@BrumBsides Thanks for having me, genuinely so much fun and a really well ran event! Till next time!
English
Andy Swift
2.3K posts
Andy Swift
@SwiftSecur1
Security Researcher and Technical Director of Offensive Security at @6degreesgroup | Red Team | Penetration Testing | Reversing | DFIR | Views are my own.
Katılım Ocak 2020
281 Takip Edilen1.1K Takipçiler
GIF
English
I, as a member of the Pizza Party here-by nominate Tingle Hacking as the official new term
@0xTib3rius @SwiftSecur1 @techspence @UK_Daniel_Card
What say you?
spencer@techspence
It’s too bad vibe hacking has a different connotation now. How about… Intuition hacking?
English
Andy Swift retweetledi
@0xTib3rius @InsiderPhD Agree, once you been at this a while you get a tingle for where the vulns be hiding.
GIF
English
@InsiderPhD I don't use a methodology either. Methodologies are great for juniors. Seniors and above test using instinct and vibes.
English
People always ask me about pentesting and I don’t think I could ever be a pentester: when I find my best bugs I very rarely follow any kind of methodology when I hack. I’m very much reliant on instinct and vibes. Once I’ve found 1 or 2 bugs I get bored too.
English
@LambdaMamba @Malmons_World WHAT! this is actually awesome! I sent the link around to people on my team so hopefully they chipped in! congrats on hitting the milestone!
English
The @Malmons_World Gh0st RAT Plush Pendant Blind Box is now fully funded on Kickstarter! 🥳
Thank you all for making this possible! 🙏
The Kickstarter is open until May 27, so if you want a Gh0st RAT Malmons Plush with freebies, now's your chance! 🎁
kickstarter.com/projects/lambd…
English
One to catch from this guy! He is ok I guess :p
Tib3rius@0xTib3rius
Last minute talk at @bsides312 confirmed. 😅 Should be a fun one though.
English
@SwiftSecur1 Found this video/recording of your client call:
Liberty Pill Memes@LibertyPillMeme
"Wish servers" 💀
English
Well thats a new one....client wants to move the reporting day to...before the test....🤷
English
Backed. I want me a Gh0st RAT and these are cool af.
Go Go!
Malmons World@Malmons_World
The Gh0st RAT #Malmons Plush Pendant Blind Box is now 88% funded on Kickstarter! 🎱 Every blind box comes with a FREE golden ILOVEYOU #Malmons enamel pin! ❤️ Thank you all for your continued support! 🙏 Help us reach 100% on #Kickstarter by May 27: kickstarter.com/projects/lambd…
English
@vxunderground Oh fuck no, I cleaned out my desktop gaming pc about a year ago....and a spider like the size of my hand ran out from round the back of the PSU...I shat a brick.
Now...its just sat there happily clogging up with dust because im never going back till it overheats and dies.
English
No
You know what's scary? Spiders. I HATE spiders. I don't care how many goofy ahhh exploits are found and patched.
A computer filled with spiders would be genuinely terrifying.
Theo - t3.gg@theo
Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?
English
Ridiculous experiences with passwords…
- cracked 4 20+ char pass phrases because they were popular Bible verses and song lyrics
- guessed an admin password after cracking a service account hash that was named similarly to the admin account
- cracked a RID 500 account that was configured as a service account, password was 7 characters
- sprayed a password a client gave me on a purple team (for the telemetry) and found it was used on hundred of enabled accounts
Let’s hear yours 😅
English
😊 Aw thanks dude!
Mike Manrod@CroodSolutions
As always, @techspence was right on point - add in @0xTib3rius and @SwiftSecur1, and how could it not be an epic episode? This is an @AcrossPondPod episode you don’t want to miss!! Teaser: An org has a minimum standard/policy of 20-character pass phrases as the requirement. They’re good, right?
English
Andy Swift retweetledi
🚨 #BSidesBirmingham CTF goes live Friday 🔥
🕐 Opens: Fri 15 May — 1:21pm
🏁 Ends: Sat — 3pm
Access/register 👇
portal.securecodewarrior.com/#/register/486…
You’ll need the tournament code…
🧠 “What frequency, in Hz, opened the long-distance trunk?”
A challenge before the challenge 😏
English
thehackernews.com/2026/05/new-tr…
Kinda interesting C2 method 🙂
Indonesia
@LeighGi66657535 @MalwareVillage Oh that case is interesting, I wonder how good it is at cooling though...looks awesome :o
English
Work has begun on my ransomware development class for DEFCON33 @MalwareVillage!
Students will get the opportunity to execute their trojanized ransomware on our super computer our friend Yannick is bringing along.
This thing is so sexy!!’
English