Dave Mayer
1.5K posts
Dave Mayer
@dmay3r
MD of Advanced Assessments @Neuvik, GIAC GSE
Katılım Mayıs 2011
818 Takip Edilen920 Takipçiler
Found this slick USA managed router! He’s a bit bitey but fully RFC1149 compatible! en.wikipedia.org/wiki/IP_over_A…
English
Dave Mayer retweetledi
🔆 🌴 Calor, playas, and cutting-edge cybersecurity—South Florida style.
Join BSides May 8! #BSidesSoFlo" target="_blank" rel="nofollow noopener">bsidessouthflorida.org/#BSidesSoFlo
English
Dave Mayer retweetledi
Curious what mistakes your organization is making when it comes to securing the cloud? Join Neuvik's Bailey Belisario as he reflects on common findings across recent penetration tests. He'll cover:
📌 Detailed case studies highlighting the attacker’s exact steps
💡 Blue-team controls that would have stopped the attack cold
💻 Tactical actions that can implemented immediately
#DakotaCon13 #penetrationtesting #cybersecurity
English
@HackingDave @roguekode I’m pretty sure it’s daily spam now even though I constantly “unsubscribe”
English
Just installed the Meross automatic garage smart home opener. Love this thing. Finally have a garage door opener that ties into Google Home. When I said it's time for bed:
1. Alarm kicks on.
2. Garage door closes if open.
3. All lights turn off.
4. Temp set to desired temperatures.
5. Bed kicks on for desired temp.
6. Turns noise on in my bedroom.
7. Camera go to motion sensoring.
8. Doors automatically lock around the house.
Super easy install, took 10 mins.
English
Nothing like the fun days of air travel. Flight cancelled and rerouted. Another flight cancelled and rerouted. At least it’s just me without my boys. That would have made it more interesting
English
Dave Mayer retweetledi
oh oh! Someone didn't follow @SANSOffensive SEC565 and left their C2 web interface exposed to the internet! can you get in?
sec565.rocks
read about how I recently used an LLM to bypass math captchas and decided to make it a SEC565 bonus lab. jfmaes.me/blog/your-capt…
English
Dave Mayer retweetledi
🚨 BSides South Florida 2026 – CFP is OPEN!
Speaker submissions now open for our second edition.
🎤 Tracks: Technical & Leadership
Have a talk, case study or lessons learned? Submit now & be part of it!
👉 lnkd.in/e_FFug_F
#Cybersecurity #BSides #CallForPapers #Infosec
English
Dave Mayer retweetledi
BSIDES SOUTH FLORIDA May 8, 2026
We are excited to officially announce BSides South Florida 2026, and this year, we are leveling up in a big way.
Bigger Venue - Marriott Harbor Beach Resort
Early Bird registration, CFP's, and sponsorships are OPEN.
bsidessouthflorida.org
English
Dave Mayer retweetledi
Who’s using nmap, metasploit, sqlmap, hydra in their red teams? 😅
chiefofautism@chiefofautism
someone built an entire AI RED TEAM - multiple agents that coordinate HACKING ATTACKS together, ZERO human input PentAGI, open source, one agent does recon, another scans, another exploits, another writes the report. they talk to each other and adapt based on what they find it ships as one docker container with nmap, metasploit, sqlmap, hydra preinstalled. the AI decides which tool to use and when. you point it at a target and walk away a red team engagement costs $30-50k and takes weeks. this is one docker command and API tokens
English
Dave Mayer retweetledi
Feb 26
@SANSOffensive will be riding the vibes and whipping up an MCP for Empire. Workshop is free.
Learn what MCP is, how to craft efficient AI workflows and never having to setup listeners and payloads yourself anymore. Just ask gemini to do it
sans.org/webcasts/vibe-…
English
Tailscale once said this kind of thing can’t happen because it breaks the ToS
Clandestine@akaclandestine
GitHub - Yeeb1/SockTail: Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale github.com/Yeeb1/SockTail
English
@Octoberfest73 Its a true shame that Trend Micro went this route and tried to claim this as their own.
English
JFC. Trend Micro released a report on lnk file argument hiding months ago as a “zero day” that has been observed for close to 10 year at this point. Now they have a CVE assigned for it with “remote code execution” in the description. What an absolute sham and embarrassment.
blackorbird@blackorbird
I always thought this was a normal feature.😅 CVE-2025-9491 vulnerability exists in the way Windows handles .LNK (shortcut) files. Attackers can embed malicious command-line parameters in the "Target" field of the LNK file and pad them with spaces or other characters to hide these parameters. When a user inspects the file through the Windows user interface, these dangerous contents are invisible to the user. Once the user executes the LNK file, these hidden parameters are passed to the target program, leading to the execution of arbitrary code in the context of the current user.
English
English
Where is #TinyTimMedin OSINT Challenge has begun!
@TimMedin thought I forgot. But he was wrong!
@RedSiege, the time is now….
Tiny Tim Medin found squirrels 🐿️ One of them tried to mug him for his lunch monies. Where is Tiny Tim Medin?
English
Watching late night Sunday tv aka the Emmy’s. My son comes down to refill his water, “that’s cool that you’re watching the Nobel peace awards”
English
@nickvangilder Based on what I have seen RBI/BK doesn’t have Bug bounty or vuln disclosure program. In addition their blog has other posts for companies that don’t appear to have programs either.
English
@dmay3r Does it say somewhere that they didn’t have permission? I could have missed it.
English
There’s a line in this news article that reads: “…the ethical hackers discovered they could access the full raw audio files of people ordering food at the outlet drive-throughs. Sometimes that audio included personally identifiable information.”
Question: who is sharing PII over a drive-up speaker? How does that work? Are they asking for payment info over the speaker?
Article: tomshardware.com/tech-industry/…
English