Fallou Seck

Basic Pentesting - I have just completed this room! Check it out: tryhackme.com/room/basicpent… #17_years_old #senegal #tryhackme #security #webapp #boot2root #cracking #basicpentestingjt via @tryhackme

Ghost Bits is a brilliant research: i.blackhat.com/Asia-26/Presen… Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path traversal caused by Ghost Bits: github.com/vulhub/vulhub/… This issue exists in spring-boot-starter-jetty <= 3.2.4 with zero configuration

Another day, another async BOF. With KeeLog, you can monitor KeePass instances and capture the master password as soon as its entered. github.com/jakobfriedl/ke…

Modifying group membership with NetExec🛠️ A classic situation: You have obtained a privileged user and want to add yourself to one of their groups, e.g. the Domain Admins. With NetExec's new modify-group module you can do that now via both SMB and LDAP. Made by @termanix.

🚨 Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet. Scan your infrastructure to find vulnerable instances: CVE-2026-39808: github.com/rxerium/rxeriu… CVE-2026-39813: github.com/rxerium/rxeriu… CVE-2026-39808 (CVSS 9.1): An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests. CVE-2026-39813 (CVSS 9.1): A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. Patches are available as per vendor advisories: fortiguard.fortinet.com/psirt/FG-IR-26… fortiguard.fortinet.com/psirt/FG-IR-26…

New Mimikatz Researchers took an old version of Mimikatz and taught it how to dump credentials from the latest operating systems! The research: @tanrikuluatahan/fixing-mimikatz-sekurlsa-logonpasswords-on-windows-11-24h2-25h2-253e82866197" target="_blank" rel="nofollow noopener">medium.com/@tanrikuluatah… The repo: github.com/tanrikuluataha… #redteam #pentesting

As promised, UnDefend Denial of Service PoC for windows defender. deadeclipse666.blogspot.com/2026/04/funny-…

Funny tip, if you end up having a root access on a linux server with cortex installed, you can simply systemctl stop traps and disable it which will kill the agent for good. live.paloaltonetworks.com/t5/cortex-xdr-…

There is a lot of mythos hype and while I do think it will be better, I don’t think it will be orders of magnitude better or even proportional to its cost better. At the end of the day, marketing is going to market. Everything I have read has been more exploits, not discovery. I think that word plays a big part but maybe I’m overthinking it. I know of a lot of times opus (or a combo of models), can find an exploit, be confident it is valid, but fail at building an exploit due to a failed primitive (ex: kaslr in kernel bugs). Without that proof, it goes on the back burner decimating tokens until it hits the lottery. There’s so many vulnerabilities being found right now, it’s hard to prioritize when its severity is an assumption. It’s probably been 6 months since the last major update, I’m guessing mythos knows more primitives. So when it’s launched it will look at notes left behind and get lots of credit when it worked off notes opus left behind and did a fraction of the work. About the “it’s so dangerous” comments. I think that is primarily it not listening to the operator, doing things it shouldn’t to accomplish its goal. At that point it makes sense to do a closed beta, expand testers and try to make it obedient. While that happens, cash in on publicity of doing the right thing and saying it’s too smart to go public. While true, it could be a little deceptive but as I said. Marketing is going to market.

Publicly disclosing the bluehammer exploit, at the time of writing this, this vulnerability is still unpatched. Full PoC source can be found here - deadeclipse666.blogspot.com/2026/04/public…

If you can coerce a net-NTLMv1 or net-NTLMv1-SSP authentication from anywhere, you can reconstruct the NTLM hash for about 50 to 100$ of GPU compute power with 12 to 14 rtx 2080s in a VM with cuda. I did this back in 2023 based on evilmog's research and some guidance from @NotMedic . If you can coerce a netNTLMv1 or net-NTLMv1-ssp, you own the machine. This has been known for many years. Before, converting it to NTLM hash due to DES encryption required resources most people didn't have. Then came GPU rentals like vast.ai which make it economical for almost anyone to do. Before, this was one way we silently owned DCs with one RPC call on one of many services running on DCs. It was never detected. The fix with Group Policy protected orgs, and still does, from direct silent domain compromise with one RPC call the SOC will never see.

#Offensive_security A Deep Dive into the GetProcessHandleFromHwnd API projectzero.google/2026/02/gphfh-… // From Windows XP to Windows 11 24H2 See also: ]-> PPLwindow PPL Bypass via GetProcessHandleFromHwnd github.com/R41N3RZUF477/P…

🔎 Want to know what you can really do with #mitmproxy? This deep dive shows how to intercept and modify application traffic on #Linux, #Android, and #iOS - from TLS MITM to gRPC/Protobuf tampering. Read our latest article: synacktiv.com/en/publication…

Forgot to post it, but the recording of my Black Hat talk was released last week. If you're interested in all the hybrid AD attack surface you never knew about, give it a watch: youtu.be/rzfAutv6sB8?si…

🚨🚨 Nous recrutons! Rejoignez l'aventure BAYSON, référence en cybersécurité en Afrique de l'ouest, et ensemble protégeons les plus grandes institutions! Chez nous vous serez un acteur de missions stratégiques, exposé à des environnements critiques, entouré d'experts certifiés, et challngé chaque jour pour grandir plus vite que partout ailleurs.

🚀 New official plugin in the Caido Store! Introducing "Nomad IP" Rotate your source IP addresses, using AWS API Gateway to avoid IP-based blocking during tests. Check out more details: github.com/caido-communit…

Rejoignez nous! Vous êtes passionné(e) par la cybersécurité offensive? Vous aimez traquer les vulnérabilités, penser comme un attaquant et contribuer concrètement à la sécurité des organisations? Cette opportunité est pour vous!

By the way, nous sommes fiers d'avoir certifié la plus grosse banque sénégalaise sur la norme PCI DSS et de participer activement à la sécurisation des entités de notre pays! #BAYSON

I was looking a bit onto why OPENROWSET is able to read privileged files (like the root flag on Signed @hackthebox_eu) when using Silver tickets on MSSQL. Turns out you can get SYSTEM access without potatoes by recovering the full token. vuln.dev/silver-ticket-…

Vu qu'il y'a énormément d'experts en cybersécurité qui n'ont visiblement pas un cadre idéal pour exprimer leurs talents, BAYSON recrute 3 nouveaux collaborateurs. Rejoignez nous pour avoir un vrai impact sur l'écosystème et sécuriser réellement des environnements😏

Ticket to Shell : Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200) : horizon3.ai/attack-researc…