geech

ctfd_first_blood_bot.py GitHub Gist: instantly share code, notes, and snippets.

threw together a quick first blood discord bot for CTFd for an event im hosting next week gist.github.com/captainGeech...

working on a simple web chal and was too lazy to write the ui myself, gemini almost turned this into a second challenge 🙃

age of llm==age of free xss?

Being in tech and having a single modicum of critical thinking is just screaming "this isn't what LLMs are designed for" over and over as people shove a bunch of word predictors into critical decision making processes because some glorified used car salesmen told them it would fix all their problems

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | Google Cloud Blog A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.

I wrote a new blog with Mandiant IR + FLARE on some new intrusion activity by a group we track as UNC6148, likely using a mix of n-day and 0-day exploits to compromise SonicWall SMA 100 series VPN appliances. They have some nifty post-exploitation tooling as well

cloud.google.com/blog/topics/...

shuka should give a talk at anticon

Signal sticker pack metadata is fun

signal.art/addstickers/...

a group of men standing on a race track with a yellow sign that says huuuulkkkkk ALT: a group of men standing on a race track with a yellow sign that says huuuulkkkkk

the true GOAT

(this is even more egregious and frustrating when you do it for internal tools)

if you need to use AggresIve styling, dark patterns, popups, and anti-user defaults to get people to use your new features, maybe they are not good features :)

there is something so satisfying about writing rop chains, idk what it is, just a super fun puzzle

Phone unlocking firm Cellebrite to acquire mobile testing startup Corellium for $170M | TechCrunch Cellebrite said the deal will help with the "accelerated identification of mobile vulnerabilities and exploits."

Picked a bad day to wear my Corellium t-shirt smh ☠️

techcrunch.com/2025/06/05/p...

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

I wrote some details on LOSTKEYS: malware which we directly attribute to COLDRIVER. They don't deploy it often, but we have seen it a few times and want to make people aware of it.

cloud.google.com/blog/topics/...

why more JS engines don't have a native bogosort implementation is truly a wonder

greetings fellow windows 11 upgrade refuser

"And this is why using AppContainer with a packaged app is easier"

screw you microsoft i do what i want

learn.microsoft.com/en-us/window...

winnativetemplate/Makefile at main · captainGeech42/winnativetemplate Template repo for using Make to compile simple win32/MSVC code - captainGeech42/winnativetemplate

if you despise using Visual Studio as much as i do, here you go

github.com/captainGeech...

Too many OPSEC experts out there, I’m an OOPSEC expert. Lmk if you need help adding The Atlantic to YOUR pc small group chats. Signal and more!

hey microsoft, hot take, what if you didnt push ads for random games in your fucking operating system as notifications

a child is doing a handstand on a swing over a puddle of water ALT: a child is doing a handstand on a swing over a puddle of water

diaphora vs vmware-vmx

meanwhile, me watching:

arrested development season 1 is the true peak of comedy

lmfao this worked perfectly. thank you to "brute force to make up for my lack of brain cells"

reverse engineering and thinking about reducing problem spaces to hit vulnerable code paths is hard.

fuzzing however, is both "easy" and "fast" - lazy ftw

(may work, may not work, we'll see. need a @digitalocean.com sponsorship lol)

my arch laptop hasnt crashed once since districtcon and has been busy since then, so im just going to chalk it up to "cold dark room is scary to gnome" and pretend this never happened

see you at the next talk where it will inevitably happen again

Department of Government Efficiency

Now that my @districtcon.bsky.social talk is over, here is the official open-source release of implant.js! I think this represents a notable advancement in the state of the art for modular CNO implant frameworks.

Lots of detection info included as well.

github.com/captainGeech...

today i used a debugger so bad that you have to nop sled it when inserting breakpoints to ensure they get hit in the place you want.

yes i wrote the debugger but thats besides the point

If you want your own IDA sticker, come find me @districtcon.bsky.social ;)

CL0P Ransomware : Latest Attacks - CYFIRMA INTRODUCTION The Cl0p group has been active since early 2019, leveraging vulnerabilities and exploits to encrypt files for ransom. The...

This latest blog from Cyfirma on Cl0p/Cleo exploitation is utter garbage, ignore it.
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...

c plus plus, more like c plus sucks