424 Photos and videos
Pinned Tweet
8 Nov 2018
Passed the #OSCP exam by @offsectraining first time around!! Great experience! youracclaim.com/badges/11c22…
6
9
105
May 13
But I was told there is no risk on public networks? You're telling me I can be popped by a DNS response and there are 0-days in the security product shipped on consumer laptops? At least nobody is going to MiTM me on a train, right? So I'm safe? Please respond tweeps.
‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response.
The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine.
To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement.
That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product.
Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release.
On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly.
Defenders should:
- Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers
- Restrict DNS traffic to trusted resolvers where possible
- Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity
- Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete
225
Daniel (ダニエル) retweeted
Feb 4
> Epstein writes down email and password
> FBI finds it
> Stores as evidence
> Doesn't censor
> Released
> Nerds find Epstein password
> No MFA
> I wonder if anyone logged in?
> Look inside
675
4,692
95,281
6,402,286
6 Aug 2025
Where did this "alright Landlord" haircut come from?
1
299
30 Jun 2025
30 Jun 2025
Canada has ordered Hikvision to shut down nationwide, citing national security concerns. The ban prohibits government use of its products, but Hikvision calls it baseless and biased.
#Canada #HikvisionBan #NationalSecurity #Surveillance #Cybersecurity
securityonline.info/canada-b…
131
Daniel (ダニエル) retweeted
15 Jun 2025
I’ve just published the official trailer for my upcoming course, Malwareless Adversarial Emulation (MAE).
Watch the trailer & module overview: youtu.be/KUco9hFj-W0
Sign up to be notified when the course goes live: mae.zsec.red/
4
35
128
16,571
30 May 2025
People will spend more on recovering the Airpod, rather than just buying new Airpods
29 May 2025
My AirPod pros have been lost for a year in Pakistan and guess who’s going to go there next week and get his property back!
162
23 May 2025
I was just in these places!! Damn it!
23 May 2025
Operation "Pocket Tissue" is underway at Shinagawa, Ikebukuro and Akihabara 🙏🫶👍🙇🏻🎉
95
15 May 2025
So, like, do you have to know how to code to be a red teamer? Could save myself the effort of writing loaders and malware to evade EDR, or new C2 comms channels.
In all seriousness, I know red reamers who don't code and are good at it. They have a team for that.
1
122
16 Feb 2025
Actual Neanderthals
131
15 Feb 2025
This is the shit they had us doing in college. At home in the evenings I was learning c/ , pirating Borland Delphi to get ahead in class, and building PCs for friends. Good times.
14 Feb 2025
Today is 30 years since Delphi was launched, in February 14th of 1995.
ALT Borland Delphi
1
179
14 Feb 2025
Did cyber work for a company who sold and serviced lifts. When I spoke to them they were going through some "change in business". Turns out that was an employee being killed during maintenance after being trapped and crushed.
185
10 Feb 2025
The American mind thinking this is complex
149
3 Feb 2025
POV your reaction when someone says RTFM after you asked how to hack your school on IRC
96
30 Jan 2025
They should find the same exact car and make her get into it on live video. If the woman doesn't fit, you must acquit.
28 Jan 2025
Lyft can win the lawsuit by just stalling it out, she doesn’t look like she has much time left lol
3
582
29 Jan 2025
A benefit of launching a popular service are the free pentests that come with it
29 Jan 2025
Hello @deepseek_ai,
I have sent an email to service@deepseek.com regarding a critical vulnerability that could allow attackers to access your database exposing sensitive data including API KEYS. I strongly recommend addressing this issue as soon as possible.
1
3
496
20 Jan 2025
I hate the internet these days. He was gesturing throwing his heart at the audience right after he said it. It's been clipped out of context and people are running wild.
85
19 Jan 2025
"they can't do much to me now anyway" 😂😂
1
160