James 🏴
@two06
Targeted Ops @TrustedSec. Hacker, lock picker, writer of bad code. This is our world now... the world of the electron and the switch, the beauty of the baud.
Tool release form my @Steel_Con talk. Nothing ground breaking but free tools are free tools github.com/two06/LinkedIn…
.@Steel_Con workshop completed, group run and a well earned pint or 5 to go.
I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe…
This right here.
In 24 months we’re going to be hearing from law enforcement officials about the need to tackle “the VPN problem.”
There will be a lot of magnet memes. Like an uncomfortable amount of them 😂
Going to @DEFCON 33? Be sure to catch @two06's talk, “Magnets, How Do They Work?” held on Friday, August 8 at 2:00PM. Catch his talk if you’ll be there! defcon.org/html/defcon-33…
Going to @DEFCON 33? Be sure to catch @two06's talk, “Magnets, How Do They Work?” held on Friday, August 8 at 2:00PM. Catch his talk if you’ll be there! defcon.org/html/defcon-33…
This might be useful for enumerating the SaaS products companies use, but it was more of an exercise in seeing how many DNS patterns I could get public LLMs to generate. github.com/HackingLZ/saas…
Alaska Airlines is experiencing "IT issues" and all planes are grounded. This is definitely your standard "IT issues" and not the r-word (it can't be said).
This has rustled some people Let's be very clear: Linux is illegal and for nerds
Every Linux account just yaps about text editors and shit. God forbid they discuss something interesting
This one was a fun exploit. Turning a security product against itself to gain C2 like control over all its agents. Updates have been available for a while but only now it has been disclosed. Get patching folks
New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels. Read more: ow.ly/6hl250WqWrX
So I got accepted to speak about magnetic locks at the @defcon lockpicking village😱
Earning my Friday night beers 😂
@Steel_Con lets not forget these sexy sweaty people
This right here. Take 30 mins at the end of the day to get your narrative up to date, future you will appreciate it
The one tip I will give to anyone starting out in any pentest / red team role is the one thing after 20 years of it I still never manage to do properly…. Report as you go ✅✅✅ That way you don’t end up spending your Sundays writing reports. Writing a report on a 3.5 month…
Giving a bunch of hackers nerf guns… what could possibly go wrong 😂
It's a sea of swag