@atomicchonk.bsky.social
AdSim Consultant @ SpecterOps π» Corgi dad πΆ Cat servant π± Tattoo collector πΌοΈ Runner ππ»
Spoiler alert: Your AI safety measures might have a blind spot. π
When attackers use conversation context to bypass LLM safeguards, single-prompt evals just don't cut it anymore.
Dive into @atomicchonk.bsky.social's latest blog on multi-prompt attack detection. ghst.ly/47qJhzn
Potato exploits have been a cornerstone of local priv esc on Windows for years, but how & why do the inner starchy workings of the potatoes function?
Join @atomicchonk.bsky.social next week to understand Windows access tokens & their use in the Windows environment. ghst.ly/june-web-bsky
Sorry, Italian four cheese and cheddar jack supreme. My mind was still recovering from the abomination
05.06.2025 02:45 β π 1 π 0 π¬ 0 π 0Idk if itβs the Cheez It crust itself for me, or if itβs the fact that someone thought a Cheez It crust and an Italian Supreme flavor were a good mix
05.06.2025 02:45 β π 1 π 0 π¬ 0 π 0
New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06...
03.06.2025 16:57 β π 5 π 1 π¬ 0 π 1Youβre a real one, thank you ππΌ
29.05.2025 22:30 β π 1 π 0 π¬ 1 π 0
It's potato harvest season! π₯
Join our upcoming webinar w/ @atomicchonk.bsky.social as he breaks down the starchy workings of potato exploits β from Windows access tokens to technical walkthroughs of Rotten, Juicy, and Rogue potatoes.
Register at ghst.ly/june-web-bsky
Just wrapped up a blog post on understanding BadSuccesor from a DACL abuse aspect and mitigating it from a DACL abuse perspective.
Also added some PowerShell on my GitHub to create and remove the mitigations.
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.
Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
If you havenβt read the BadSuccessor blog post, woo boy: www.akamai.com/blog/securit...
24.05.2025 02:40 β π 2 π 0 π¬ 0 π 0Ok Iβve been enlightened further; they donβt collide if you tweak the command just slightly :pain:
22.05.2025 15:43 β π 1 π 0 π¬ 0 π 0
Iβm convinced most learning happens when youβre doing what I call βsmacking into something;β failing repeatedly, figuring out why it failed, and proceeding to the next step where you rinse and repeat until you achieve your ultimate objective. TIL: docker and podman dependencies collide.
22.05.2025 15:24 β π 1 π 0 π¬ 1 π 0Congratulations!
21.05.2025 23:02 β π 1 π 0 π¬ 0 π 0
Beyond hyped to be presenting with @anam0x.bsky.social and the rest of my team at Arsenal at BHUSA 2025! app.ingo.me/q/0x9xn
20.05.2025 16:14 β π 6 π 0 π¬ 0 π 0
Do you miss "@cobaltstrikebot"? If so, here's a blog post showing how you can pull Cobalt Strike SpawnTo and watermark info with @shodanhq.bsky.social and some PowerShell: forensicitguy.github.io/squeezing-co...
19.05.2025 01:38 β π 11 π 6 π¬ 0 π 0
It was an absolute pleasure to speak at @cackalackycon.bsky.social today and share my love of potatoes. Thank you to @specterops.io for fueling me to always go a layer deeper in learning and motivating me to chase my passions π₯
18.05.2025 17:10 β π 7 π 2 π¬ 1 π 0What do potatoes have to do with privilege escalation on Windows? Come find out at Max Andreacchiβs session, βTater Tokens: Introduction to Windows Access Tokens and Their Role in PrivEscβ on May 18th!
17.05.2025 21:55 β π 2 π 1 π¬ 0 π 0
Why do potato exploits work & how can we stop them?
Join @atomicchonk.bsky.social at @cackalackycon.bsky.social this weekend for a walkthrough of Windows access token manipulation and get the answer. ghst.ly/4jzjlnI
Immaculate Rick Roll placement
11.05.2025 23:10 β π 2 π 0 π¬ 1 π 0Great work getting it done!
06.05.2025 21:13 β π 1 π 0 π¬ 0 π 0
Always enjoy the views in Seattle! Spent excellent quality time with teammates and received amazing training. Now for a weekend of running and resting back home before new travels next week βοΈ
02.05.2025 23:18 β π 1 π 0 π¬ 0 π 0
Don't let threat actors mash your Windows security! @atomicchonk.bsky.socialβs @cackalackycon.bsky.social talk breaks down potato exploits from token mechanics to defensive implementations.
Learn more β‘οΈ ghst.ly/4jzjlnI
Fulltime Win Graphic: NC Courage 3-2 KC Current.
NC BABYYY π
27.04.2025 01:07 β π 68 π 16 π¬ 1 π 10
Iβve had to beat stubbornness out of my training. When I ran 10+ yrs ago Iβd just hard-head my way forward but wind up injured. This time Iβm focused on the goals ahead; nagging aches mean a rest day tomorrow so I can live to run later this week and keep this train moving to Oct (and beyond)
24.04.2025 05:22 β π 3 π 0 π¬ 0 π 0
Understanding Windows access tokens could be your best defense. At @cackalackycon.bsky.social, @atomicchonk.bsky.social will be peeling back the layers on potato exploits that threat actors use for privilege escalation.
Check out the schedule to learn more β‘οΈ ghst.ly/4jzjlnI
Just pushed a new versions for #AADInternals and AADInternals-Endpoint modules! Some bug fixes plus support for:
1οΈβ£ Microsoft Authentication Library (MSAL)
2οΈβ£ Token Protection
3οΈβ£ Continuous Access Evaluation (CAE)
The Ketman Project has published a list of names and GitHub profiles they believe may be North Korean rogue IT workers posing as open-source developers and freelancers, and seeking employment at Western software companies
www.ketman.org/dprk-it-work...
Initial stab at using Chris Hayuk's mcp-cli tool to pair roadrecon_mcp_server with a locally-hosted model (in this case, mistral-small3.1). Note that running this query took over 300s so YMMV depending on several factors. Will update GH this week with instructions on replicating this.
16.04.2025 01:53 β π 2 π 0 π¬ 0 π 0
