The Operator and the Oracle: What We Sacrifice When We Stop Thinking for Ourselves There's a real thought that's been sitting in the back of my head for a while now, and I keep coming back to it. Jason Lang shared his Real Human Concerns In The Age of AI on X recently that…

Hot take that isn't really a hot take:

The security community is quietly outsourcing the exact cognitive capability that makes it valuable.

Braindumped how to address it:

👉

Desert Ops: Vegas odds stacked in the DEFCON rookie’s favor You've probably seen all the tweets, heard the wild DEFCON tales, and finally decided you’re going. Cool, but let’s get real for a second. Vegas isn't exactly the sleek Hollywood glam you see in…

Defcon 33 is just around the corner (August 7-10, 2025, Las Vegas)! Hacking season is upon us.

I've put together some tips for #DEFCON first-timers on navigating the conference and Vegas itself. Hoping it helps peeps make the most of the experience!

kreep.in/desert-ops-v...

Just dropped my BadSuccessor .NET PoC showing how to abuse Delegated MSAs for AD access:

✔️ OU discovery
✔️ Zero-creds MSA creation
✔️ Works with user or machine account

Details + code:
🔗 github.com/ibaiC/BadSuc...
🧵 kreep.in/badsuccessor...

FriendlyFire BOF: Selective Process Freezing Introduction The objective of this research was to find a way to suppress Microsoft Teams’ ability to display new messages without forcefully terminating the application or making it visibly unrespon...

Been researching how to silently freeze Windows processes to hijack them during red team ops. Target apps like Teams, Slack, Outlook—pause them without breaking UI. Useful for stealthy social engineering.

Write-up here:
🔗 kreep.in/friendlyfire...
BOF:
💻 github.com/ibaiC/Friend...

Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident The Windows Resiliency Initiative includes lots of changes.

Microsoft is moving key security mechanisms back to userland. On the surface, this should make life easier for threat actors—but surely they’ve thought of that, right? 🤔

At least we're getting more control over our machines again.

Dave Grohl Inspired By Disco Drum Beats YouTube video by Vocal Vibes

A nice reminder that everyone underrates their skills and talent www.youtube.com/watch?v=dZCr...

2025 Global Threat Report | Latest Cybersecurity Trends & Insights | CrowdStrike Discover key cyber threat trends in CrowdStrike’s 2025 Global Threat Report. Learn about rising attacks, malware-free threats, and evolving adversary tactics. Download the report now.

The #CrowdStrike2025 report is wild! 🚨 Breakout times as low as 51 sec, a 442% surge in vishing, and attackers using #GenAI for social engineering. Things are changing, FAST.
#CyberSecurity #Infosec

I've been diving into Windows Security Internals - James Forshaw & Evading EDR - Matt Hand.

They've been easy to get through and definitely filling some knowledge gaps.

Any other must-reads in the Windows internals or RT realm? 👀 📖

RedAgent: Red Teaming Large Language Models with Context-aware Autonomous Language Agent Recently, advanced Large Language Models (LLMs) such as GPT-4 have been integrated into many real-world applications like Code Copilot. These applications have significantly expanded the attack…

AI vs AI. We're really doing this.

RedAgent is an LLM designed to jailbreak chatbots for pentesting & red teaming. So now we’ve got AI breaking AI, patching itself, and breaking again.

Are we advancing tech or just setting up a whole new battlefield?

🔗 https://arxiv.org/abs/2407.16667

Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).

In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪

👉 blog.scrt.ch/2025/02/18/r...

Anyone Can Push Updates to the DOGE.gov Website "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."

SQLi in modern web apps is hard to introduce on purpose with today’s ORMs. Yet somehow, a gov site let anyone push updates like a shared Notion doc.

Someone feeling nostalgic for DROP TABLE users;--?

Bad code keeps me employed, so I can't complain.