Beau Bullock

@passthehashbrwn @_subTee

@_subTee @dafthack I took the class around 2020(?) and pretty much as a direct result got a job doing cloud pentesting and found multiple Azure 0days, can't say enough good things

@_subTee Thanks so much for the kind words Casey! I hope you are doing well man!

Next week at @WWHackinFest I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Here's a video PoC for Azure Entra ID SignIn Log Bypass in action. I had to make it to help MSRC replicate it (lol). You'll see how simple this bypass was. No worries admins, Microsoft says that it was only a "Moderate" issue.

“Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models” One day we might be hiring literature majors in cybersecurity. arxiv.org/abs/2511.15304

Join @dafthack for his precon training class, "Breaching the Cloud," at Wild West Hackin' Fest - Mile High 2026! Don't ya go missin' it, grab yer tickets to the con today! wildwesthackinfest.com/wild-west-hack…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Want to learn how modern attackers hack cloud infrastructure like Azure and AWS? In two weeks (9/23 & 9/24) I'm teaching Breaching the Cloud live and fully remote. Register here: antisyphontraining.com/product/breach… @Antisy_Training

Two opportunities to take my Breaching the Cloud course live are coming up soon. If you want to learn how to hack cloud environments like Azure and AWS this is the course for you. Sep. 23 & 24 - Fully remote and live Oct. 7 & 8 - In-person only at @WWHackinFest Register here: antisyphontraining.com/course/breachi…

@Badgerops @stokfredrik Ha! Yeah that was quite the surprise! Awesome to meet you too! 🤘

Just thinking about that time I ran into @stokfredrik and @dafthack at a random metal shop in Stockholm and had no idea who Stök was. Was good to meet both of y’all, and discover the cool things you’ve been working on!

Check out my new blog on nested app authentication and brokered authentication.

FIDO downgrades are still possible, in reverse proxy phishing attacks, if you manage to convince the server that your device does not support strong MFA. 🪝🐟 Research from @proofpoint: proofpoint.com/us/blog/threat…

New downgrade attack can bypass FIDO auth in Microsoft Entra ID - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

I've been using Microsoft Teams wrong this entire time

🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud. No logs. No easy traces. Your hybrid setup could be a silent breach vector. Full details + fixes → thehackernews.com/2025/08/micros…

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA @tamirishaysh

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…

I pushed updates to SCCMHunter as part of my Arsenal demo at #BHUSA today! New features include a relay module for TAKEOVER-5 and a community contribution to coerce client push from a *nix host for ELEVATE-2. github.com/garrettfoster1….

**NEW RELEASE** Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource 10 essential offensive tool references, available as PDFs or blog posts. Download all or individual sheets. Thanks again to all our contributors! Check it out: blackhillsinfosec.com/offensive-tool…