Alex Hernandez
LightNews LightNews
banner
alt3kx.bsky.social
Alex Hernandez
@alt3kx.bsky.social
27 followers 98 following 1 posts
Red Teamer | PentTester | Bug Bounty | 0day guy! | Researcher | Lone Wolf...l opinions expressed are mine

🇪🇺 🏴‍☠️ 🔗 https://alt3kx.github.io/
Posts Replies Media Videos
Reposted by Alex Hernandez
catc0n.bsky.social
Some great stuff this week!
metasploit-r7.bsky.social Metasploit @metasploit-r7.bsky.social · Feb 21
New in #Metasploit this week: RCE exploits for InvokeAI and BeyondTrust + PostgreSQL, OSVDB search functionality in msfconsole, and new support for PPC, MIPS, and ARM architectures in Metasploit's fetch payloads to allow for better targeting of embedded systems 🐚 www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 02/21/2025 | Rapid7 Blog
www.rapid7.com
February 22, 2025 at 1:46 AM
Reposted by Alex Hernandez
metasploit-r7.bsky.social
Root cause analysis of Sitecore XM + XP remote code execution CVE-2025-27218 via @rapid7.com's pen testing team attackerkb.com/assessments/...
machang-r7's assessment of CVE-2025-27218 | AttackerKB
On January 6, 2025, Sitecore published a security bulletin, SC2024-002-624693 , for a critical unauthenticated remote code execution (RCE) vulnerability affect…
attackerkb.com
March 5, 2025 at 11:05 PM
Reposted by Alex Hernandez
alexplaskett.bsky.social
Ok well guess I’m over on here now too. Where’s infosec at?
November 24, 2024 at 8:19 AM
Reposted by Alex Hernandez
jameskettle.com
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!

go.bsky.app/GD7hKPX
Bug bounty hunters & content creators
Join the conversation
go.bsky.app
November 23, 2024 at 4:21 PM
Reposted by Alex Hernandez
shadowserver.bsky.social
We see CVE-2024-0012 exploitation attempts since Nov 18th. We are now also observing CVE-2024-9474.
IoCs: unit42.paloaltonetworks.com/cve-2024-001...

Check for signs of compromise and patch:
security.paloaltonetworks.com/CVE-2024-0012
security.paloaltonetworks.com/CVE-2024-9474
November 19, 2024 at 2:26 PM
Reposted by Alex Hernandez
catc0n.bsky.social
New platform, must inaugurate with a hiring post. Rapid7's vulnerability research team is expanding! Come join us if you wanna analyze (or find) some Hot Vulns™, write some exploits, and occasionally reverse engineer attacks our MDR/IR folks see. Remote UK: careers.rapid7.com/jobs/senior-...
Senior Security Researcher - United Kingdom
Rapid7's vulnerability and exploit research team does industry-leading attack research that prioritizes and uncovers risk for organizations worldwide. We’re looking for an experienced vulnerability re...
careers.rapid7.com
November 22, 2024 at 2:40 AM
Reposted by Alex Hernandez
sirdarckcat.bsky.social
blog.wokwi.com/running-gdb-... is pretty cool!
Running GDB in the Browser
GDB inside a Linux in a x86 Virtual Machine using Web Assembly running in the browser. Crazy?
blog.wokwi.com
November 21, 2024 at 6:17 PM
Reposted by Alex Hernandez
metasploit-r7.bsky.social
Roses are red, the sky is blue —
This week's #Metasploit wrap-up has Windows secrets dump improvements (and a JetBrains TeamCity login scanner, too!)

We're bad at poetry but good at shells. Check out the latest. www.rapid7.com/blog/post/20...
Metasploit Weekly Wrap-Up 11/22/2024 | Rapid7 Blog
www.rapid7.com
November 22, 2024 at 9:01 PM
Reposted by Alex Hernandez
miki.it
Happy to publish the effort of my last five years: Security Signals.

research.google/pubs/securit...
Security Signals: Making Web Security Posture Measurable At Scale
research.google
November 17, 2024 at 1:02 PM
alt3kx.bsky.social
yep !
November 21, 2024 at 8:27 AM