bohops

[Blog] Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127) - Analysis of .NET diagnostic features and tradecraft - Walkthrough of a .NET Cross-Session Local Priv Esc (LPE) - Defensive Recommendations bohops.com/2023/11/27/abu…

ouch

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

Confirmed! @chompie1337 of IBM X-Force Offensive Research (XOR) used a race condition to escalate privileges on Red Hat Enterprise Linux for Workstations, earning $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OBerlin

@HackingLZ Pup looks 74.5 lbs to me

Trying to plan the drive down to Texas for next month. Several hotel chains have a restriction on dogs over 75lbs I do wonder if they actually care.

If you came to SOCON, you may have seen the fireside chat on Ouroboros (if you weren't too busy counting my "urm"s 😝). The blog post is now live, detailing how we can use Dev-Tunnels for lateral movement, and allow pivoting from GitHub/Entra ID access. specterops.io/blog/2026/05/0…

Loving Wife [and Family] Retirement Plan [and Comfortable Living] Reduced Taxes [and Responsible Government] Fulfilled Life

Ok, while I do appreciate the perspective and can relate (I was a sysadmin in a budget constrained IT dept once), the intent of the post was not to knock sysadmins but to simply (semi-jokingly) highlight the disparity of security-related prioritizations in the era of AI. If at all, those other things that have been issues for years and decades matter more - problems related to hygiene should be addressed in an organization before worrying about perspective AI threats. Sysadmins should be empowered to resolve issues and not lost in a cycle of technical debt, long hours, and underappreciation. These issues often are not caused by the sysadmin, but unfortunately they get to deal with the fallout from the misaligned priorities of the organization or leadership.

@bohops like if there was a second ninja IT departement that has everything under control and this is the canary.

- LLM 0-day panic: 10/10 - Windows 2003 still on the network: 😶 - ColdFusion in 2026: 💀 Don't get me started on default credentials...

@HackingLZ Only 200 of them

@bohops You didn't use any Firefox 0day? 🤯

@OneCloudEmoji Goodness I can only imagine

@bohops Last year my team did a test on a cold fusion app it produced the single largest pentest report the company has ever delivered.

OK then C(++)

@JonnyJohnson_ congratulations!

Mr. and Mrs. Johnson 04.25.2026

@jamieantisocial those were the good old days

@bohops "oh that was only 5 years ago...no 6...no...fuck" -me

🎱 years is a few iterations of lifetimes in computer security (𝒂𝒑𝒑𝒂𝒓𝒆𝒏𝒕𝒍𝒚).

@ustayready @HackingLZ

@bohops @HackingLZ Ford f150 unless you run cattle, then f250 diesel

My first big Texas choice next month Chevy truck or Ford 😂

@_subTee And then the LOL-ecosystem was born

@_subTee And don't worry, I'm not convinced the mothership will truly ever resolve the script host problem 😬

@_subTee Maybe cliché, but this quote resonates - "What matters most is the friends we made along the way."

@_subTee History <3