IT Guy

New attack vector: FileFix. A phishing trick that executes PowerShell straight from your browser no Run dialog, no pop-ups. Just a fake file path + clipboard + File Explorer. Red teamers, this one’s wild. 📽️ PoC + write-up: medium.com/@t3chfalcon/fi…

Ross Ulbricht was the founder and operator of the Silk Road, a darknet marketplace launched in 2011 on the Tor network. It allowed people to buy and sell illegal goods primarily drugs anonymously using Bitcoin. Ulbricht was arrested on October 1, 2013, at a public library in…

I sell hacking tools. I’ve been selling since. Any Pentester or Redteamer who needs a hardware for their operations. You can dm.

Ethical Hacker / Offensive Security Specialist role. If you fit the JD or know someone who is qualified, forward it to them to apply. Good luck.

Here we go 😄sorry for the delay 😋 github.com/dmcxblue/WSL-P…

Scenario: You’re targeting a cloud-native org: • EDR on all endpoints • PowerShell, macros, WMI blocked • Azure AD SSO enforced • USB + EXEs restricted • DNS, proxy, OAuth logs monitored Yet you gain persistent access, no endpoint touched. What’s your method? #RedTeam #APT

Let me tell you bout Google IAP Depending on fingerprinting rules set by admin, valid session cookies let alone password or having access to MFA code would NOT nearly be enough to access resource. Plus not worry about VPN stuff for the big wigs on there jets. It's good solution

What can you do with a stolen browser cookie? Everything: Log in to Gmail, Office365, Slack, etc. Skip MFA Stay invisible (no failed logins) Maintain access long after user changes password Cookies are credentials. Treat them like gold.

We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…