@LucasBotkin 4:20 fuel up with some green before hitting the Jiu Jitsu gym.

@HackingLZ With enough head gasket shims this might work but the lower compression negates any advantage gained from the longer stroke.

@chrissanders88 Hope they configured global audit policy more than 3 years ago. Hope you have any logging. Check last login date or if ever logged on. Try the password testuser for lulz

@TMDFIR Absolutely! I deploy security onion on every ransomware engagement. EDR only works if you deploy it on EVERY host. NDR along with JA3 signatures are essential for identifying persistence from cobalt strike or RMM tools on host you missed deploying edr on.

@techspence Export the folder as a pst. Convert to eml then run it through bitrecover to output as jpg

@deadvolvo Scroll through the @ExploitDB feed, it's nothing but exploit code from abandoned college coding projects hosted on RCE in poultry farm or Church management software etc.

@jeremiahg I’m surprised any insurance carriers could provide any attribution given the majority of “incident response” companies they engage with just deploy s1 or CS and don’t actually know how to do root cause analysis or forensics.

@rd_pentest This is some slick tradecraft! I’ll be using this on my next engagement.

@thoughtfault Link to the training?

@vxunderground

@0xTib3rius Detection engineering is a great option for seasoned Pentesters because they understand how attackers think and can execute the tools to create detections in security products or for organizations.

Friendly reminder: You can actually buy industrial hardware like crane controllers online and test them for security vulnerabilities. This version allows you to capture and replay button presses.

@SwiftOnSecurity @CISAgov Does CISA have this authority, because there are thousands of traffic lights vulnerable to CVE-2024-38944…

@azalsecurity Translation

@techspence I once had a customer dispute the results of a pentest saying any good firm does full packet captures of all their testing. Customer wanted to know the EXACT time we identified specific directories while fuzzing a webapp and when the packet was sent.

Help me, Obi-Wan Kenobi. I'm afraid Princess Leia has been turned to the Dark Side.

@HackingLZ The coolant line! That turbo setup! I’m tired of seeing these pie cut titanium setups. 11/10 on your turbo mount execution!

@BuildHackSecure I know but I’m typically grabbing a screenshot for the pentest report!

The worst part about Responsible Disclosure is the “Responsible” part. I want to share my findings now, but I guess I’ll wait until the patch drops! COMPLETELY unrelated, the top song for the day is “It’s getting hot in here”