fable is a joke wtf

I'm excited to be able to finally publish the public disclosure for CVE-2026-4387. Check out my blog on discovering the reuse of the state.kv file to get authenticated sessions with StrongDM (now fixed). specterops.io/blog/2026/06/0…

I guess it's dunk on MSRC day lol

Phishing sandboxes don’t play fair. In his latest blog, @synzack21 walks through a real red team engagement against modern email sandboxes and techniques that helped keep payload redirects hidden from crawlers while preserving a familiar user experience. ghst.ly/3RDFWac

It will be huge! – (mostly) full @WEareTROOPERS #TROOPERS26 agenda published: troopers.de/troopers26/agend… troopers.de/troopers26/agend…

👀👀

Launching a WSL process from a Windows process with WslLaunch trainsec.net/library/windows…

NTLMv1 is still out there. And now it’s easier than ever to break. @skylerknecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required. Check it out! ⤵️ ghst.ly/4vqx9Id

I explored how privilege connects DevOps and MLOps into attack paths that are often missed in traditional threat models. I will be presenting this at #SOCON2026 next week. @ArmadinSecurity Research here 👇 armadin.com/blog-posts/pipel…

Pasting API keys in an LLM makes me feel kinda gross, so I created agentcordon. It's an agentic key vault that's: ✅Agent agnostic ✅Cedar policies for clear authorization ✅Fully auditable ✅Remote MCP Support

I got tired of manually doing the "enum DNS -> figure out which ones are live -> request each one in the browser to populate Burp target sitemap" loop ad nauseam. I built a lightweight command line tool Burp extension to automate this entire process. Simply run the tool with very basic args, load the extension, and get everything into your Burp project with no hassle. Also really nice for passive checks (--no-nmap) in the pre-sales/scoping process with prospective clients to get an idea of what all they have actually exposed from an application standpoint at a birds-eye view. Enjoy. github.com/logansdiomedi/per…

Idk what happened but the end of last year MSRC was quick, responsive, and overall just better. Lately it's a ghost town with auto responses and no updates.

Somewhat a first draft / try to get some initial info on Failover Cluster setups, based on all the awesome work @unsigned_sh0rt did recently github.com/LuemmelSec/Pentes… Will give you an overview of Cluster setups, over permissive rights, ownership, OU structure

It's been a few months since I released a few short "Mythic Developer" videos. Before making more, I'd like to first get your feedback on the current ones. Please take a few min and fill this out so I can make sure you get the best content :) specterops.typeform.com/Myth…

Very proud of our team that built and contributed one of our (many) cybersecurity ranges for this AISI research. We're happy to collaborate with others in the AI eval research space as well. arxiv.org/pdf/2603.11214

new ludus features are sick

someone reaching out to share they hit an objective from research I worked on or a tool I wrote is one of the best feelings

Ludus 2 (@badsectorlabs), new GOAD lab (@M4yFly), 🍪 hack (@XeEaton), DPAPI Nemesis (@harmj0y @tifkin_), iOS exploit kit found (@Mandiant), and more! blog.badsectorlabs.com/last-…