BlaiseBits
@blaisebits.bsky.social
Hacker streamer dude with a side of shenanigans.
https://twitch.tv/blaisebits
https://twitch.tv/blaisebits
Reposted by BlaiseBits
Think you understand how LLMs work? You might be surprised. 😳
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
A Gentle Crash Course to LLMs - SpecterOps
This is a crash course on the evolution of Machine Learning and modem AI, Large Language Models, and the security implications that come with them.
ghst.ly
October 16, 2025 at 8:22 PM
Think you understand how LLMs work? You might be surprised. 😳
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
Reposted by BlaiseBits
In Part 1 of my Intune Attack Paths series, I discuss the fundamental components and mechanics of Intune that lead to the emergence of attack paths: posts.specterops.io/intune-attac...
Intune Attack Paths — Part 1
Intune is an attractive system for adversaries to target…
posts.specterops.io
January 15, 2025 at 5:33 PM
In Part 1 of my Intune Attack Paths series, I discuss the fundamental components and mechanics of Intune that lead to the emergence of attack paths: posts.specterops.io/intune-attac...
Been working on @dreadnode.bsky.social's Crucible AI CTF and just completed the "What's the flag #6" challenge. Such a fun time! Everyone in chat had a great time providing suggestions.
Hats off to the CTF authors, they did a fantastic job!
www.youtube.com/live/YTZft0L...
Hats off to the CTF authors, they did a fantastic job!
www.youtube.com/live/YTZft0L...
YouTube
Share your videos with friends, family, and the world
www.youtube.com
December 29, 2024 at 12:52 PM
Been working on @dreadnode.bsky.social's Crucible AI CTF and just completed the "What's the flag #6" challenge. Such a fun time! Everyone in chat had a great time providing suggestions.
Hats off to the CTF authors, they did a fantastic job!
www.youtube.com/live/YTZft0L...
Hats off to the CTF authors, they did a fantastic job!
www.youtube.com/live/YTZft0L...
Reposted by BlaiseBits
CVE-2023-34990 🤦♂️🤦♂️
December 18, 2024 at 2:26 PM
CVE-2023-34990 🤦♂️🤦♂️
Die Hard is a Harry Potter prequel about Snape's origin story.
Annual reminder:
Die Hard is about using impossibly limited resources to defend a tower from foreign invaders.
Die Hard is a Hanukkah movie.
Die Hard is about using impossibly limited resources to defend a tower from foreign invaders.
Die Hard is a Hanukkah movie.
December 14, 2024 at 10:48 PM
Die Hard is a Harry Potter prequel about Snape's origin story.
Reposted by BlaiseBits
being a network engineer
December 8, 2024 at 11:57 PM
being a network engineer
They got the goods, then let their newbies come in to get hands-on experience.
Plot twist, experienced operators had a betting pool to see how long till they got detected.
Plot twist, experienced operators had a betting pool to see how long till they got detected.
This threat actor remained in an environment for months without detection and then they decide to kerberoast and psexec? 🤔
U.S. org suffered four month intrusion by Chinese hackers
A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024.
www.bleepingcomputer.com
December 9, 2024 at 7:54 PM
They got the goods, then let their newbies come in to get hands-on experience.
Plot twist, experienced operators had a betting pool to see how long till they got detected.
Plot twist, experienced operators had a betting pool to see how long till they got detected.
Reposted by BlaiseBits
Using the EDR against itself.
December 8, 2024 at 5:21 AM
Using the EDR against itself.
Not to besmirch training courses, but you CAN find the information on blogs all over the Internet.
The main benefit to a training course is the organization of the material and the order of presentation.
Trying to learn a subject without a dependency order is way harder.
The main benefit to a training course is the organization of the material and the order of presentation.
Trying to learn a subject without a dependency order is way harder.
December 3, 2024 at 3:34 PM
Not to besmirch training courses, but you CAN find the information on blogs all over the Internet.
The main benefit to a training course is the organization of the material and the order of presentation.
Trying to learn a subject without a dependency order is way harder.
The main benefit to a training course is the organization of the material and the order of presentation.
Trying to learn a subject without a dependency order is way harder.
This is pretty sick, and if you have a dedicated cracking rig def worth a try, especially if your pentest is unauthenticated.
The chances of cracking a machine account are exceptionally low, maybe 1%, so I wouldn't fire this off in AWS cracking.
The chances of cracking a machine account are exceptionally low, maybe 1%, so I wouldn't fire this off in AWS cracking.
NetExec has a new Module: Timeroast🔥
In AD environments, the DC hashes NTP responses with the computer account NT hash. That means that you can request and brute force all computer accounts in a domain from an UNAUTHENTICATED perspective!
Implemented by Disgame
1/3🧵
In AD environments, the DC hashes NTP responses with the computer account NT hash. That means that you can request and brute force all computer accounts in a domain from an UNAUTHENTICATED perspective!
Implemented by Disgame
1/3🧵
December 3, 2024 at 1:59 PM
This is pretty sick, and if you have a dedicated cracking rig def worth a try, especially if your pentest is unauthenticated.
The chances of cracking a machine account are exceptionally low, maybe 1%, so I wouldn't fire this off in AWS cracking.
The chances of cracking a machine account are exceptionally low, maybe 1%, so I wouldn't fire this off in AWS cracking.
Reposted by BlaiseBits
Today, I'm thankful I was turned down from my dream job last year.
I was crushed and honestly pretty pissed, so I decided to work even harder and learn as much as possible about red teaming. Big shout out to @rastamouse.me for his material at Zero Point Security.
I was crushed and honestly pretty pissed, so I decided to work even harder and learn as much as possible about red teaming. Big shout out to @rastamouse.me for his material at Zero Point Security.
November 28, 2024 at 10:39 PM
Today, I'm thankful I was turned down from my dream job last year.
I was crushed and honestly pretty pissed, so I decided to work even harder and learn as much as possible about red teaming. Big shout out to @rastamouse.me for his material at Zero Point Security.
I was crushed and honestly pretty pissed, so I decided to work even harder and learn as much as possible about red teaming. Big shout out to @rastamouse.me for his material at Zero Point Security.