bohops

7.6K posts

bohops banner
bohops

bohops

@bohops

Red/Purple/Research | Adversary Services @xforce red

The Land of Pleasant Living Katılım Ağustos 2017
479 Takip Edilen14.7K Takipçiler
Sabitlenmiş Tweet
bohops
bohops@bohops·
[Blog] Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127) - Analysis of .NET diagnostic features and tradecraft - Walkthrough of a .NET Cross-Session Local Priv Esc (LPE) - Defensive Recommendations bohops.com/2023/11/27/abu…
English
3
85
202
44.9K
bohops retweetledi
Andrew Oliveau
Andrew Oliveau@AndrewOliveau·
🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC
English
1
37
98
8.3K
bohops
bohops@bohops·
@HackingDave From OpenClaw to Fork Sprawl. It's the dawning of a new age.
English
0
0
1
278
Dave Kennedy
Dave Kennedy@HackingDave·
I'm getting 10-15 requests a week asking for me to review some innovative new tool for hacking, defense, encryption, home automation - pretty much any topic. I'm getting pull requests that add 40K lines of code with no changes to functionality. Everyone is learning, reminds me so much of the early 90/early 2000 hacking days. I love that everyone is super excited and can now code with their minds, but I do not have the time to go through all of these requests, and I'm moving towards in my open source projects "We do not accept pull requests anymore, give me the claude prompt and desired results and will incorporate and add you to contributors". We live in an interesting/weird time.
English
21
5
228
13.6K
bohops retweetledi
Chris Thompson
Chris Thompson@retBandit·
After 13 incredible years at IBM, I’m stepping away to start building something new. IBM has been a defining part of my life. I’m especially proud to have founded and grown the Adversary Simulation team and to have served as a Distinguished Engineer focused on AI and offensive security. What began as a small idea became one of the greatest red teams, pushing the boundaries of what real-world adversary simulation can look like - made possible by an exceptional group of people I learned from every day. I’m deeply grateful to the X-Force leadership and to the teammates, mentors, researchers, and operators who made the journey what it was. The team is in great hands and will continue to do important, impactful work. Looking ahead, I’m excited to focus on building what’s next - continuing to raise the bar for offensive cyber and exploring how AI can enable high sophistication offensive cyber operations and capabilities at a speed, scale, and intensity never before seen. It’s still early, but I’m looking forward to sharing more soon. I truly appreciate everyone who’s been part of the journey.
English
15
8
105
7.2K
bohops
bohops@bohops·
@init1security This is not my talk, but I have given talks outside the US (e.g. on COM). I am actually looking forward to catching this one on YouTube (hopefully)
English
0
0
2
31
Init1Security
Init1Security@init1security·
@bohops As always all the cool talks are outside the U.S., jk,jk. Congrats super interesting topic as always!
English
1
0
0
41
bohops
bohops@bohops·
COM is a gift that keeps on giving.. yet another relic of the Windows OS that is unlikely to go away in the near future.
Security BSides Prague@bsidesprg

🚨 Speaker Announcement – #BSidesPrague2026 🎤 Marco Balzarin Abusing the Ordinary: New COM-Based Windows Attack Vectors Explore Windows COM from an offensive angle—new hunting methods and undocumented techniques for stealthy code execution via legitimate components. #Bsides

English
2
9
73
6.5K
bohops
bohops@bohops·
@sundhaug92 Probably not. The opposite is occurring - more COM for more fun.
English
0
0
0
56
bohops
bohops@bohops·
@wdormann that's very interesting. can you share the hash of that sample? I'd be interested looking at that.
English
0
0
0
126
bohops
bohops@bohops·
@CroodSolutions If there was a one way time machine, I'd happily go back to 1996. just sayin...
English
1
0
1
33
bohops
bohops@bohops·
Who wants to bets on which happens first? - Microsoft finally kills NTLM on Windows Desktop - The year of the Linux Desktop truly arrives
mRr3b00t@UK_Daniel_Card

I just want to point out: If you use Windows 11, and you think you are being secure by not using a Microsoft account (personal or M365 etc.) then you are likely actually leaving urself exposed to Responser style attacks (or SMB hash theft over the internet/cohersion) if you don't do manual hardening. It's not something I see many talk about, network adjacent attacks are well documented for pen testing but real world incidents we tend to see far more 'they already have creds/shells and then go for kerberoasting etc.' however I want to point it out!

