Hamid Kashfi

این اسپیس تویتر و لایو یوتیوب عملا تبدیل شد به یک کلاس و دوره مقدماتی ۵ ساعته! امیدوارم به درد افراد مختلف بخوره. ویدیو خیلی طولانی هست و سعی میکنم بعدآ اون رو علامت گذاری کنم تا بتونید بنا به نیاز بخش خاصی از ویدیو رو تماشا کنید. youtube.com/live/M6-ELr9FR…

Episode 4 of Where Warlocks Stay Up Late featuring Skyper is now live on our YouTube and Spotify channels 🧙 Skyper, aka Eduart Steiner (an alias), was the editor of Phrack Magazine for 6 years and was a member of TESO and THC. Watch now: youtu.be/sQVLniT9CDY

Got that Friday feeling and dropped my slides on building novel detections with SOC analytics: github.com/CiscoCXSecurit… #detection #engineering #dataanalytics

Dear geeks, What are the best tools/accessories you have bought for your workshop that have improved your productivity? (Preferably not super expensive) Here's one example from my workshop: Omnifixo PCB holders

Lots of good (but not necessarily stealth) VMWare hypervisor hacking and lateral movement tricks in this report. sygnia.co/blog/fire-ant-…

The amount of compromised Hypervisors inside Iran is probably off the charts, yet we have rarely, if ever, seen any domestic or even general reports on them. Either nobody is looking, or they don't know where they should be looking? Seems like "No ESXi EDR?k, never mind, bye"

Google: Pay xxx extra to upgrade your G. Workspace and benefit from new AI features! Me: No thanks, don't need it. Google: Price for your subscription has changed, due to newly added AI features! Me: 😐 Google: 🤓 This trend is going to spread.

Along with a group of other researchers, I've been tracking attacks from the DDoSia participatory DDoS botnet operated by NoName0157(16) . Targets of this botnet have been primarily Ukrainian, NATO and other European targets. Today, we published collected logs from tracking…

Update: the Mattress salesman is great at finding bugs.

Write-up on our perspective at #Censys on ToolShell / CVE-2025-53770 exploit in SharePoint: censys.com/advisory/cve-2…

شرکت Lookout:ایران با جاسوس‌افزار DCHSpy در میانه جنگ، کاربران موبایل را با اپ‌های جعلی مثل VPN و با نام استارلینک هدف گرفته است.این بدافزار به واتساپ، موقعیت مکانی، دوربین و فایل‌های شخصی دسترسی دارد. security.lookout.com/threat-intelli…

🚨 1- CVE-2025-53770 is a variant of CVE-2025-49704 - a critical auth bypass in SharePoint's ToolPane.aspx endpoint. It lets attackers reach a page that can parse webparts without valid credentials, and with a chained deserialization bug, they can achieve RCE entirely in memory…

That "more of targeted prepositioning ops and less espionage" part, after recent IL/IR war and their cyber dominance, is worth more to circle back to now, I guess.

Profile: GRU cyber and hybrid threat operations - GOV.UK share.google/sh5JABNoaqLOLD…

If you haven't already, we strongly encourage organizations utilizing AI to review our recent guidance and adopt the best practices and mitigation strategies to secure their AI-enabled systems and protect their sensitive data. media.defense.gov/2025/May/22/20…

After noticing lack thereof any tracking over the cyber domain of the recent attack of Israel against Iran, I started putting together a minimal list of notable cyber attacks (that I've heard of). This is focused, for now, on IL>IR side. The credibility of notes varies of…

این عالی بود 😂

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange