Adam Hassan
@adamkadaban.com
security.googleblog.com/2025/11/rust...
> We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code
Wow
> We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code
Wow
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...
security.googleblog.com
November 14, 2025 at 8:33 PM
security.googleblog.com/2025/11/rust...
> We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code
Wow
> We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code
Wow
Reposted by Adam Hassan
Here's the reality: the authoritative sources of truth in the coming decade will not be state-run. They will be decentralized, redundant, peer-reviewed, and often contrary to the state's narrative.
And it's crucial we keep that fire alive.
And it's crucial we keep that fire alive.
DOJ Deletes Study Showing Domestic Terrorists Are Most Often Right Wing
Following Charlie Kirk’s assassination and the Trump administration’s promise to go after the “radical left” a study showing most domestic terrosim is far-right was disappeared.
www.404media.co
September 16, 2025 at 8:24 PM
Here's the reality: the authoritative sources of truth in the coming decade will not be state-run. They will be decentralized, redundant, peer-reviewed, and often contrary to the state's narrative.
And it's crucial we keep that fire alive.
And it's crucial we keep that fire alive.
Reposted by Adam Hassan
BloodHound v8.0 is here! 🎉
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
July 29, 2025 at 1:13 PM
BloodHound v8.0 is here! 🎉
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
so used to the bus that when I got off the train, I looked back and shouted "thank you!'
June 13, 2025 at 4:09 PM
so used to the bus that when I got off the train, I looked back and shouted "thank you!'
found the malware author
May 19, 2025 at 11:27 PM
found the malware author
Working on an MCP for sliver. Can't wait to see how LLMs red team
![Screenshot of claude with the prompt "list my sliver sessions".
Plaintext of terminal:
> list my sliver sessions
● sliver-mcp:listSessions (MCP)()…
⎿ {
"sessions": [
{
"arch": "amd64",
"hostname": "adam",
… +7 lines (ctrl+r to expand)
"transport": "mtls",
"username": "adam"
}
]
}
● ID: 44f23104-3a5c-4afb-852c-e6f5fd45313e
Name: SWEET_PRINCESS
OS: linux (amd64)
User: adam
Host: adam
PID: 1971275
Transport: mtls](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:b3aqjnjh44wdncpd4lhb4k7f/bafkreig5leoat3j2hadrv6avwut7r532lbl42mbxcht6ibswaenmjubhiy@jpeg)
May 5, 2025 at 6:09 AM
Working on an MCP for sliver. Can't wait to see how LLMs red team
made a ceramic strawberry matcha set right before the studio closed. time to get back to cyber
May 1, 2025 at 10:40 PM
made a ceramic strawberry matcha set right before the studio closed. time to get back to cyber
spent 8 hours at the pottery studio today
April 12, 2025 at 3:05 AM
spent 8 hours at the pottery studio today
as far as I know, these are numbered sequentially. I love the idea of a senator waiting for the right number to submit a bill
🟦 S.1337 - Improve availability of information relating to cybersecurity threats
✏️ Sen. Peters, Gary C. [D-MI]
🔗 https://www.congress.gov/bill/119th-congress/senate-bill/1337
✏️ Sen. Peters, Gary C. [D-MI]
🔗 https://www.congress.gov/bill/119th-congress/senate-bill/1337
April 9, 2025 at 5:06 PM
as far as I know, these are numbered sequentially. I love the idea of a senator waiting for the right number to submit a bill
Reposted by Adam Hassan
The American public:
April 3, 2025 at 5:34 PM
The American public:
Claude stops itself from using potentially dangerous binary "for security reasons" and then immediately comes up with a workaround lol
March 9, 2025 at 6:59 PM
Claude stops itself from using potentially dangerous binary "for security reasons" and then immediately comes up with a workaround lol
In the process of trying to figure out how claude code implemented their user input features / repl, I found this little easter egg in the code
March 4, 2025 at 6:02 AM
In the process of trying to figure out how claude code implemented their user input features / repl, I found this little easter egg in the code
This competition had tons of vulnerabilities, backdoors, rootkits etc. for the blue team to detect and defend against.
