Garrett

@_xpn_ @Emma_Chester Happy birthday!!

Huge Happy 40th to my wife and partner in crime @Emma_Chester. It’s easy to forget that the fun we get to have on the trips, hackathons, publications and research is often supported by someone who looks after the kids during the weeks of travel, listens during the late night rants, is there fighting for you during the dark moments, pushes you to try for job positions you don’t feel you are good enough for (and to drop the things that will likely end up with many of us in prison 🤣), brings us snack and drinks while we hack on whatever we are obsessed with that week. She is that person for me, and none of what I’ve done publicly and overcome privately would be possible with out her ❤️ Happy Birthday Emm!!

It will be huge! – (mostly) full @WEareTROOPERS #TROOPERS26 agenda published: #agenda-day--2026-06-24" target="_blank" rel="nofollow noopener">troopers.de/troopers26/age… #agenda-day--2026-06-25" target="_blank" rel="nofollow noopener">troopers.de/troopers26/age…

👀👀

Launching a WSL process from a Windows process with WslLaunch trainsec.net/library/window…

NTLMv1 is still out there. And now it’s easier than ever to break. @skylerknecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required. Check it out! ⤵️ ghst.ly/4vqx9Id

A debate in the BloodHound Slack: can you attribute the originating host from an ADWS query? 🤨 Challenge accepted. Part 5B continues the ADWS blind spot: Event 5156 recovers the attacker’s real IP in ~60ms. 🕵️ Check out my latest post… huntress.com/blog/ldap-acti…

I explored how privilege connects DevOps and MLOps into attack paths that are often missed in traditional threat models. I will be presenting this at #SOCON2026 next week. @ArmadinSecurity Research here 👇 armadin.com/blog-posts/pip…

Pasting API keys in an LLM makes me feel kinda gross, so I created agentcordon. It's an agentic key vault that's: ✅Agent agnostic ✅Cedar policies for clear authorization ✅Fully auditable ✅Remote MCP Support

@wdormann @vxunderground yeah when the hell did the video requirement become a thing?

Frustrated nerd drops zero day exploit after Microsoft vulnerability bug bounty people annoy him, or something, I don't know. I haven't tested or confirmed, but stinky nerds tell me it's legit.

I got tired of manually doing the "enum DNS -> figure out which ones are live -> request each one in the browser to populate Burp target sitemap" loop ad nauseam. I built a lightweight command line tool + Burp extension to automate this entire process. Simply run the tool with very basic args, load the extension, and get everything into your Burp project with no hassle. Also really nice for passive checks (--no-nmap) in the pre-sales/scoping process with prospective clients to get an idea of what all they have actually exposed from an application standpoint at a birds-eye view. Enjoy. github.com/logansdiomedi/…

@_xpn_ @SpecterOps wtf two years already

2 years at @SpecterOps today! Aside from working with the best, it's unbelievable how much I've managed to achieve in such a short time. Find a company that gives the tools and space to grow, and that values your expertise, that was always the dream! 💜

@kyleavery probably right

@unsigned_sh0rt ai-assisted bug reports

Idk what happened but the end of last year MSRC was quick, responsive, and overall just better. Lately it's a ghost town with auto responses and no updates.

@_xpn_ I thought you might have some thoughts after using the tool 🤣

Love how quick Claude is at generating mocks to dev against. In this case generating a quick mock AdminService HTTP service for testing changes for @unsigned_sh0rt SCCMHunter... Saves spinning up a full lab for POCing changes.

@_dru1d @mrgretzky has been shouting about it for weeks lol

@unsigned_sh0rt 🤔

everyone freaking out about quotes dropping haven't people been warning about this for weeks? that everything was heavily subsidized and wasn't sustainable?

quotas*

Somewhat a first draft / try to get some initial info on Failover Cluster setups, based on all the awesome work @unsigned_sh0rt did recently github.com/LuemmelSec/Pen… Will give you an overview of Cluster setups, over permissive rights, ownership, OU structure

It's been a few months since I released a few short "Mythic Developer" videos. Before making more, I'd like to first get your feedback on the current ones. Please take a few min and fill this out so I can make sure you get the best content :) specterops.typeform.com/MythicDeveloper

Very proud of our team that built and contributed one of our (many) cybersecurity ranges for this AISI research. We're happy to collaborate with others in the AI eval research space as well. arxiv.org/pdf/2603.11214