Ken Nevers
@k3nundrum
†Christian|hubby|dad|pet papa|co-founder @hackspacecon, @HackRedCon|@RedSeerSecurity|http://buildcyber.org|OSEP|OSCP|CRTO|CRTE|CRTP… ”be kind & hack the planet.”
I didn't want to drop a new *Fix naming variant on you guys, but there you go. All jokes aside, it was a great collab with @Octoberfest73. Awesome person and really helps you push the limits when researching and testing💪
Thanks to our #DC33 sponsors! @Amazon @FlareSystems @KindoAI @WKL_cyber @AlteredSecurity #HTX @specterops @corelight_inc @hackinghub_io @HakaiOffsec @SynackRedTeam @threatsims @RedSeerSecurity @risk3sixty @CYQUEST_io @Optiv @JustHackingHQ @MaltekInfoSec @TheSecOpsGroup @Packtpub
SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU
🚨 1- CVE-2025-53770 is a variant of CVE-2025-49704 - a critical auth bypass in SharePoint's ToolPane.aspx endpoint. It lets attackers reach a page that can parse webparts without valid credentials, and with a chained deserialization bug, they can achieve RCE entirely in memory…
For those interested to block requests to #SharePoint using `referer` header, the followings were the ones which could initially work for the auth bypass on SharePoint 2019: /_layouts/SignOut.aspx /_layouts/14/SignOut.aspx /_layouts/15/SignOut.aspx So a case-insensitive RegEx…
After months of responsible disclosure, @0xDISREL and I are releasing our research on Netskope CVE-2024-7401. We wanted to give organizations and Netskope enough time to patch and remediate this vulnerability. Here is the article: quickskope.com
Based on bios, offensive sec expertise, and impact, my top 20 coolest hackers from your mutuals: 1. @McGrewSecurity (Offensive sec fellow) 2. @ShitSecure (Pentesting pro) 3. @mrd0x (Researcher, founder) 4. @0xBoku (X-Force Red) 5. @rad9800 (Security founder) 6. @scriptjunkie1…
Offensive MCP and MCP for Offensive @RedSeerSecurity medium.com/seercurity-spo…
Tried to write a short post on on MCP servers, how they can be vulnerable and some offensive cool MCP servers out there. medium.com/p/1ac7ffe82fb6 @RedSeerSecurity
Did you miss RVAsec, or did you miss Nick and Mikes presentation, or do you wish you could watch it again? Well here is your chance to watch pure gold while learning how to attack and defend servicenow. #cybersecurity #ethicalhacking #infosecurity youtu.be/LxwyQV8sIdA
What an incredible few months it's been connecting with so many brilliant minds in the cybersecurity community! @HackRedCon @bsidesnash @HackSpaceCon #ConferenceRecap #Networking #LearningAndGrowing #CyberDagger
A follow up on last week’s FileFix blog. FileFix (Part 2) mrd0x.com/filefix-part-2/
@snackspacecon @HackRedCon @HackSpaceCon thank you all so much for making me and my friends feel like family. Everyone involved pours their heart into this community and it shows. I hope to pay it back and pay it forward for years to come.
Excited to share that Roman Bohuk is leading a hands-on, Intro to Web Exploitation workshop at @HackRedCon today! Stop by the workshop to get warmed up for the CTF competition 💪🔥
Some of our mvs (most valuable seers) presenting @HackRedCon today!
The wait is over! Our stealthy Windows persistence technique (PhantomPersist) is now out! Read the blog post here: blog.phantomsec.tools/phantom-persis…
Who’s ready for Snack_Con_2025 round 2! A new batch of challenges are inbound now! Helps use get ready for @HackRedCon by gently testing the new site and teaser flags to capture. Let us know if you find anything major and you’ll be rewarded with a snack bounty at HRC.
If you are attending Hack Red Con you will not want to miss out on the presentation by Sam Williams. He will be hacking a drone of all things, which is streets ahead of all the other talks there so make sure you don’t miss out. #hackredcon #iotsecurity #dronehacking
Fun Fact/random sus CCCP flex: Searching teams for "Mission Critical" gifs results in this.
