Jason Lang

Dear new followers, - For solid red team technical tweets, follow my Red Signal list. - For a curated list of latest hacker news, bookmark and read this: blog.badsectorlabs.com - To be thought-lead, follow @HackingLZ - Keep following me only for the sublime trolls. 😁

New stickers arrived! 😍

😂😂

This will be my first defcon since DC20, and I'm thrilled with how may @TrustedSec folks will be taking the stage. Congrats guys! @two06 @GuhnooPlusLinux @fir3d0g

In terms of offsec, I have significant respect for technical skill, but a truly great practitioner knows to deliver information tactfully, and can carefully "read the room" (and the customer), tweaking the message on the fly to achieve not only the desired impact for the target…

It's been far too long since I've spent some time in the shop but these sure turned out nice.

A relatively unknown but particularly stealthy technique to hide files on Linux hosts. On unhardened boxes, unprivileged users can conceal files from even the root user. Disk content remains in memory, hindering disk acquisition during forensic investigation. (1/7) 👇

What started as casual poking around quickly revealed a serious privilege escalation. In our latest blog, @Oddvarmoe shares his unexpected discovery and how #Lenovo's PSIRT responded to resolve the issue. Read it now! trustedsec.com/blog/cve-2025-…

We've released Procmon for Linux, Sysmon for Linux, and SysinternalsEBPF with Azure Linux 3.0 support! Get the tools at sysinternals.com. See what's new on the Sysinternals Blog: techcommunity.microsoft.com/blog/Sysintern…

Proud to be an American. Happy Independence Day to my fellow patriots!

😂

Privesc in sudo. Patch available. stratascale.com/vulnerability-…

🔥 Not your typical remote access tool… but it works. Chrome Remote Desktop isn’t just for tech support—it can be quietly repurposed for red team operations. I break down the how and why in my latest post. 👇

🚨 RemoteMonologue UPDATE: Just pushed a new DCOM object MSTSWebProxy that is susceptible to authentication coercion! The only difference to the existing ones is that it requires modifications of the AccessPermission and LaunchPermission reg values. github.com/xforcered/Remo…

I would follow my rule: If I have to bus my own dishes, I don't tip. Tip culture is out of control.

I'm trying to push further with Impacket then I have before and am running into a wall. If you appreciate my opensource work and want to help me out I could use some community help figuring how what I've missed in my MS-EVEN6 method / struct definition github.com/fortra/impacke…

This one is going to have some timely advice for those who have questions on voice-based attacks.

Don't miss out on our voice-based social engineering #webinar this week! Learn ways to train your employees, bolster your defenses, and get an in-depth look at #SocialEngineering techniques so you can prepare. Register now! @fir3d0g @curi0usJack trustedsec.zoom.us/webinar/regist…

This efficiently sums up the mentality I have had for some time now and it is truly liberating. We suffer greatly at the hands too much data, and in the pursuit of perfection (that is personal optimization), we usually just add stress when we cant make things perfect. It's ok…

😂