Dan Amodio

New blog post outlining a fun phishing technique to look out for! https://t.co/HosbhKB7WF

Want to be part of a great security team and do security research full-time? We've got just the role! Tinder is looking for an experienced researcher to go deep and find new bugs. Learn more about it here! https://t.co/uOD8CYMCtS

Forgot I pushed my AWS asset collection script a while ago. I know there are others.. no attempt to overshadow those. It can attempt to enumerate and assume role into all organization accounts to grab external facing stuff. https://t.co/Xc8yrjnCBe

"Social engineering attacks" are out of scope.

Change screen to 1024x768.. RPi4 no longer connects to 2G WiFi.... 5G is fine... WHAT!?

We are growing again. Looking for a Sr Pentester/Red Teamer to join the team! Challenging projects and a killer team. [email protected] or DM us.

Run every repo from a GitHub user through truffleHog to find leaked keys: curl https://t.co/e8rlaMNdHE<username>/repos?per_page=1000 | jq '.[].html_url' | xargs -I{} sh -c 'echo {} && truffleHog --entropy false {}' | tee output.txt

And it does still pop up and ask you to authenticate. It’s like they wrote their own sudo tool. I don’t want people to get confused and think this is worse than it is. Just a really weird observation and questionable dev choice lol.

Just to be clear everyone I didn’t prove this as an actual gatekeeper bypass but it’s just a really weird bad sketchy practice. Actually delivering this as malware payload would be kinda tricky. Still. It weirds me out.