Next week at WWHF Mile High I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀

What do you MEAN the president audibly SHIT himself live on camera and they immediately cancelled the press conference and rushed everyone out of the room like it's a fire drill, and it happened two days ago, and I'm just hearing about it NOW?

Beach walk with the doggos 🐶

a clown on a stage in front of a banner that says time to dance ALT: a clown on a stage in front of a banner that says time to dance

Finally watching Welcome to Derry, took until the final few episodes to see Pennywise but the show stands well on its own 🎈

An Evening with Claude (Code) - SpecterOps This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.

AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks.

During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.

👀 Read the details: ghst.ly/49ybl4W

Still here.. still lurking

My second post for the month is now live 🎉

Talking Heads - Psycho Killer (Official Video) YouTube video by Talking Heads

Talking Heads released a music video for Psycho Killer and it's fucking awesome :D www.youtube.com/watch?v=CJ54...

a man in a suit and tie is standing in front of a microphone and saying `` please be true '' . ALT: a man in a suit and tie is standing in front of a microphone and saying `` please be true '' .

Please say we're getting another PsychOdyssey to go with Keeper dev!!!

Tokenization Confusion - SpecterOps Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.

🚨 New blog post alert!

@xpnsec.com drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs.

Read more: ghst.ly/4koUJiz

Tokenization Confusion - SpecterOps Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.

New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06...

taylor swift is wearing a black off the shoulder top . ALT: taylor swift is wearing a black off the shoulder top .

The level of snark in my upcoming blogpost is next level... And I'm not even sorry!

Didn’t know this impressive fact. @xpnsec.com did you?

I did not but it makes me feel better about watching it now :D

Wrong XPN (unless you like hacker techno) 🤗

You've been prepping for #OSCP exam day, and it finally arrives. 🙇

In Part 4 of his blog series, @anam0x.bsky.social focuses on the test & how to maximize the educational, financial, & professional value of the exam experience.

Read more: ghst.ly/4lHDw4M

🧵: 1/4

Superintendent POC YouTube video by Adam Chester

Worked on a simple POC last night for connecting Mythic up to LiteLLM (pointing to Claude) for riding shotgun on a C2 session. Only using shell cmd, but provides oversight and hints to potential paths to explore. Quite happy for a weekend project :D youtu.be/C9J5okm6cA4

New AI Slop Avatar, who dis?

Last Week in Security (LWiS) - 2025-04-14 WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!

WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!

blog.badsectorlabs.com/last-week-in...

Presentations/SOCON2025 at main · xpn/Presentations A collections of presentations. Contribute to xpn/Presentations development by creating an account on GitHub.

Slides from my SOCON 2025 presentation are now up on GitHub github.com/xpn/Presenta...

Tokenizing the Sandwich Debate: How NLP Models Weigh In on Hot Dogs Get the gist for Natural Language Processing (NLP) and how tokenization plays a factor

Awesome post from @atomicchonk.bsky.social on NLP Tokenizing. We need more content like this to show the "how" behind the LLM :) www.corgi-corp.com/post/tokeniz...

Think NTLM relay is a solved problem? Think again.

Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

New blog post 🤗

No idea why my first thought to a problem is a heavy RE session, something for therapy I think 🤣

The SQL Server Crypto Detour - SpecterOps As part of my role as Service Architect here at SpecterOps, one of the things I’m tasked with is exploring all kinds of technologies to help those on assessments with advancing their engagement. Not l...

Celebrating 1 year at SpecterOps, this was the first project I worked on after starting. Looking at SQL Server Transparent Data Encryption, how to bruteforce weak keys, and how ManageEngine's ADSelfService product uses TDE with a suspect key. Enjoy :) specterops.io/blog/2025/04...

Love this article. It’s something that I’ve tried to follow throughout my career, having a line of sight to business profit centres. Even more important in the days of tech layoffs www.seangoedecke.com/where-the-mo...

1 year anniversary at SpecterOps, so many personal and professional achievements in a short space of time. My advice for anyone getting into this field, try and make sure that you work companies and colleagues that push you beyond your comfort level. \o/

I’ll throw the blog post up soon to share it :)

I did a talk!! #socon2025