English
1
0
7
1.4K
bohops
bohops@bohops·
@CroodSolutions It will be our contribution to a society ~30 years behind us
English
1
0
1
47
Mike Manrod
Mike Manrod@CroodSolutions·
@bohops Or option 3: - last star in our galaxy winks out, as a capsule preserving our knowledge and history floats through space hoping to be found one day. The capsule is powered by windows, still with NTLM, as well as legacy floppy drivers and dialer.exe
English
1
0
1
45
bohops retweetledi
Bad Sector Labs
Bad Sector Labs@badsectorlabs·
🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)
English
3
20
78
6.7K
bohops
bohops@bohops·
I think it really depends on the use case. The smaller general models are nice for speed, and Gwen seems to handle external tool calls well, so that's a huge plus for these simple chatbots and assistants. For heavier lifting, I'd look at using larger models (at the tradeoff for speed of course).
English
1
0
1
81
checkymander
checkymander@checkymander·
@bohops @jakobdylanc how are you finding the 9b parameter model? That's about the level I can run, but I'm always hesitant about these lower param models
English
1
0
1
127
bohops
bohops@bohops·
The family of Qwen 3.5 models are quite impressive. For fun, I've setup a slightly snarky Discord chatbot based on @jakobdylanc's llmcord with added web search and web fetch capabilities using the 9b parameter model.
bohops tweet media
Sudo su@sudoingX

this is what 12 gigs of VRAM built in 2026. a 9 billion parameter model running on a 5 year old RTX 3060 wrote a full space shooter from a single prompt. blank screen on first try. i came back with a bug list and the same model on the same card fixed every issue across 11 files without touching a single line myself. enemies still looked wrong so i pushed another iteration and now the game has pixel art octopi, particle effects, screen shake, projectile physics and a combo system. all running locally on a card that was designed to play fortnite. three iterations. zero cloud. zero API calls. every token generated on hardware sitting under my desk. the model reads its own code, finds what's broken, patches it, validates syntax and restarts the server. i just describe what's wrong and it handles the rest. people are paying monthly subscriptions to type into a browser tab and wait for a server farm to respond. meanwhile a GPU you can find used on ebay is running a full autonomous hermes agent framework with 31 tools, 128K context window and thinking mode generating at 29 tokens per second nonstop. the game still needs work. level upgrades don't trigger and boss fights need tuning. but the fact that i'm iterating on gameplay balance instead of debugging whether the code runs at all tells you where this is headed. every iteration the game gets better on the same hardware. same 12 gigs. same 9 billion parameters. same RTX 3060 from 5 years ago your GPU is not a gaming card anymore. it's a local AI lab that never sends your data anywhere.

English
2
1
9
2.7K
bohops
bohops@bohops·
@CroodSolutions @jakobdylanc LOL I can't claim credit - the was really the author's touch. I made it slightly less snarky along with a few other adjustments.
English
1
0
2
66
bohops retweetledi
Jason Walls
Jason Walls@walls_jason1·
Yesterday Mark Cuban reposted my work, DM'd me, and told me to keep telling my story. So here it is. I'm a Master Electrician. IBEW Local 369. 15 years pulling wire in Kentucky. Zero coding background. I didn't go to Stanford. I went to trade school. Every week I'd show up to a home where someone just bought a Tesla or a Rivian. And every time, someone had already told them they needed a $3,000-$5,000 panel upgrade to install a charger. 70% of the time? They didn't need it. The math is in the NEC — Section 220.82. Load calculations. But nobody was doing them for homeowners. Electricians upsell. Dealers don't know. And the homeowner just pays. I got angry enough to build something about it. I found @claudeai. No coding experience. I just started talking to it like I'd explain a job to an apprentice. "Here's how load calcs work. Here's the NEC code. Now help me build a tool that does this." 6 months later — @ChargeRight is live. Real software. Stripe payments. PDF reports. NEC 220.82 calculations automated. $12.99 instead of a $500 truck roll. I'm still pulling wire. I still take service calls. I wake up at 5:05 AM for work. But something shifted. Yesterday @vivilinsv published my story as Claude Builder Spotlight #1. Mark Cuban saw it. The Claude community showed up. And for the first time, I felt like this thing I built in my kitchen might actually matter. I'm not a tech founder. I'm a dad who wants to coach little league and be home for dinner. I just happened to build something that helps people. If you're in the trades and thinking about using AI — do it. The barrier isn't technical skill. It's believing you're allowed to try. EVchargeright.com
English
604
2.2K
16.3K
880.1K

Keşfet

@h4wkst3r @kulinacs @HackingDave @init1security @wdormann @sundhaug92 @CroodSolutions @jakobdylanc