IT Guy
@T3chFalcon
Offensive Security Engineer
New attack vector: FileFix. A phishing trick that executes PowerShell straight from your browser no Run dialog, no pop-ups. Just a fake file path + clipboard + File Explorer. Red teamers, this one’s wild. 📽️ PoC + write-up: medium.com/@t3chfalcon/fi…
Great work 👏@mrd0x I'll try to replicate this "FileFix Attack Simulation" 💪
Ross Ulbricht was the founder and operator of the Silk Road, a darknet marketplace launched in 2011 on the Tor network. It allowed people to buy and sell illegal goods primarily drugs anonymously using Bitcoin. Ulbricht was arrested on October 1, 2013, at a public library in…
Wow! I like your story and i also wonder what the man Ulbritch has to do with the darkweb creation. Are there differences between freenet,darknet and the darkweb? Just curious
I sell hacking tools. I’ve been selling since. Any Pentester or Redteamer who needs a hardware for their operations. You can dm.
The wireless adapter successfully got to Nigeria after 2 days shipment. From Ghana to Delta State. Thank you @Phosenterprise for trusting me. Please if you’re in Nigeria and you need a wireless adapter let me know. @IamTheCyberChef @akintunero @marshalwahlexyz…
Ethical Hacker / Offensive Security Specialist role. If you fit the JD or know someone who is qualified, forward it to them to apply. Good luck.
Scenario: You’re targeting a cloud-native org: • EDR on all endpoints • PowerShell, macros, WMI blocked • Azure AD SSO enforced • USB + EXEs restricted • DNS, proxy, OAuth logs monitored Yet you gain persistent access, no endpoint touched. What’s your method? #RedTeam #APT
Let me tell you bout Google IAP Depending on fingerprinting rules set by admin, valid session cookies let alone password or having access to MFA code would NOT nearly be enough to access resource. Plus not worry about VPN stuff for the big wigs on there jets. It's good solution
What can you do with a stolen browser cookie? Everything: Log in to Gmail, Office365, Slack, etc. Skip MFA Stay invisible (no failed logins) Maintain access long after user changes password Cookies are credentials. Treat them like gold.
What can you do with a stolen browser cookie? Everything: Log in to Gmail, Office365, Slack, etc. Skip MFA Stay invisible (no failed logins) Maintain access long after user changes password Cookies are credentials. Treat them like gold.

We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…