Dave Kennedy

You asked, we listened! From accessories to apparel, we’re excited to offer international shipping for all our merch 🌎 Shop now and wear your favorite gear! merch.trustedsec.com/trustedsec/sho…

Insane

Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cr…

psilocybin extends life of human cells by 50% 👀 Never tried but crazy study lol sciencealert.com/psilocybin-ext…

🤣🤣🤣🤣

Tea App puts out a statement regarding the compromise. They assert it is mostly older data, but not too old but not too new (?). However, data dump nerds contend data is present in the dump from 2025 which conflicts with the statement from the developers.

The drivers licenses leaked today from the tea app have been uploaded to a searchable map.... this may be the worst PII leak I've ever seen lol

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

Don’t miss @fir3d0g at @DEFCON 33! His talk, “The Human Vulnerability: Social Engineering in a Hyper-Connected World,” will be held on Friday, August 9 at 11:30 AM. Be sure to check it out if you’re attending! defcon.org/html/defcon-33…

This might be useful for enumerating the SaaS products companies use, but it was more of an exercise in seeing how many DNS patterns I could get public LLMs to generate. github.com/HackingLZ/saas…

Going to @DEFCON 33? Be sure to catch @two06's talk, “Magnets, How Do They Work?” held on Friday, August 8 at 2:00PM. Catch his talk if you’ll be there! defcon.org/html/defcon-33…

Interlock ransomware is targeting healthcare with double-extortion tactics and social engineering. @Dragonkin37 shares how outdated EHR and IoMT systems leave organizations exposed. Full article from @healthinfosec: hubs.li/Q03yJW9Y0

Sad News. Hulk Hogan has passed. RIP Brother!

It's your last chance to register for today's webinar! We'll discuss: ‼️ Why security effectiveness is important 📝 How to complete a security strategy 🔒 How protecting your data protects your assets And much more. Register now! trustedsec.zoom.us/webinar/regist…

CVE-2025-53770 isn’t a curveball. It’s a remix of tactics we’ve seen before: deserialization, LOLBins, web shells. Learn why it’s time to stop chasing CVEs and start spotting behaviors, as told by @_Dwyer_. #Ransomware hubs.li/Q03yF6Z30

We're less than a week out from the next @ISC2 Cleveland Chapter meeting at our HQ! This month, @quietmike8192 will be presenting "I Will Survive: Protecting Backup and Recovery in the Age of Ransomware." Registration is now open! eventbrite.com/e/isc2-clevela…

We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…

When watching the show moonshiners, subtitles are necessary 🤣🤣

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

Sometimes, one weak link is all it takes. In our latest post, @ReplicantHacker explains why even seemingly minor findings matter to help highlight best practices, ensuring reports remain actionable and aligned with client needs. Read it now! trustedsec.com/blog/why-is-th…