It's always been a dream of mine to write tooling focused on living in a Virtual Machine on target, but Virtual Machines are almost never running on targets.
Claude Cowork changes that!
https://t.co/t1WtfqNMt3
Just open-sourced CredSpy
Couldn't find any tools that allowed unauthenticated enumeration of auth methods for @Microsoft accounts, so I created it.
Shows whether target accounts use Passkeys, certificate auth, passwordless push, etc...
Find it here: https://t.co/BZ7XfHi5KW
I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy!
https://t.co/a1rGl3wss8
Recently I found an exposed default Sonatype Nexus Repository instance that was vulnerable to CVE-2026-3199. LLM performed a patch diff and found the four line fix within a squashed commit that had 52,000 lines changed - full RCE in under 2 hours. Blog:
https://t.co/hHVUna7wIR
Did some research with the Armadin team on SolarWinds Observability - TL;DR two stored XSS vulnerabilities, and several passback and relay attacks. Check it out:
https://t.co/HuFm4la8uo
PSA: for security, put your AI agent in a water-tight sandbox, such as a dedicated VM. Once this is done, you can maximize productivity by giving it your credit card number, email credentials, the ability to write and run arbitrary code, and unconstrained access to the internet
State of security in Kali integrating AI ( https://t.co/LNwQDxYcpE ): arguments are interpolated in a single command string, not escaped, so whatever the AI passes, including potential vectors for command injection, is executed. With pipes, &, ; and all that stuff like it's 1998. 🚀
Vibed up a quick tool to visualize and stack significant red/blue events that occurred during an assessment. Have always liked including a high-level visual like this in debriefs but made them by hand in the past using something like draw[.]io