly uninstall the browser that comes with it, how would you download the browser back since you don’t have a browser to install the browser?🤔🤔

BREAKING: Enterprise software firm Atlassian still cannot make a product that is good to use. ASI seems to be unable to help as it remains confused on how properly to file a ticket in JIRA for the SWE-AUTOMATION team.

SFHound is now part of the @SpecterOps OpenGraph community library. Others can now experiment with it and build on the work. Salesforce auditors and penetration testers now have another tool in the arsenal. Repo: github.com/Khadinxc/sfhou…

@Shivam25mishra Concepts over platforms, that's why.

Why do colleges focus more on theory than building real projects?

Introducing SFHound a @bloodhound data collector for the Salesforce platform using @SpecterOps Opengraph. Salesforce holds a range of identity related threats to an organisations most critical data sets such as customer data. Read more here: kaibersec.com/blog/salesforc…

@pwnx00 Very glad you enjoyed the review. I'm not much of a writer but there should be more content on OSEP.

@Kaib3ri Congratulations 👏 I really enjoyed your review. I am half way there.

Since passing the OSEP exam I've compiled some of my thoughts, and resources I loved into a blog with references to my GitHub. I've included a bit of a methodology and enumeration office macros to streamline client side attacks. Let me know what you think kaibersec.com/blog/breaking-…

@frosty468119564 @offsectraining It's definitely on the cards ! Thinking about doing the cwee path into oswe

Recently passed the OSEP exam from @offsectraining massive achievement for me having conquered the 48 hour exam. I was able to meet my object in just under 10 hours but continued to push it further after that. #acc.7JjzaLqD" target="_blank" rel="nofollow noopener">credentials.offsec.com/55ee908e-c26f-…