pfiatde
@pfiatde
"Every machine is a smoke Machine if you operate it wrong enough" RedTeamer by day, sleeping at night! http://badoption.eu
MITRE warns that funding for critical CVE program expires today - @serghei bleepingcomputer.com/news/security/…
A finally. uBlock for Terminal is needed now?
I can't wait to see some more ads pop up in my linux terminal from Microsoft.
Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.
#FUD !!!
This sophisticated phishing attack, starting with a fake Rothschild & Co. job, uses a tricky CAPTCHA to deliver a ZIP with a VBS script. It then installs NetBird & OpenSSH, creates a hidden admin, & enables RDP! 🤯 Monitor closely! More info in the blog: bit.ly/45gnp8T
blog.syss.com/posts/tamperin… This was also an issue in combination with Thunderbird a while ago. Windows explorer is doing crazy things :) Could also get combined with RTLO for additional fun.
Hahahahhahahaha Unironically a good idea. It's so unbelievably stupid and it works. Depending on explorer layout, the .exe might not be visible. Filename.mp4 + ??? spaces + .exe Hahahahahaha UNC6032 is wild as hell
A little bit harsh check for a checksum. If checksum is wrong device crash, but ofc a safe state for a FortiNet device.
Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…
Doesn't matter if you use or exploit DSM, read this! :)
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…
🛑 New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast. 👉 Read more about CVE-2025-20188 here: thehackernews.com/2025/05/cisco-…
🛑 New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast. 👉 Read more about CVE-2025-20188 here: thehackernews.com/2025/05/cisco-…
TTTracer unmasks sleep obfs (@felixm_pw), GitHub spoofing (@pfiatde), Synology RCE (@ret2systems), and more! blog.badsectorlabs.com/last-week-in-s…
My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/202…
New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…