@c0ncealed profile picture
Tom Moore @c0ncealed
Joined October 2011
  • Tweets 9,773
  • Following 3,432
  • Followers 3,659
274 Photos and videos
Tom Moore retweeted
Enno Rey@Enno_Insinuator
Apr 14
SmokedMeat github.com/boostsecurityio/s…

GitHub - boostsecurityio/smokedmeat: A CI/CD Red Team Framework for demonstrating Build Pipeline...

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks. - boostsecurityio/smokedmeat

github.com
1
13
55
8,835
Tom Moore retweeted
The Hacker News
@TheHackersNews
Apr 15
🔥 OpenAI launched GPT-5.4-Cyber, a model built for security teams to find and fix bugs faster. 3,000 vulnerabilities already fixed using its Codex Security tools, with access expanding to thousands of defenders. But the same AI can be misused to find exploits. 🔗 Read → thehackernews.com/2026/04/op…
8
60
204
26,323
Tom Moore retweeted
vxdb
@vxdb
Apr 15
Veritasium Exposes a Tap To Pay Flaw That Lets a Payment Terminal Steal $10,000 From a Locked iPhone
4:04
371
1,862
27,819
1,633,236
Tom Moore retweeted
Panos Gkatziroulis 🦄
@ipurple
Apr 15
🔥 Q1 recap of iPurple.team articles: EDR Silencing → AppLocker Rules Abuse → GAC Hijacking → Credential Guard → Toast Notifications. All articles detection notes in one place ⤵️ 1⃣ ipurple.team/2026/01/12/edr-… 2⃣ ipurple.team/2026/02/02/appl… 3⃣ ipurple.team/2026/02/10/gac-… 4⃣ ipurple.team/2026/03/17/cred… 5⃣ ipurple.team/2026/03/25/toas…

Purple Team

Purple Team, Detection Engineering, Threat Hunting

ipurple.team
11
43
3,517
Great work and congratulations on another amazing conference @BsidesCLT team! Looking forward to next year!
2
3
95
Tom Moore retweeted
SC Media@SCMagazine
Mar 15
Medical device maker Stryker says it has no timeline for full recovery after a cyberattack by an Iran-linked group disrupted 200K-plus systems. The impact now extends beyond IT to manufacturing, supply chains and hospitals. #cybersecurity #infosec #CISO bit.ly/4s4iyzW

No restoration timeline for medical device maker Stryker after cyberattack

Company also tells customers the attack by Iran-linked Handala disrupted supply chain.

scworld.com
4
5
676
Tom Moore@c0ncealed
6 Apr 2025
Thank you to each of the volunteers that put on @BsidesCLT this year! Great venue, talks, and conversations, and it's great to see the conference still bringing people together to learn from one another in the security industry.
1
109
Tom Moore retweeted
nyxgeek
@nyxgeek
3 Oct 2024
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync. What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth. Basic Auth is dead. Long live Basic Auth! trustedsec.com/blog/kicking-…

Kicking it Old-School with Time-Based Enumeration in Azure

trustedsec.com
5
72
211
17,419
Tom Moore retweeted
ii4gsp
@ii4gsp
3 Sep 2024
CVE-2020-27786 Linux kernel exploit covering msg_msg timerfd_ctx tty_struct and finishing with ROP. ii4gsp.github.io/cve-2020-27…

CVE-2020-27786 ( Race Condition Use-After-Free )

ii4gsp.github.io
1
39
135
12,396
Tom Moore retweeted
cackalackycon@cackalackycon
17 May 2024
Today is the day!! Registration opens at noon. Talks and workshops start at 1300 Opening Ceremony 1800
3
5
699
Tom Moore retweeted
The Hacker News
@TheHackersNews
2 May 2024
🚨 Alert - Popular #Android apps like Xiaomi File Manager and WPS Office are vulnerable to a path traversal flaw that could let hackers overwrite files and execute malicious code, leaving over 1.5 billion users exposed. Details here: thehackernews.com/2024/05/po… #infosecurity

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Popular apps like Xiaomi File Manager and WPS Office are vulnerable to a path traversal flaw that could let hackers overwrite files and execute malici

thehackernews.com
6
110
170
37,349
Tom Moore retweeted
cackalackycon@cackalackycon
1 May 2024
Did you know we will have an electronic badge at the con this year? Our hardware village will give you the chance to build and hack your badge. Newbies always welcome! Join the Discord for more info discord.gg/KFnuZyGw What will you do with your badge?

