Andre Gironda

.@_logangoins is dropping knowledge on ADWS exploitation. 🧠 Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4

⚠️ New threat detected: [email protected] ⚠️ This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[... socket.dev/npm/package/ny…

Our "bashsledding" technique won Most Innovative Exploitation. Key lesson: EOL devices in your home network are sitting ducks for remote attackers.

End-of-life network devices become perfect attack targets due to unpatched vulnerabilities frozen in time like fossils. We proved this in @DistrictCon's Junkyard competition ⬇️

We achieved full remote execution on two popular home devices: Netgear WGR614v9 router and BitDefender Box security appliance, both discontinued for years with zero patches. blog.trailofbits.com/2025/07/25/exp…

If the CNNVD program was 1) involuntary and 2) under the MSS, I might be sympathetic to this argument. But it is both voluntary and under the MSS. 🤷‍♂️

The "Sleight of Hand" article about the CNNVD is a must-read - linking for reference - atlanticcouncil.org/in-depth-resea…

Let's review the criteria before I go down the list. See the highlighted, as reported by @business. No pentesting or exploitation frameworks.

It’s clear MSFT’s MAPP requirements are not adequately screening companies.

I wonder if MAPP participants are fulfilling their CNVVD Technical Support Unit requirements by providing the MSS with Vulnerability Early Warning Support as required by the TSU Guidelines.

An important question Microsoft is asking. Perhaps a better question is why companies known to be contributing vulns to China’s CNNVD database are permitted to participate in MAPP at all? bloomberg.com/news/articles/…

⚠️ New threat detected: [email protected] ⚠️ The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of pa... socket.dev/npm/package/fc…

Proofpoint @threatinsight revealed that 4️⃣ China-aligned hacking groups targeted Taiwan's chip industry in a months-long cyberattack campaign. Their goal: steal sensitive data and gain an edge in the global race for semiconductor dominance. @DarkReading brnw.ch/21wUqSa

🍦After a week of #SharePoint chaos, we needed a break. So we rooted Copilot. Turns out, with a bit of persistence (and maybe some ice cream), Microsoft's AI assistant is pretty cooperative. Dive into the technical details on our blog: 👉 research.eye.security/how-we-rooted-… #Copilot…

Microsoft Defender Threat Intelligence (MDTI) is converging directly into Defender XDR and Microsoft Sentinel to provide real-time TI within a unified SecOps experience. msft.it/6014sGr5K This convergence will grant customers access to Microsoft’s extensive repository of…

🚨 BreachForums Is Back Online BreachForums has returned. According to the official statement, all old accounts and posts remain unaltered, just as they were when the site was previously shut down.

Detection as Code update: * I have a YAML to ARM script (I'm working in Sentinel) turning the psuedo code into an analytics rule * I have a script for deploying ARM templates into different (or multiple) Sentinel instances * A basic CI/CD pipeline Just need to put it all…

Content pack idea was based on the fine work by these guys: blog.nviso.eu/2025/07/17/det… 🎉🎉

Detection engineers: I have two prototypes for multi-tenant deployments. The first method looks for merges into a specific branch and triggers a deployment of the new files into the related environment. The second method uses a "content pack" JSON file that describes which…

The BlackSuit ransomware gang, which claimed attacks against organizations like the Tampa Bay Zoo and a blood plasma collection agency, had its darknet website seized by law enforcement therecord.media/blacksuit-rans…