632 Photos and videos
Pinned Tweet
29 Jun 2022
THIS is how you learn. It’s one thing to read books about hacking, and it’s quite another thing to learn by doing. This right here 👇 is how you learn by doing.
29 Jun 2022
🚨 We've released a 4th network room
After all that enumeration, we are finally ready to start exploitation of the TryHackMe domain!
Exploits in store:
🔴 ACL exploits
🔴 Kerberos Delegation
🔴 AD Certificates, Golden Tickets & many more!
tryhackme.com/room/exploitin…
10
ExtremePaperClip retweeted
Jun 10
If your SQL server is able to connect to arbitrary hosts on the internet, please go get compromised, you deserve it. 😅
specterops.io/blog/2026/06/1…
7
32
3,558
ExtremePaperClip retweeted
As yall may have realized, I disappeared from the community for a little while we fight the most difficult fight of our life. My wife Angela was diagnosed with stage 3 cancer. We need all the help we can get, please consider supporting our fight. givesendgo.com/anchors-for-a…
10
37
101
19,112
ExtremePaperClip retweeted
Jun 2
Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper.
I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies.
If you're a stinky GitHub and VSCode nerd maybe you'll understand.
tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data
tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github
blog.ammaraskar.com/github-t…
1-Click GitHub Token Stealing via a VSCode Bug
My blog, mostly about programming
blog.ammaraskar.com 34
241
2,074
114,853
I feel like this isn’t getting the attention it should. We shall see towards the end of June.
May 29
🖥️Monitoring Secure Boot Certificates with KQL
Windows devices that rely on Secure Boot certificates issued in 2011 will reach their expiration in June 2026. The clock is ticking — defenders need to act now to avoid surprises when certificates lapse.
With the KQL query below, you can quickly identify your fleet of Microsoft Defender for Endpoint (MDE) devices whose Secure Boot certificates are set to expire, giving you visibility and time to plan remediation before the deadline hits.
DeviceTvmSecureConfigurationAssessmentKB
| where ConfigurationName == @"Ensure devices are updated to Secure Boot 2023 certificates and boot manager"
| join DeviceTvmSecureConfigurationAssessment on ConfigurationId
| where IsCompliant == false
#Cybersecurity #DefenderXDR #SecureBootCertificates
39
Saw CVE-2026-41096 pop up on X and the description immediately caught my attention: a heap overflow in the Windows DNS client, triggered by a single UDP response. No interaction, no auth. I wanted to understand how it works, so I pulled the DLLs and started digging.
4
41
229
22,609
ExtremePaperClip retweeted
May 11
PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github.
Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak.
github.com/striga-ai/CVE-202…
github.com/striga-ai/CVE-202…
4
184
739
93,703
Dirty Frag Linux kernel local privilege escalation vulnerability (CVE-2026-43284) mitigations are now available.
Read the blog for details: ubuntu.com/blog/dirty-frag-l…
23
304
1,020
93,515
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
dirtyfrag.io
41
703
2,088
531,962
ExtremePaperClip retweeted
May 1
Hey everyone. We’ve seen the discussions around Copy Fail (CVE-2026-31431) and the disclosure process. We appreciate the passion from distro maintainers, defenders, and the broader Linux community. This is a serious issue, and we want to share some context on our side in good faith. 🧵
16
82
533
106,936
ExtremePaperClip retweeted
Apr 30
I too woke up and choose violence today as the fail-copy POC dropped.
Made a clean exploit including fixing the UID post exploitation without rebooting the target server. Smoke those CTF’s in hack the box.
github.com/rootsecdev/cve_20…
4
115
554
34,071
ExtremePaperClip retweeted
Apr 29
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
copy.fail/
101
530
3,644
260,524
ExtremePaperClip retweeted
Apr 22
OWASP has released their Autonomous Penetration Testing Standard.
I have not read it yet. Anyone else look at this?
github.com/OWASP/APTS
17
162
990
117,431
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:
vercel.com/kb/bulletin/verce…
695
2,360
8,761
10,618,588
ExtremePaperClip retweeted
Mar 30
I wanted to share a bunch of my favorite hidden and under-utilized features in Claude Code. I'll focus on the ones I use the most.
Here goes.
546
2,512
23,148
3,952,315
ExtremePaperClip retweeted
Mar 26
Many folks are asking for OffSec Exam HTB Lists, sharing again 📍
Complete. 0xdf.gitlab.io/cheatsheets/o… (Credit: @0xdf_ )
2
94
492
26,891
Hmmm… I wonder if it’s possible to replace the internal electronics in this Pip-Boy with a Flipper Zero and take this to @defcon 🤔
The first ever fully functional, supremely accurate, wearable 1:1 replica of the Pip-Boy 3000 as used in Fallout 3 and Fallout New Vegas.
Preorder now on the IGN Store: bit.ly/3YHUMwx
ALT Fallout 3 Pip-Boy Is Now Available
55
ExtremePaperClip retweeted
Mar 17
We have reached peak AI.
Someone made an entire short film "Harry Potter by Balenciaga"
Credit: demonflyingfox on YT
287
1,006
8,642
1,182,783
ExtremePaperClip retweeted
Waits adopts a guttural, drill-sergeant bark for this raw, visceral, and deeply empathetic look at the human cost of war. The video, directed by Matt Mahurin, is a haunting masterpiece of dark surrealism.
youtube.com/watch?v=0Fju9o8B…
4
124
486
35,919
Typewriters and sketchpads… stored in safes… buried in concrete? Remember Gene Spafford: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards — and even then I have my doubts."
Mar 5
Iets talk about ai data processing and vulnerability research.
I understand this challenge quite well, it comes down to compliance, risk and data processing, but I find it exponentially harder to avoid any kind of third party processing in today’s age,
let’s say one uses Google Docs to keep notes or write a report and use gemeni for spell checking, or use slack, windows, a modern ide, or even perform a search, etc. etc, they all have ai features and telemetrics enabled and built in.
When it comes to data processing using ai the end user can in some cases control this by having an enterprise agreement with zero logging and zero data retention activated on ex Claude code. But it comes at a much higher price tier, and I highly doubt most will adapt to that setup. Then we have the fact that most foundation models live in the us. Which have its own complications.
This it’s definitely a question I have pondered and not 100% sure on how to solve or even avoid. My approach is to guard the data as much as I can with the knowledge I have and use services where I can opt out from training and be selective with what I process and how and use local
Models for some task.
But tbh I think it’s a conversation of the past. If the thing you are processing have been in the internet (public facing) then it’s already in the datasets. And is code or vulns even IP these days? when more and more teams produce code on the fly.
What are your opinions?
can we solve this?
2
73