Tuan Tr.

Instead of watching Netflix tonight. Spend a day mastering Claude here: https://t.co/Vn60ElPZ2i → Level 1 - 24 min: The basics. Claude For Dummies: https://t.co/HNa5MrCLVU Claude Setup: https://t.co/jw2qdIcjnh → Level 2 - 1 hour: Real workflows. Claude Cowork: https://t.co/uWTpOI3Woc Claude for teams: https://t.co/qxlcqhf8bM Claude Design: https://t.co/ZY8Fg5D2ea Cowork + Projects: https://t.co/Q7AN9CZAbO Claude for slides: https://t.co/L0bPMgXci6 Claude Skills: https://t.co/6cHYYfjXEA → Level 3 - 3.5 hours: The pro moves. Avoid sycophancy: https://t.co/5i8xSJBGUl Claude Code: https://t.co/UgE9xBXVbE Claude 101: https://t.co/OvBmlvnVqL Stop hitting Claude limits: https://t.co/j5fEzSH5br Stop Prompting: https://t.co/j1LATSJiat → Level 4 - 8 hours: Expert mode. Claude Computer: https://t.co/TxYuHPjgbV Build with Claude API: https://t.co/RcCbfNjlzz Pro tip: Don't binge it. Do one level per sitting. Actually apply each guide before moving to the next

If you're using AI for bug bounty, you already know the two killers: context window limits and compaction amnesia. I use 6 lifecycle hooks for my mastermind-ai setup that act as checks and balances — injecting hunt state on session start, gating findings that lack proven impact, catching agents that surrender too early, and serialising everything to pick up exactly where the last session left off. The result: more agents running autonomously for longer, finding higher severity bugs. Cool interactive explanation of all 6 hooks here - https://t.co/QLgt4GYsvu

🚨 New APT37 Campaign Shows That Air-Gapped Systems Aren’t Untouchable https://t.co/lBiNN71ZEU North Korean group APT37 is running a new campaign, “Ruby Jumper,” built to reach air-gapped systems. The infection chain starts with a malicious LNK file and moves through custom loaders, using USB drives to bridge isolated machines. For teams relying on physical isolation, this is a reminder to revisit removable media controls and endpoint monitoring. #ThreatIntelligence #CyberSecurity #APT37

If you have Active Directory Certificate Services (ADCS) in your environment, run Locksmith now! In Active Directory Security Assessments, we have found critical security issues in *most* ADCS configurations. The great thing about Locksmith is that it doesn't just highlight the security issues in your ADCS environment, but also provides the command to remediate it! If you're a pentester/red teamer, Locksmith is great for you to provide remediation recommendations to your customers. https://t.co/vvtBeeMLuR #ActiveDirectorySecurityTip

🚨 CVE‑2026‑20965: Azure Identity Token Flaw Enables Tenant‑Wide Compromise via Windows Admin Center Cymulate Research Labs has disclosed a high‑severity vulnerability in the Azure AD Single Sign‑On (SSO) integration of Windows Admin Center (WAC). The flaw allows an attacker with local administrator rights on a single machine to escalate privileges, execute remote code, and move laterally across all Azure VMs and Arc‑connected systems within the same tenant—even without valid Azure credentials. Any Azure VM or Arc‑joined machine running an unpatched Windows Admin Center Azure Extension below version 0.70.00 is exposed. Since version 0.69.0.0 was only released in January 2026, this effectively means all deployments with the WAC Azure extension are at risk unless updated. For defenders, the critical questions now are: What is the blast radius, and which internet‑facing Azure or Arc‑connected VMs are running the vulnerable WAC Azure extension? These systems could provide attackers with a foothold for remote code execution and lateral movement across the tenant. The below Defender XDR advance hunting KQL query that helps security teams quickly identify Azure and Arc‑joined VMs running the WAC Azure extension so they can prioritize patching and containment.🫡 #Cybersecurity #WACAzureExtension #RCE #DefenderXDR

MalwareBytes has an local database on the machine. It is a SQLite database. It contains settings for various properties such as licensing, malware identified, and known-good and known-bad lists. This is standard anti-malware stuff. The database with "ThankYouForChoosingMalwarebytes" is the less interesting database, as it mostly contains settings (this can still be abused though). Regardless, MalwareBytes does a couple of things with this SQLite stuff MalwareBytes establishes a kernel-mode minifilter (mbam.sys). They setup minifilter callback routines to handle events on the system for process creation, process loading, and registry modification (Image 1) In other words, MalwareBytes is notified immediately when a process is created or an executable image is loaded. When a process is created or an executable image is loaded, MalwareBytes has special functionality to temporarily "pause" execution so it can review it. However, this "pause" happens faster than you or I can blink. Computers are fast. The mbam.sys creates an internal record of all processes running. When a new process is loaded it is added to this internal record. When a program is closed, it is removed from the record. It does this so it doesn't accidentally review or "pause" the same process twice. When a program is added to this list, the kernel-mode component communicates with the user-mode component that then signals and connects to a local SQLite database. The SQLite database then does a lookup to determine if the process "paused" is known or unknown (Image 2) However, it should be noted, Image 2 is not the important SQLite instance I am looking for. This is something else MalwareBytes uses (and communicates to with kernel-mode components). The point still stands. If it is known, it communicates back to the kernel-mode component that is it known. If it known, and known to be malicious, MalwareBytes takes action on the program attempting to run and immediately stops execution. If it is known to be good, MalwareBytes marks it internally as "seen" and keeps it in it's internal record. Image 3 is from the internal database they use. It's fairly large and is mostly settings. I still haven't find where the really nice, big, and important dataset they use is. It requires more poking and more sticks.