SkelSec

6.8K posts

SkelSec

@SkelSec

CEO and Co-Founder of Octopwn

Katılım Haziran 2014

444 Takip Edilen11.7K Takipçiler

SkelSec@SkelSec·3d

@abdo_mhanni @lowercase_drm @0x64616e Nah man, don't try to make my projects mainstream. After the fifth time I'm sure they'll get it right and they won't have to credit me again...

English

Abdul Mhanni@abdo_mhanni·3d

@lowercase_drm @0x64616e I don’t see why impacket isn’t moving to @SkelSec msldap. They mentioned in response to someone’s PR that they are moving away from ldap3 and improving their own. Kinda weird to reinvent the wheel when msldap already does it all very well

English

drm@lowercase_drm·28 Kas

The conclusion of my last post (offsec.almond.consulting/ldap-authentic…) is « Since a lot of impacket’s examples are based on ldap3, it seems easy to adapt them to work against hardened domain controllers ». Good job @0x64616e!

English

5.3K

SkelSec retweetledi

Simone Margaritelli@evilsocket·6d

Duuuude VulDB is the worst, they made public all 3 of my original disclosures that include the fully working root shell exploits ....

English

11.1K

SkelSec@SkelSec·24 Mar

@foosecn00b A van? IN THIS ECONOMY???

English

FooSecn00b@foosecn00b·24 Mar

@SkelSec You’re gonna need a van or a trench coat.

English

SkelSec@SkelSec·24 Mar

Pssst! Hey, kid! Wanna buy SOC2?

English

1.7K

SkelSec@SkelSec·24 Mar

@byt3bl33d3r You mistyped falsify

English

421

Marcello@byt3bl33d3r·23 Mar

The answer is yes*. Most pentests are for web apps and compliance driven anyway. If you think companies won't jump at the opportunity of cheaper pentests to satisfy their compliance requirements you're deluding yourself (regardless of the AI component). "AI driven" Internal network pentests I'd imagine will be a harder pill to swallow, but it's doable at a technical level with the current generation of LLMs . Red Teaming is a different story.

Medusa@medusa_0xf

Will pentesting be replaced by AI? 🤔

English

15.2K

SkelSec@SkelSec·23 Mar

@IceSolst @daveaitel My point exactly

GIF

English

solst/ICE of Astarte@IceSolst·23 Mar

@daveaitel We’ve all had infinitely growing backlogs with no incentive to address them. Whatever we were doing wasn’t comprehensive, many things swept under the rug. All of this is inevitable, almost nothing to do with AI. But 14 year olds being able to report bs makes it more annoying.

English

1.2K

Dave Aitel@daveaitel·23 Mar

Fwiw the problem was never that AI slop was going to overwhelm security teams: the problem was that having their hidden technical debt all called in at once was going to overwhelm them. Chrome having as many bugs as it still does is the perfect case example.

English

178

15.5K

SkelSec@SkelSec·19 Mar

Ohh... you have reached the API limits, so we replaced your coder with a mental patient who will use half a crayon to randomly change values in your code. (he already ate the other helf)

English

488

SkelSec@SkelSec·19 Mar

Research workflow: 1. Idea 2. discussions with peers 3. chatting with LLMs 4. feasibility check 5. Airbus guys already did that 5 years ago I'm.... eeehhhh.... (Airbus people doing some really underrated research btw, props to them!)

English

749

SkelSec@SkelSec·19 Mar

@HackingLZ We have something interesting in this topic but stuck with explaining it to investors in EU so... :(

English

405

Justin Elze@HackingLZ·19 Mar

I’m really interested in what happens as places take a lot of investment money to build commodity OffSec LLM backed products, even as the barrier to entry keeps dropping. You eventually end up with what actually matters novel research, deep domain expertise, and humans.

English

5.2K

SkelSec retweetledi

Melvin langvik@Flangvik·17 Mar

@MDSecLabs github.com/Flangvik/RegPw…

QME

2.7K

SkelSec retweetledi

S3cur3Th1sSh1t@ShitSecure·18 Mar

WSUS fake updates for LPE or RCE when HTTP is being used? This one took many days and troubleshooting with claude but now we have a C2-Capable tool for the full stack including poisoning plus fake update delivery - the only thing we need is a low privileged C2 session! 🔥

English

210

13.4K

SkelSec@SkelSec·15 Mar

@CDyac9 HID operated by LLM

English

CDROM@CDROM_99·15 Mar

@SkelSec I mean we need more context first… lol.😂

English

SkelSec@SkelSec·15 Mar

I did a thing, but dunno what to name the project. pls halp

English

SkelSec@SkelSec·10 Mar

@HackingLZ Change per-token pricing to per-working code pricing

English

259

Justin Elze@HackingLZ·10 Mar

You don’t get a discount if Claude wrote the code?

Claude@claudeai

Code Review optimizes for depth and may be more expensive than other solutions, like our open source GitHub Action. Reviews generally average $15–25, billed on token usage, and they scale based on PR complexity.

English

5.3K

SkelSec@SkelSec·10 Mar

@IceSolst My PRs contain two projects worth of changes because I'm financially responsible

English

616

solst/ICE of Astarte@IceSolst·9 Mar

$15-25 PER PR?? I already thought the $1 per scan of /security-review was not scalable, this must be a weird strategy to anchor the initial price super high

Claude@claudeai

English

1.1K

183K

SkelSec retweetledi

Mayfly@M4yFly·9 Mar

🔥🐉 New GOAD Lab: DRACARYS I’ve just released a new free lab environment on GOAD: DRACARYS. The challenge includes 3 VMs and the objective is simple: Start with no authentication and work your way up to Domain Admin. Have fun exploiting it! 🔥🐉 mayfly277.github.io/posts/Dracarys…

English

288

16.8K

SkelSec@SkelSec·7 Mar

That is indeed hilarious...

English

818

SkelSec retweetledi

Richard Johnson@richinseattle·7 Mar

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :) phrack.org

English

134

250

39.2K

SkelSec retweetledi

OtterSec@osec_io·5 Mar

We recently achieved guest-to-host escape by exploiting a QEMU 0day. We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive. Writeup coming next week.

English

189

1.5K

72.1K

SkelSec@SkelSec·4 Mar

@passthehashbrwn @_JohnHammond I'm realizing some of the ppl I know weren't even alive when this came out and now I'm sad :(

English

167

SkelSec@SkelSec·4 Mar

@passthehashbrwn @_JohnHammond Omg!!!!!! This is awesome!!! Have you seen this as well! IT security will never be the same!!! web.archive.org/web/2021011816…

English

363

Josh@passthehashbrwn·3 Mar

🚨🚨 TOOL 🚨🚨 NMAP is an ADVANCED port scanning tool used by AI HACKING FRAMEWORKS and PENTESTERS alike 🤓 Can scan ALL of YOUR ports 🤖🤖 Generates XML AND greppable REPORTS! 🔥🔥🔥

English

164

126.6K

Keşfet

@abdo_mhanni @lowercase_drm @0x64616e @foosecn00b @byt3bl33d3r @IceSolst @daveaitel @HackingLZ