Information Shrekurity

@Grummz Soundblaster 16 was the goat.

Believe it or not, they just dropped a new Sound Blaster card.

@KoenOlie Rabies shot, pronto.

Bad start of the day, I've cycled past Wat Hua Chang countless times without any problems but this morning a street dog suddenly attacked me...

@Octoberfest73 @HackingLZ That’s a contract / EULA breach right there…

Companies be wildin yo. Just sat an interview where the candidate said “I don’t have a ton of experience with Cobalt Strike, but another company I interviewed with yesterday gave me one of their license keys so I could get it and do a CTF they set up”.

@ciant23 @fesshole No, I can see it.

@fesshole Didn't happen. No waitress would say that

Wife is completely addicted to her phone can't put the thing down for more than a second. while out at a meal when she went to the loo our waitress commented that my date wasn't going well and I could do better. I just smiled, a bit embarrassed to say she's actually my wife

@ivanburazin Having a conversation on this with another business owner who made similar hires and turned out to be expensive wastes of time. Found much more success in early to mid career technologists and business development staff who helped grow the business and brought fresh ideas.

We once hired a super senior and decorated person from Microsoft. Turned out to be a complete mismatch and we had to let them go. Expected all the work to come inbound. Whatever came in, they'd get done; if not, they did nothing. In big tech/corporates, work gets pushed to you by the market or management. In small, early-stage startups, you gotta hunt yourself. Nobody's feeding you.

@mrgretzky @Steph3nSims @offby1security Will this stream be recorded? (For those of us where this is at 2am). 😇

I am happy to say I will once again be joining Stephen Sims (@Steph3nSims) on the Off By One Security (@offby1security) stream. For the first time in public, I will be demonstrating the Phishlets 2.0 update coming to Evilginx Pro (and CE later this year). Hopefully, I manage to fit in a few FIDO MFA downgrade demos. 🙂 See you there! 🤗 Date: March 27th (Friday) Time: 11:00 AM PT / 18:00 UTC

@_RastaMouse This was in 2011-2013 btw.

@_RastaMouse I don't think it's that bad, I looked after the systems of a 50 person company and apart from a few finance and sales dinosaurs, everyone else ran Linux on the desktop.

I'm going to legit try and make the jump to Linux as my daily driver. Wish me luck, fam.

@fesshole I remember this day well too. welcome :)

I've done it. I finally understand pointers. I know it may not seem like a huge achievement to others but I get pointers in C now.

@Defte_ Because NAA is a different account and may have other access in the domain. I’ve used this before to access the SCCM systems / SQL clusters themselves as admin or even seen it used as a domain admin account before. I’ve found that it’s also rarely monitored for use.

Dumb question. I'm fine-tuning my AD recommendation and work on the NAA SCCM. There's one thing I don't get. Since we need the domain computer password to retrieve the NAA password from the HTTP endpoint, why do we need the NAA account if we already have a computer account ?

@pureguava10300 These are the baby reef sharks in Maya Bay, video taken in December. So, the rangers aren’t lying…

UPDATE !!!! of the video of the French influencer swimming in maya bay. He shares on Youtube and snapchat the moment where he swam and get caught by the ranger Anan Bilsulaiman. Their friends share the insults and the diffamation against Thai authorities : Ranger and police. After paying the 5000THB fees they keep mocking and having fun of the Thai rangers, even saying that the ranger is lying about the shark nursery and it is just to take more money. The punishment is maybe to low for this kind of people and the followers... instagram.com/reel/DViIj0ICd…

@54JohnBull @UK_Daniel_Card NAL, but Ofcom have no jurisdiction outside of the UK. Ignore.

From Reddit UK legal advice today Ofcom are continuing to make complete fools of themselves. They won't get people with small sites overseas complying with their ridiculous demands of ID verification. It's likely they will look to start IP blocking hundreds, or maybe even thousands of overseas sites.

@sekurlsa_pw @al3x_n3ff All this time, I thought it was for turning on and off the system memory.

Never took a proper look at NetExec's RDP (under SMB) module. You can enable RDP and change the Restricted Admin mode with enable-ram / disable-ram

@techspence Thought as much haha :D

@infoshrek Hah exactly what I was trying to debug

If you're on an internal pentest and you bust out tcpdump or wireshark, is it going well or going badly? 😆

@the_moooook FINALLY!

Wise officially launches full services in Thailand from 19 May 2026 🇹🇭 ✅ Transfer THB abroad at mid-market rates ✅ Top up from Thai banks ✅ Send/receive & scan pay with PromptPay QR ✅ Get Wise digital + physical card

@thegrugq 5555 😆

My taxi driver is mad at me. I booked a car to pick me up from the immigration department, but I went out the wrong exit. So I’m texting him in Thai trying to figure out where he is. Finally, I get there and… this dude sees a white guy get into his car: “no no. Wrong car!” Oops, my mistake. I get out and check the license number, meanwhile the driver calls his customer (me) to checkup on his (my) status. So, now he’s embarrassed and _I’m_ the asshole!?

@two06 @1Password Another product needlessly trying to incorporate AI…

so long, @1Password 🖕

@polygonben “Professional Network Penetration Testing Panel” 😆 Claude was more than happy to oblige for this vibe code request.

AWS shared that TA used "commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries" aws.amazon.com/blogs/security… Although the LLMs weren't named, I saw Claude heavily used by this TA. They also had this fancy panel which wasn't shared!

@SchizoDuckie Question: is this for situations where the system is offline and the user password expires and is cached and sync’d later when connected to AD? Curious on the functional aspect of this ‘feature’

This seems... Kind of important. simpity.eu/blog/ad-passwo…