Aloïs Thévenot

I arbitrarily picked a list of 50 talks I'm most excited about that are happening next week at DEF CON / Black Hat / BSides LV / The Diana Initiative.

I'll also add recordings/slides to this list when they become available!

Tradecraft Garden: Tilling the Soil Today, I’m releasing another update to the various Tradecraft Garden projects. This update is a dose of Future C2 and some cool updates to the Crystal Palace tech. Here’s the latest: Code Mutation …

Tradecraft Garden: Tilling the Soil

aff-wg.org/2025/07/09/t...

Some updates to... the Tradecraft Garden and Crystal Palace. Info in the 🧵 below:

These sheets aim to assist SOC analysts in detecting and investigating #AitM #phishing compromises by offering context, technical details, infrastructure overview, detection opportunities, and more.

All are available in the PDF report and our Community GitHub.

In April 2025, we received leaked information about Google taking steps to strip down the Android Open Source Project. We were told the first step would be removal of device support with the launch of Android 16. We didn't get details or confirmation so we didn't prepare early.

This is one heck of a thread. Everyone should read it.

Want to learn pivoting this weekend? The 🏟️Ludus community created a Pivot Lab with 11 different pivoting tools! Check it out: docs.ludus.cloud/docs/environ...

Defenders have platforms like VirusTotal, but offense lacks a similarly tailored tool. Enter: Nemesis 2.0.

Join @tifkin.bsky.social & @harmj0y.bsky.social at #x33fcon as they showcase the offensive file analysis platform that replaces disjointed tools w/ streamlined automation. ghst.ly/x33fcon25

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓

YouTube video by Underscore_ Le hacker “éthique” qui a berné tous les médias français (Florent Curtet)

Florent curtet le hacker "éthique" qui a berné tous les médias français

youtube.com/watch?v=mjxY...

Out of Band Update: Cobalt Strike 4.11.1 | Cobalt Strike 4.11.1 fixes a module stomping issue. Additionally, an "enable SSL" checkbox and deprecation warning for stomp loader have been added.

Cobalt Strike 4.11.1 is live--this out of band release addresses and issue with module stomping. Additionally, an "enable SSL" checkbox and deprecation warning for stomp loader have been added. Get more details in the blog:
www.cobaltstrike.com/blog/out-of-...

A whistleblower's disclosure details how DOGE may have taken sensitive labor data A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

ICYMI: A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords

Media's coverage wasn't detailed enough so I dug into his testimony:

Are you a Burp Repeater power user? The latest release introduces a new feature called 'Custom actions'. With these you can quickly build your own repeater features. Here's a few samples I made for you:

Attention!

Check your Compromised Website Report for critical events tagged “fortinet-compromised” and follow Fortinet's mitigation advice on compromised devices:

fortinet.com/blog/psirt-b...

Data available from 2025-04-11+

shadowserver.org/what-we-do/n...

A screenshot of code from BoringSSL's certificate validation function.

Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida.

sensepost.com/blog/2025/in...

Je ne sais pas trop comment en parler tellement c'est insignifiant par rapport à ce que d'autres vivent .
Ces derniers jours j'étais à Odessa, Ukraine, une ville romantique de bord de mer.

CVE Foundation FOR IMMEDIATE RELEASE April 16, 2025 CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term ...

A "CVE Foundation" was created (it's on Blueksy, cf @cvefoundation.bsky.social), let's see how it goes

www.thecvefoundation.org

Mastering Mythic doesn't have to be complicated. 😵‍💫

Check out our operator-focused video series w/ @its-a-feature.bsky.social, which cuts through the noise & delivers exactly what you need to customize & leverage Mythic effectively.

👀: ghst.ly/mythic-op

BREAKING.

From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

Another undercover FBI investigation related to cryptocurrency 💰

ICYMI: We recently introduced NTLM relay edges into BloodHound.

Elad Shamir unpacks everything you need to know about NTLM & how the new edges help make identifying and visualizing these attack paths remarkably simple. ghst.ly/4lv3E31

Post-ex Weaponization: An Oral History

aff-wg.org/2025/04/10/p...

A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).

Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.

Think NTLM relay is a solved problem? Think again.

Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

The event "Skipping brute force of JWT token as maximum time exceeded" appears in Burp Suite event logger. Cuase: WT tokens use a signature to validate their contents. In some cases, Burp Scanner will attempt to brute-force this signature in order to compromise the token. This error has been caused by Burp Scanner running out of time during the brute-forcing process. Remedy: To increase the amount of time that Burp Scanner spends brute-forcing JWT token signatures, from the Audit Optimization menu, set Audit speed to Thorough.

I strongly recommend to use "Audit speed = Thorough" when scanning. Here's one of the reasons...

Just submitted to the CFP! I'm super happy with how the research played out this year, literally got too much quality technical content for the 45-minute timeslot

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog

Hot off the press is a new blog detailing our observations from in the wild exploitation of CVE-2025-22457 by UNC5221 including two newly observed malware families tracked as BRUSHFIRE and TRAILBLAZE.

cloud.google.com/blog/topics/...

Not leaking any teasers, other than to say that @albinowax.bsky.social’s research for Black Hat USA is absolutely world class, probably his most impactful yet. Prepare to hear a LOT of talk about this in August.

Le Pen, Sarkozy : il n’y a pas de « République des juges », mais des juges de la République Le jugement Le Pen et les réquisitions du procès Sarkozy-Kadhafi ont en commun d’avoir libéré en quelques jours la parole déchaînée d’un populisme contre l’État de droit. En creux pointe un profond d…

Le Pen, Sarkozy : il n’y a pas de « République des juges », mais des juges de la République

Le parti pris de @fabricearfi.bsky.social
www.mediapart.fr/journal/fran...

Interesting to see secret leaks in git still one the biggest threats in SDLC.
github.blog/security/app...

Le guide de l'homologation de sécurité des systèmes d'information

📚 En ce 1er jour du #ForumInCyber, l'ANSSI et la DINUM publient le guide de l'homologation de sécurité des #SI.

Ce nouveau guide apporte des réponses claires et pragmatiques pour simplifier et accélérer la démarche d'homologation.

🔗 cyber.gouv.fr/publications...