Discord - Group Chat That’s All Fun & Games

Discord is great for playing games and chilling with friends, or even building a worldwide community. Customize your own space to talk, play, and hang out.

discord.com
1
3
337
Tom Moore retweeted
nixCraft 🐧@nixcraft
2 May 2024
I can't believe a paid OS needs a tool like this. Here's a GUI tool called OFGB (Oh Frick Go Back) to remove all the ads in Windows 11. It's understandable if a free OS or app needs ad support, but this is just crazy.
122
1,086
6,967
515,309
Tom Moore retweeted
Mike Felch (Stay Ready)
@ustayready
28 Feb 2022
Dropping a new initial access technique via RDP that I dubbed "Rogue RDP". Use malicious .RDP files to bypass email/servers/security gateways and then run code to binary plant/exfil from your own RDP server, blinding EDR. Bonus: Target runs HyperV? RCE! blackhillsinfosec.com/rogue-…

Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security, Inc.

Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

blackhillsinfosec.com
9
311
715
Tom Moore retweeted
InfosecMatter@InfosecMatter
8 Jul 2020
Top 16 Active Directory vulnerabilities found during pentests (detailed post) #infosec #pentest #pentesting #hack #hacking @DirectoryRanger infosecmatter.com/top-16-act…

Top 16 Active Directory Vulnerabilities - InfosecMatter

Practical steps on how to pentest Active Directory environments using a list of most common AD vulnerabilities. Tools and command examples for testing and exploitation of AD vulnerabilities.

infosecmatter.com
11
454
1,228
Tom Moore retweeted
cackalackycon@cackalackycon
28 Apr 2024
It’s not a Tetris piece preview, it’s our 2024 badge preview. Pre-register today to be sure you get one of our electronic badges to hack. events.eventzilla.net/e/cack…
4
8
523
Tom Moore retweeted
vx-underground
@vxunderground
28 Apr 2024
The most sophisticated exploit we've ever seen. Thank you to @wdormann for bringing this to our attention. This is basically Stuxnet. 2.0
53
186
2,174
338,327
Tom Moore retweeted
moo
@moo_hax
26 Apr 2024
Is this in a lab, yes. Is this also what operators would run not in a lab, also yes. Everything in memory, done with off-the-shelf malware with a Rigging integration from run in an "agentic" loop. Sometimes the models do well, sometimes they do poorly, but progress is up and to the right...and the data we get is 🔥 For defenders, it does you no good to see an AI thing and immediately say "that's not possible". It's exactly what Proofpoint said when we reported Proofpudding...It's just here now. GPUs are about speed and scale, that's what you'll get with AI driven ops, speed and scale. It doesn't undo all the defenses built up in networks.
3
12
29
8,557
Tom Moore retweeted
Panos Gkatziroulis 🦄
@ipurple
5 Apr 2024
Updated the Persistence checklist. There are 4⃣0⃣ persistence techniques which are backed up with an article ⤵️ github.com/netbiosX/Checklis… #redteam

Checklists/Persistence.md at master · netbiosX/Checklists

Red Teaming & Pentesting checklists for various engagements - netbiosX/Checklists

github.com
37
119
7,189
Tom Moore retweeted
Starlink
@Starlink
8 Apr 2024
View of the solar eclipse from a Starlink satellite on orbit
0:22
1,002
7,283
34,373
3,583,004
Load more