Blue Teamer in Disguise. Blog at netsecfocus.com. SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining
Joined March 2013
- Tweets 7,823
- Following 488
- Followers 23,314
- Likes 13,370
622 Photos and videos
As Promised! I have decided to update my guide for preparing for OSCP. The guide is full of new updates and information to help you prepare for PEN-200/PWK 2.0.
If anyone wants to read it here it is: netsecfocus.com/oscp/2021/05…
31
340
964
Tony retweeted
Jun 1
Prove it.
Reinstate Nightmare Eclipse on GitHub.
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
Community note
The root of this statement is a post by a security researcher that stated MS revoked the access to their reporting account. When the researcher asked for explanation, his account got deleted. He got no answer. This escalated further by MS deleting the github account as well.
deadeclipse666.blogspot.com/2026/05/dear-m…
4
54
591
20,931
At @BsidesHbg yesterday I did a talk about how I built a modular asset discovery framework by using open source tooling to help automate my work when handling large engagements.
That tool is called cygor: github.com/tjnull/cygor
2
12
63
4,776
Tony retweeted
May 28
Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point.
This Eclipse guy has really rocked the boat for Microsoft.
118
515
4,333
164,098
Tony retweeted
May 27
Just because the con ends doesn't mean the fun has to. We will have an after party this year! Get your tickets while you can! events.humanitix.com/bsidesh…
1
460
I know this is outside of Infosec, but I figured I ask.
I run the Charm City Cannons Box Lacrosse team and we are looking for support to help fund our team to compete in the NABLL region.
If you are interested in supporting us please let me know.
instagram.com/charmcitycanno…
1
2
3
632
If you are using @kalilinux you should update to the latest kernel 6.19.14 that just rolled out. This version contains the patch for CopyFail
1
2
20
1,654
Tony retweeted
Apr 30
I too woke up and choose violence today as the fail-copy POC dropped.
Made a clean exploit including fixing the UID post exploitation without rebooting the target server. Smoke those CTF’s in hack the box.
github.com/rootsecdev/cve_20…
4
115
554
34,068
Tony retweeted
CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.
github.com/badsectorlabs/cop…
16
224
1,099
77,999
Can confirm this exploit works. I have tested it on a few Linux distros since it was released.
Apr 29
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
copy.fail/
5
13
159
27,826
Tony retweeted
Apr 29
We're thrilled to feature a Red-Team focused track at BSidesHBG this year!
Don't miss out on our five cutting-edge talks!
Get your tickets now!
events.humanitix.com/bsidesh…
@eshannnnnnnn @TJ_Null
1
2
4
493
Tony retweeted
Apr 23
Over the past month, some of you reported Claude Code's quality had slipped. We investigated, and published a post-mortem on the three issues we found.
All are fixed in v2.1.116 and we’ve reset usage limits for all subscribers.
1,916
2,588
39,785
6,471,706
Tony retweeted
Apr 16
Be Anthropic
> Give people Opus 4.6
> People love it.
> For 2 months you degrade Opus 4.6
> You give back normal Opus 4.6 and call it Opus 4.7.
> People love it.
That's the business model.
251
689
15,944
593,067
Version 1.1 of Leetha has been released. Refactored most of the core engines it uses, fixed some gaps in the exposure and attack chain detections.
Also added remote sensors where it builds a rust agent you can deploy on a network edge device or another system to capture traffic
1
4
28
2,241
In case anyone missed it here is the link to check out the project:
github.com/tjnull/leetha
4
482