syngularity

If you saw my @AppSec_Village talk at @defcon on #connectwise #screenconnect and my new #exploit technique "HTTP status code injection" , the PoC code is available: github.com/SYNgularity1/H… Not sure if their site still works, but it works with all kinds of #SSRF against many things beyond their port test page! DO NOT use this for abuse or evil. #ASV #APPSECVILLAGE #DEFCON31 #defcon #hacking #exploit

What an amazing opportunity! @agreenbhm @syngularity1 Are world class researchers! I got the opportunity to partake in the research for Living of the Land inside your WiFi! Thank you for all the Q&A during our work shop it you all see what we see!

Finding #0days and developing #exploits is like fly swatting with a sledgehammer. You will wildly swing around before you hit your target. The less clumsy or inefficient you are, the better. Always consider abuse of functionality and tools, test for unintended results. Attacks don't need to be clever or elegant to accomplish your task... they just need to work. #infosec #pentesting #cybersecurity #bugbounty #Hacking

@TimMedin Hit me up!

We're looking for more folks on the Wednesday Offensive. It is only 30 minutes, and no slides! If you have a cool topic, let me know and we'll schedule a time for you. DM me if you're interested.

"What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, according to Pyle, from routers and printers to cable modems. One bug is a denial-of-service vulnerability that a hacker could use to take the switches, and the networks that rely on them, offline. Another flaw could reveal sensitive information about a switch’s configuration." Oh, I had a *lot* more control *that night* than a #hacking a paltry few hundred thousand devices, TV, radio, broadcasts.... True story. cyberscoop.com/shmoocon-cisco…

youtu.be/d2ASPQSHwJ4?si… *fade in to man with #ssh window and @PortSwigger #burpsuite on monitor, chugging energy drink.* "So I obliterated this entire #switch ecosystem (cisa alert) and started getting curious about what it got me into when...." *DOZENS of #CVE across all sorts of critical infrastructure... Or about 45 minutes later.* "I gotta talk to someone at @DHSgov. Fast. I broke a whole lot of stuff." *cliffhanger*

In response to the 50 texts I just got about the #eas Emergency Alert System test: No, I'm not responsible... But pretty sure my work @defcon @IoTvillage was a factor. 😂😂🔥🔥 #hacking #defcon Still awesome.. Never did get a apology for calling me crazy from a few folks.

@defcon Maybe next year I'll #cfp the entire untold story in all of its awesome glory. It is one of the craziest stories you will ever hear. I am still releasing #exploit work and research from that night. (2019) I broke so much stuff across so many things there are multiple #cisa @CISAgov alerts #cve for years. Just never told the tale or put the pieces together. #warstories #keepreceipts #pocorgtfo

There's this rumor going around that you need to be a speaker at @defcon to get a #defcon speaker flag. Not true. You just need $20 and someone with social engineering skills.

To all of you trying to hack the #eas in @IoTvillage #defcon31 @defcon... Here is the only hint I'm going to provide: Back in 2019, I popped the system in just a few minutes. (I've waited YEARS for the payoff with this..) The second coolest thing I did in 2022 was disclose my EAS work and make headlines... The answer is staring you in the face. Real goths don't wear black, they sack Rome. @briankrebs

@SecureAerospace #DEFCON #CTF #AEROSPACEVILLAGE When do you release the results for the CTF? #HONGKONGCAVALIERS

@AppSec_Village Thank you again for having me! Coming back again. :)

@syngularity1 is hacking away, come join the crowd and see what Cybir is up to! We'll be here all day😎

@lonelyHardDrive @defcon Hey @lonelyharddrive You dropped something. Luckily, I have a #forensic imager handy for such an occasion. #Hacking #defcon31

Are you up for a challenge? Our lonesome hard drives at @defcon 31 have puzzles that need solving! Swing by and test your skills... win fab prizes. Friday to Sunday at Forum Ballroom #LonelyHardDrive @LonelyHardDrive #DEFCON31

Hey @lonelyharddrive You dropped something. Luckily, I have a #forensic imager handy for such an occasion. #Hacking #defcon31

Lots of #exploits coming out of the lab this week. Swing on through. #defcon #appsecvillage #iotvillage m.youtube.com/watch?v=WX46ZG…

I'll be speaking at @AppSec_Village next month. Living off the Land with Connectwise : How I built a attack platform & #botnet in 23 lines of Python showing #proofofconcept, code snippets, all the good stuff. Even came up with a new way to exploit something. #defcon31 #hacking #cybir #exploit #mspsecurity

I set a new #ddos amplification record via #routers! (YOU can only hope to match it.) Recreate it at @IoTvillage as part of our planned activities showing this along with a bunch of other fun exploits! @defcon #cybir #hacking #defcon31 #iotvillage #cybersecurity #0day