New blog post is up looking at how LLMs are making local EDR rulesets, YARA rules, and behavioral detections trivial to extract. This post focuses on how simple the harness can be. Buckle up h4xx0rs, the next few months are gonna get interesting! https://t.co/QvzXsPA01F
Microsoft just moved Purview under the same exec who leads Intune.
What does it mean for Intune admins?
Time to start learning Purview?
@IAMERICAbooted says yes 😀
I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy!
https://t.co/a1rGl3wss8
⚠️ New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
Source: https://t.co/orCWNloJJT
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the Synopsys DWC2 USB controller with a firmware configuration flaw, enabling full application processor boot-chain compromise with no software patch possible due to the immutable nature of BootROM code.
The vulnerability originates in how the DWC2 USB controller handles consecutive USB Setup packets. The controller stores up to three Setup packets in memory before resetting the DMA base address (stored in the DOEPDMA register) to its starting position, functioning like a ring buffer.
#cybersecuritynews
🧙 We built Grimoire: a single search box for every offensive playbook, fully offline.
Type ssrf, kerberoast, jwt, sudo and instantly hit the right page across more than 100 curated sources at once. 🔍⚡
Burp Suite Professional costs 475 dollars a year per seat.
A senior software engineer in Amsterdam built the open source replacement as a side project. He put it on GitHub for free. It has 10,569 stars.
His name is David Stotijn. The software is Hetty.
Here is what Hetty is.
An HTTP toolkit for security research. A machine-in-the-middle proxy that sits between your browser and the target. Every request and every response flows through Hetty. You can read them, search them, intercept them, edit them, replay them, and send them again.
This is the core loop of every web application security test ever performed. Burp Suite charges 475 dollars a year for it. Hetty does the same job for zero.
Here is the feature set.
A machine-in-the-middle HTTP proxy with full logs and advanced search. An HTTP client for manually creating and editing requests, and replaying any request you already proxied. Request and response interception for manual review, with full edit, send, receive, and cancel control. Scope support to keep your work organized to a single target. A web-based admin interface that runs in your browser. Project-based database storage so multiple engagements stay separate. A GraphQL service for programmatic access.
The installer is a single Go binary. Works on macOS, Linux, and Windows. No Java runtime, no enterprise license server, no machine fingerprinting, no telemetry.
Here is the price ladder.
Burp Suite Professional: 475 dollars a year per seat.
Burp Suite Enterprise: thousands per year, contact sales for a quote.
Burp Suite Community Edition: free, but throttled, no scanner, no project save, no intruder rate.
OWASP ZAP: free and open source, now owned by Checkmarx after a 2024 acquisition.
Hetty: zero. Forever. One binary. No account.
A pentester working full time pays Burp 475 dollars a year. A team of 10 pentesters pays 4,750 dollars a year. A bug bounty hunter who finds one vulnerability has already paid for Burp twice over.
Or they download a 30 MB Go binary written by a freelancer in Amsterdam and keep every dollar they earn.
David has not pushed a new commit in 16 months. The last commit was January 13, 2025. That is normal for a tool that is feature-complete. HTTP has not changed. The proxy still proxies. The intercept still intercepts. MIT licensed code does not expire when the maintainer takes a break.
Buy a domain. Find a bug. Cash a bounty.
PortSwigger took a free industry tool and put it behind a 475 dollar paywall. A freelancer in Amsterdam gave it back. On every platform. For zero dollars.
Your proxy. Your binary. Your bounties.
(Link in the comments)
New #redteam tool for blocking EDRs: EDRChoker
Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events
#pentest #cybersecurity
Github: TwoSevenOneT/EDRChoker
Pentesting is easy. Remediation is hard.
There’s plenty of guides and tutorials and heck even automated scripts to “pwn” stuff.
Theres no tutorials for navigating your orgs relationship complexities & getting the org to understand this stuff is important and you need to prioritize getting it fixed
The company that once called Linux a "cancer" is now the one shipping its core tools to Windows users.
Microsoft just shipped GNU coreutils for Windows.
ls. grep. cat. cp. find. The same commands that have powered Unix and Linux systems for over 50 years are now available natively on Windows, maintained by Microsoft itself.
For context: GNU coreutils are the foundational utilities that every Linux and macOS system relies on for basic file operations, text processing, and shell scripting. They are the bedrock of Unix computing. Tens of millions of scripts, pipelines, and workflows run on them every day.
And now Microsoft is shipping and maintaining a build of them for Windows.
This is not WSL. You do not need a Linux subsystem running in the background. These tools run natively on Windows, with the exact same flags and behavior as on Linux. Your existing scripts just work.
Microsoft's goal: make moving between Linux, macOS, WSL, containers, and Windows completely frictionless. Write a script once. Run it anywhere.
The package bundles uutils/coreutils (a modern Rust rewrite of GNU coreutils), findutils, and grep into a single multi-call binary. Every command supports standard flags. Same commands, same pipelines, no translation needed.
The project is still in preview. But the direction is unmistakable.
BREAKING: MICROSOFT JUST ANNOUNCED TO BAN ITS OWN ENGINEERS FROM USING AI DUE TO THE COST OF USING IT.
VP OF NVIDIA SAID, “THE COST OF AI FOR MY TEAM WAS MORE THAN HUMANS”
“AI CAN COST MORE THAN HUMAN WORKERS NOW”
‼️🚨 Microsoft calls this "intended behaviour," so here we go.
How to dump the credentials of every user stored in Microsoft Edge:
1. Open Edge. Don't browse anywhere, just open it.
2. Flip to Task Manager, find Edge, expand the task.
3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump."
4. Open the dump file and look for credentials.
The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking.
Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L
Stop memorizing cloud services.
I tried mapping core cloud services across Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
If you understand one cloud platform well, you already know about 70–80% of the others.
❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design."
All of them. Including credentials for sites you won't open this session.
Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way.
Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them.
In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful.
What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext.
In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running.
Microsoft's official response when notified: "by design."
The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.
Two Anthropic engineers spent 24 minutes exposing every Claude Code feature you didn't know existed.
Most people will scroll past this. Don't be most people.