Zoro

🧬 DLLHijackHunter — Automated DLL Hijacking Discovery & Exploitation Validation Not just detection — real execution proof. • Finds hijack paths (services, tasks, COM, UAC bypass) • Filters false positives (ACL + KnownDLL + API sets) • Canary DLL → confirms actual execution • Scores findings by exploitability From misconfig → confirmed privesc path 🔗 https://t.co/au6AkI8PSW #RedTeam #WindowsSecurity #PrivEsc

What is memory? (part 1): Virtual memory and address spaces https://t.co/bCLTZIdhd3 What is memory? (part 2): The anatomy of a process https://t.co/gDEDEUFp5K What is memory? Part 3: Registers, stacks, and threads https://t.co/nw0zoVBvf8 What is memory? Part 4: Stack allocations, dynamic allocations, and the heap https://t.co/WZY5RKWnQI

I work at Slack. We tell employees their DMs are private. And they are. Mostly. Look, when we say "private" we mean private between you and the person you're messaging. And your admin. And HR. And legal. And whatever compliance tool your company bought. And the export logs. And the backup systems. And anyone with a court order. But other than that, totally private. We're very clear about this in our documentation. Page 47. Section 12. Subsection C. Paragraph 8. The part nobody reads before they trash-talk their manager at 11pm. Here's what employees don't understand. When you delete a message, you're just deleting it from your view. The message still exists. In exports. In backups. In the retention policy. It's like closing your eyes and thinking you're invisible. The data belongs to the company, not you. We say this right in our terms. Workspace owners control everything. They decide how long messages are stored. Sometimes it's 30 days. Sometimes it's forever. Hope you didn't say anything spicy in 2019. Enterprise customers get extra features. Full message exports. Metadata tracking. Who messaged whom. When. How often. Communication patterns. It's for "compliance." It's for "legal needs." It's for "regulatory requirements." It's definitely not for micromanagement. We're very careful to explain that admins can't see messages in real-time. They have to formally request an export. Fill out some forms. Click some buttons. Maybe wait an hour. Very high barrier. Almost impossible to abuse. The key takeaway is simple. Treat Slack like work email. Not like WhatsApp. Not like Signal. Just because it looks like a chat app doesn't mean it works like one. If a message could cause trouble when HR reads it, don't send it. This is empowering employees with knowledge. If you wouldn't say it in the break room with your manager behind you, don't type it in Slack. That's privacy. Informed privacy. Enterprise-grade informed privacy.