nodauf

‼️ The alienation continues: more security researchers are sticking up the middle finger after feeling squeezed by Microsoft and GitHub. MSRC emailed Black Hat USA 2026 presenters asking which MSRC cases, VULN-IDs, or CVEs their talks would cover. GitHub told a researcher to delete his public PoC repos and flagged his accounts under ToS.

Tools like Snaffler are great, but crawling SMB shares creates a telemetry nightmare. You instantly light up the SIEM with : - 5140 / 5145 (Network Share Access) - 4656 / 4663 (Object & File Access) So I built Invoke-WindowsSearch to query the native Windows Search DB (OLE DB) directly via WinRM/RPC, It extracts the targets without touching the actual files, completely bypassing the 4663 and 5145 detection footprint. Trade-offs: Requires the WSearch service (disabled by default on Server OS) and lacks complex regex capabilities. Know your environment before execution. #RedTeam #ActiveDirectory #OPSEC #ThreatHunting #PowerShell

I spent the last weeks building LLM benchmarks for a very specific reason: We want to use AI in RuneAI to help with THOR finding triage, and I needed a better baseline for model selection than generic LLM leaderboards. Security-event triage is its own thing. A model can be great at coding, reasoning or vulnerability writeups and still be a bad fit for deciding whether a messy endpoint finding should be suppressed, reviewed or escalated. In real deployments this will likely happen inside agentic workflows with tools, memory, context handling and feedback loops. But before testing the whole system, I wanted a clean baseline: How does the model behave when it only gets the enriched finding itself? Blog post with the reasoning and methodology: https://t.co/KQPOPDWP1B Interactive benchmark results: https://t.co/pvVhTBJsz0 Repo: https://t.co/Fw3uW9nu2a Maybe useful for others building SOC / security-event triage benchmarks.

El web scraping acaba de cambiar de nivel Scrapling evita los bloqueos de Cloudflare, es 774 veces más rápido que BeautifulSoup y no necesita configuración de proxies 52.2k estrellas en GitHub No es otro scraper más Es un framework adaptativo que aprende la estructura de cada web y se ajusta automáticamente cuando cambia Sin mantenimiento manual. Sin que te bloqueen. ✅ Bypassa Cloudflare y los anti-bots más agresivos ✅ 774x más rápido que BeautifulSoup en benchmarks reales ✅ Sin necesidad de proxies ni configuración especial ✅ Se adapta automáticamente cuando cambia la estructura de la web ✅ Compatible con agentes de IA como servidor MCP ✅ Soporte para JavaScript, iframes y contenido dinámico ✅ Modo stealth para webs con detección avanzada ✅ 46 releases. Actualizado la semana pasada. ✅ Licencia BSD-3 Lo que antes tardabas días en montar y mantener ahora son minutos 52.2k estrellas. 5k forks. BSD-3. repo aquí 👇

My Windows reverse engineering and exploit research workflow has been: 1. Pick a binary to research like tcpip.sys 2. Use https://t.co/fOxBB6tEsN to automate seeing existing binary versions, download, and generate diffs from them 3. Load the resulting .binexport's and .bindiff into an LLM and ask it to analyze 4. Look up the build number of previous Windows version that old binary existed in from https://t.co/U788ndiJbj such as 26100.8328 and create a VM from it 5. Write code and test, working backwards from LLM analysis