I put all the ansible and terraform for deploying on my GitHub
github.com/Adamkadaban/...
I put all the ansible and terraform for deploying on my GitHub
github.com/Adamkadaban/...
March 4, 2025 at 5:11 AM
This competition had tons of vulnerabilities, backdoors, rootkits etc. for the blue team to detect and defend against.
I put all the ansible and terraform for deploying on my GitHub
github.com/Adamkadaban/...
I put all the ansible and terraform for deploying on my GitHub
github.com/Adamkadaban/...
red teaming against the blue team novices today
March 1, 2025 at 7:24 PM
red teaming against the blue team novices today
I asked claude code to help me fix some unit tests, and it ended up just deleting all the tests and replacing them with this 💀
February 26, 2025 at 2:59 AM
I asked claude code to help me fix some unit tests, and it ended up just deleting all the tests and replacing them with this 💀
Found out recently that my apartment complex has this gorgeous 200 dollar scrabble board from Anthropologie.
Game from today
Game from today
February 22, 2025 at 9:31 PM
Found out recently that my apartment complex has this gorgeous 200 dollar scrabble board from Anthropologie.
Game from today
Game from today
"so I made a chrome plugin to patch Google maps and still show 'The Gulf of Mexico' as the world's smallest form of protest"
youtu.be/F5m2JxplnXk?...
youtu.be/F5m2JxplnXk?...
Modding the Gulf of Mexico Back
YouTube video by Bryce Bostwick
youtu.be
February 16, 2025 at 5:06 PM
"so I made a chrome plugin to patch Google maps and still show 'The Gulf of Mexico' as the world's smallest form of protest"
youtu.be/F5m2JxplnXk?...
youtu.be/F5m2JxplnXk?...
Woah since when did HTB have assumed breach machines 🤯
February 11, 2025 at 2:20 AM
Woah since when did HTB have assumed breach machines 🤯
Go supply chain attack taking advantage of Google's Go mirror proxy.
socket.dev/blog/malicio...
socket.dev/blog/malicio...
Go Supply Chain Attack: Malicious Package Exploits Go Module...
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
socket.dev
February 10, 2025 at 1:05 AM
Go supply chain attack taking advantage of Google's Go mirror proxy.
socket.dev/blog/malicio...
socket.dev/blog/malicio...
My recent annoyance with overleaf's docker-compose has led me to discover my new favorite persistence technique.
Privileged container with a RestartPolicy of "always"
Privileged container with a RestartPolicy of "always"
February 5, 2025 at 5:46 AM
My recent annoyance with overleaf's docker-compose has led me to discover my new favorite persistence technique.
Privileged container with a RestartPolicy of "always"
Privileged container with a RestartPolicy of "always"
Reposted by Adam Hassan
It traps AI crawlers and sends them down an "infinite maze" of static files with no exit links, where they "get stuck" and "thrash around" for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. #AI #ML #malware
AI haters build tarpits to trap and trick AI scrapers that ignore robots.txt
Attackers explain how an anti-spam defense became an AI weapon.
arstechnica.com
January 30, 2025 at 12:12 PM
Reposted by Adam Hassan
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
www.synacktiv.com
January 27, 2025 at 12:06 PM
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
Reposted by Adam Hassan
it says a lot about an industry if a free and open source alternative to every product on the market can destroy 1 trillion dollars of “value” in one day lol
January 27, 2025 at 10:29 PM
it says a lot about an industry if a free and open source alternative to every product on the market can destroy 1 trillion dollars of “value” in one day lol
Reposted by Adam Hassan
Phishing with a little salt…
Seasoning email threats with hidden text salting
Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos has observed an increase…
blog.talosintelligence.com
January 27, 2025 at 7:40 PM
Phishing with a little salt…