Tony
@TJ_Null
Blue Teamer in Disguise. Blog at http://netsecfocus.com. SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining
As Promised! I have decided to update my guide for preparing for OSCP. The guide is full of new updates and information to help you prepare for PEN-200/PWK 2.0. If anyone wants to read it here it is: netsecfocus.com/oscp/2021/05/0…
How many times do we have to teach you @Cisco. Please stop hardcoding credentials into your products/services! Thanks for coming to my ted talk.
Cisco warns that Unified CM has hardcoded root SSH credentials - @serghei bleepingcomputer.com/news/security/…
The Raspberry Pi's Wi-Fi Glow-Up: Thanks to Nexmon and fresh Kali packages, onboard wireless is ready for monitor mode and injection (again!). Kali Linux users on Raspberry Pi now have an improved and more integrated way to use the onboard Wi-Fi… kali.org/blog/raspberry…
Lest anyone think we’re kidding on our abuse of stage real estate to cram as many judges as @dakacki could manage, the “judges panel” from @defcon 31. @MalwareJake @Grifter801 @AletheDenis @TJ_Null @SteveD3 Carl Cosmos @Evil_Mog @lintile @InfoSystir @J0hnnyXm4s
🔥🔥🔥 Raphael Mudge's take on Elastic's way of handling all this is pure gold. Thank you. aff-wg.org/2025/07/13/tak…
We’re excited to announce that Michael Skelton (@codingo_) will be speaking at the Bug Bounty Village at DEF CON 33! Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage
No need to bypass AV/EDR when you can just use Chrome Remote Desktop as your backdoor. Check out the blog post from @TrustedSec trustedsec.com/blog/abusing-c…
Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…
Black Hat NOC lead @Grifter801 and Hacker Jeopardy host @lintile join @sherrod_im and share behind-the-scenes insights on managing one of the world’s most hostile networks, advice for first-time attendees, and tips on exploring the hacker community. msft.it/6019SAWw5
I'm trying to push further with Impacket then I have before and am running into a wall. If you appreciate my opensource work and want to help me out I could use some community help figuring how what I've missed in my MS-EVEN6 method / struct definition github.com/fortra/impacke…
undust is a simple utility that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name variants -> github.com/t3l3machus/und…
🚨 Open to work — AI Security/ red team / adversary sim 8+ yrs in offensive sec, ex-Cobalt Strike, SANS instructor (12 w/y) Looking for flexible, senior/principal roles w/ impact > hours DMs open or connect via: linkedin.com/in/jean-franco…
Drag a file, leak a hash—Chrome’s quiet secret exposed. In this blog, @hoodoer reveals how Chrome’s drag-and-drop API lets web apps initiate complex actions; with some social engineering, it can also trigger NTLM hash leaks on Windows via SMB. Read now! trustedsec.com/blog/dragging-…
Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal) dlvr.it/TLL1nk
For more than 20 years, @osuosl has been providing critical infrastructure for major FOSS projects, including Kali: kali.org/blog/ampere/. Now they are facing a difficult time and need help to keep going: osuosl.org/blog/osl-futur…