CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Joined April 2008
- Tweets 63,775
- Following 4,742
- Followers 70,612
- Likes 134,944
8,370 Photos and videos
Justin Elze retweeted
So, we need to figure out what is going on with CVE-2026-41089, the Netlogon vulnerability that Microsoft patched in May and that the Center Cybersecurity Belgium said on 05/29 is being exploited in the wild.
If the latter is true that's a *huge* deal.
But no public confirmation?
4
10
39
5,541
Justin Elze retweeted
David Sacks on How Anthropic is Ironically Running Surveillance on Their Latest Models
“This is the company that said that it was against government surveillance. They are now retaining for 30 days every prompt and every output you send to one of these Mythos class models.”
85
335
2,528
248,071
Jun 13
Jun 13
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: anthropic.com/news/fable-myt…
6
2
46
4,090
Justin Elze retweeted
Jun 12
Talk is over and reel is finally public. github.com/trustedsec/Reel
Jun 12
#x33fcon "Towards Continuous #Social #Engineering" talk by @two06 - x33fcon.com/#!/s/JamesWillia… - #red, #demo, #social_engineering
8
13
2,723
Justin Elze retweeted
Jun 12
JavaScript escaped the browser. JS-Tap v3 followed it. In our new #blog, Principal Security Consultant @hoodoer introduces three new beacons targeting the Electron apps, browser extensions, and Node runtimes running on corporate workstations. Read it now! hubs.la/Q04lbHYc0
1
27
59
5,473
Jun 12
Never stayed at a hotel with my Dutch shepherd before would not recommend dude was on high alert all night from people stomping around
3
33
2,467
Justin Elze retweeted
Jun 12
Happy Friday!
We're back with our analysis of Check Point's friendly CVE-2026-50751, an Authentication Bypass in their.. security-boundary-enforced-by-authentication SSL VPN products...
Enjoy!
labs.watchtowr.com/marking-y…
1
39
118
27,483
Justin Elze retweeted
Jun 11
I'm excited to get v3 of JS-Tap released publicly.
3 new beacons for persistence on endpoints, BEX (malicious browser extension), Atom (electron app implant), and V8 (node/bun app implant). Read more here:
github.com/hoodoer/JS-Tap/di…
Find me at BlackHat Arsenal for a demo.
10
13
2,803
Justin Elze retweeted
Jun 11
Wait a minute, Doc 👀 Are you telling me this year's #SmileyCon sessions are available for everyone? Check out the latest #cybersecurity insights and expert perspectives from the Doc Browns of TrustedSec—watch now! hubs.la/Q04l5H5L0
13
28
9,898
Justin Elze retweeted
Jun 11
Now that we've identified the blind spot, here's how to fix it. In Part 2 of our two-part series, @Carlos_Perez delivers a phase-based implementation guide to hardening Microsoft #Intune across 11 critical controls. Read it now! hubs.la/Q04l3yQk0
1
13
29
4,197
Justin Elze retweeted
Jun 11
After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of:
github.com/S3cur3Th1sSh1t/Ni…
7
110
348
16,439
Jun 11
If I didn’t have the dog with my these charging stops would be annoying.
2
10
1,247
@ippsec, @pure_strug and I just launched Adversarial Input.
Every other week, we’ll talk through what’s happening in AI from a cybersecurity perspective and try to cut through the hype to figure out what’s actually real.
First episode is live. Would love to hear what you think: pod.link/1896901842
1
7
40
9,306
Justin Elze retweeted
Jun 11
This shows yet again how this limitation was never about "safety" but about Anthropic doing stuff just because they thought they can.
I am increasingly sceptical Anthropic really cares about safety, and not just their business interests (limiting competition where they can)
NEW: Anthropic is walking back Claude Fable 5's policy to covertly degrade performance for competing AI researchers, after facing fierce backlash.
“We’re changing Fable 5’s safeguards for frontier LLM development to make them visible,” Anthropic tells WIRED. “We made the wrong tradeoff and we apologize for not getting the balance right.”
60
94
1,535
99,238
Justin Elze retweeted
6
50
262
21,101