mthcht

@novadoesit Thanks, looks like the limits have changed. I’ve updated the page

LOLFSAAS Living off Free SaaS Hundreds of SaaS platforms with free tiers, documenting abuse surface, opsec risks, authent methods, C2 framework mappings, and operational limits. lolfsaas.github.io

@0xv1nx0 thanks for the feedback, I think it should be corrected now ?

@mthcht2 Dont know if its just my browser, but when i hover over Share Link, and then move mouse, the text disappears on the pages #Asana" target="_blank" rel="nofollow noopener">lolfsaas.github.io/#Asana

updated with more telemetry details!

added the data Bouncing category with 10 tools + a protocol reference page for this, reaching 200 methods 🦾

@yeahbutnahbut @databouncing totally valid, will add them 😃

@mthcht2 why no @databouncing (is it because it's exfil from external indirect infrastructure ? 0)

LOLEXFIL Living off the land Data Exfiltration method lolexfil.github.io

We’ve discovered a massive campaign using 30k-plus hostnames to distribute a #BrowserExtension named "OmniBar AI Chat and Search." This extension overrides the browser homepage and uses an attacker-controlled domain for #SearchHijacking. Details at bit.ly/4dbRVED

@cr0nym @frdfzi looks great 👍

Giving away 2x full access packages: Linux Attack, Detection & Forensics v2.0 - Hands-on Purple Teaming Playbook + 90 days PurpleLabs VPN access To enter: ✅ Follow me ❤️ Like this post 💬 Comment 🔁 Repost Winners announced March 22nd 🎯 First time doing this, let's see how it goes 😄 edu.defensive-security.com/linux-attack-d… #linux #redteam #blueteam #dfir

Smart idea! payloads are embedded in the SSID field of Wi-Fi probe requests and captured by a sniffer. The probe requests are not logged, detection would require packet capture, which is not realistic at scale. github.com/V-i-x-x/WIFIAI…

If you want to experiment with the Splunk MCP Server splunkbase.splunk.com/app/7931, I just published a client to interact with it: github.com/mthcht/Splunk-…

After Months of Development, FINALLY ready to share: Harden System Security🎉 ✅ Complete System Hardening ✅ Security Posture Analysis ✅ All-in-One Toolkit ✅ Built-in Intune support for Scalability ✅ Beautiful Modern UI ✅ CLI support github.com/HotCakeX/Harde… #Cyber #Windows

@push_pnx very useful thanks!

I have just published a new data set revision of MalpediaFLOSSed, now aggregating 5.6m unique strings gathered from 2.100 malware families. github.com/malpedia/malpe…

Phishing actors are abusing complex routing scenarios and misconfigured spoof protections to spoof organizations’ domains and deliver emails that appear internally sent. msft.it/6010tFxSG This vector—which has seen increased visibility and use since May 2025—has enabled credential phishing campaigns tied to phishing-as-a-service (PhaaS) platforms like Tycoon2FA, using lures such as voicemails, shared documents, HR updates, and password resets. Microsoft has also observed this technique leveraged in financial scams. Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks against the affected organization or partners and may require extensive remediation efforts, and/or lead to loss of funds in the case of financial scams. Tenants with Microsoft Exchange mail exchanger (MX) records pointing directly to Office 365 aren’t affected due to built‑in spoofing detections. Learn how phishing actors are leveraging these routing scenarios, how to identify this attack vector, and how proper configuration of spoof protections and third‑party connectors can reduce exposure in this Microsoft Threat Intelligence blog post:

Offensive SIEM 👊🏽 
Flip your SIEM mindset from reactive detection to proactive hunting.
Uncover local privilege escalations, hidden misconfigs, and even potential #CVE before attackers do 🔥🔥 🎥 youtu.be/5nfL_4ek4dY 
#BlueTeam #SIEM #CyberSecurity #ThreatHunting #DFIR

A Windows #Clickfix alternative seen in the wild on a mass-spreading malware campaign bypassing traditional Win+R shortcut restrictions User is asked to open the Windows Power User menu (Win+X), open a Powershell terminal and paste and running a malicious Clickfix-style command

Thanks to everyone who came out to see my talk! All of my code and the slides for my ChromeAlone presentation are available now at github.com/praetorian-inc…. If you're interested in developing malicious browser extensions give the code a look! #defcon #chromealone #malware

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…