Microsoft is now selling SaaS without the aaS
blogs.microsoft.com/blog/2025/06...
I mean did it and was it actually thought to/meant to "help"? Because wowee its terrible
Someone from India has been doing mass downloads from our virus exchange (in the millions)
1. My dude — we allow bulk downloads from our main website.
2. Don't make us impose API limitations
Update your VMware ESX farms ASAP.
There's an in the wild exploit chain being used which does VM -> Hypervisor escape, across all versions of ESXi. Allows full cluster access.
doublepulsar.com/use-one-virt...
I feel like this gives you a mandate to glue a Mercedes badge to your bin.
Man that's terrible news. Dfj was a great person and a great part of the community.
Reminds me of visiting Kirkjufell in Iceland, just on a completely different size scale 😅
Good luck with the research
Defenders use cross-origin requests through CSS url() or injected JS to leak your phishing URL in the HTTP Referer header.
Today, I've been reminded about the excellent post by Keanu Nys, which contains a lot of great evasion ideas!
insights.spotit.be/2024/06/03/c...
Oh, I never posted my gotofail story on here.
Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation.
I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.
Thanks for putting these together. Always looking for more MDE/MDI and general detection engineering folk to follow.
#DEATHCON24 has been great and what looks to be still a bunch of great content to go through.
Enjoyed the format!
Unlucky that discord is seeming to be having a bit of an outage during #DEATHCON24
I used to love "old Twitter" for the somewhat centralised infosec content and the high signal to noise ratio of valuable content I had been able to curate in my follows. It was notoriously good at providing just the right blog article for someone's engagement that week. I hope it returns here
You're damn right it is. What is this thread; where does it lead to; who put it there; why does it work like that; why do they want that...
Often benign outcomes. Until it isn't.
Brisbane was 17°C overnight last night ..
After today we were a tad doubtful
Definitely big "I just got here, is it me?" vibes
My reputation is now fast becoming "oh your the person who just makes the executive sad or uncomfortable about risks introduced by hard problems I'm trying my best to avoid thinking about"
Document names are kind of like job titles. There are internal and external document names. For example, the external document title is “Risk Register”, but the internal title is “Wish List”.
Hi, you can call me lystena. I used to do offensive security, find weird bugs, and annoy blue teamers. Then I joined the blue team, wrote weird alerts and automation to annoy red teamers. Now somehow I'm management, I make PowerPoints and I annoy everyone. 🤷♂️
Sup sup. How's things?
