Drew @hoodoer
@hoodoer.bsky.social
AppSec pentester type at
TrustedSec.
Beach bum. Super awesome dad.
Coder of weird things.
https://github.com/hoodoer
TrustedSec.
Beach bum. Super awesome dad.
Coder of weird things.
https://github.com/hoodoer
The path to tricking users to trigger this isn't so hard.
Drag a file, leak a hash—Chrome’s quiet secret exposed. In this blog, Princ Sec Consult Drew Kirkpatrick reveals how Chrome’s drag-and-drop API lets web apps initiate complex actions; with some social engineering it can also trigger NTLM hash leaks on Windows via SMB. trustedsec.com/blog/draggin...
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
trustedsec.com
June 13, 2025 at 3:37 PM
The path to tricking users to trigger this isn't so hard.
I use "what's my IP" sites a ton to check my routing, got tired of bloated sites.
Made a simple service for this:
checkip.sh
or
checkip.sh?ip=8.8.8.8
Command line too (-L needed):
curl -L checkip.sh/cli
or for a specific IP instead of your source IP:
curl -L checkip.sh/cli?ip=8.8.8.8
Made a simple service for this:
checkip.sh
or
checkip.sh?ip=8.8.8.8
Command line too (-L needed):
curl -L checkip.sh/cli
or for a specific IP instead of your source IP:
curl -L checkip.sh/cli?ip=8.8.8.8
checkIP.sh
CheckIP.sh
April 29, 2025 at 9:08 PM
I use "what's my IP" sites a ton to check my routing, got tired of bloated sites.
Made a simple service for this:
checkip.sh
or
checkip.sh?ip=8.8.8.8
Command line too (-L needed):
curl -L checkip.sh/cli
or for a specific IP instead of your source IP:
curl -L checkip.sh/cli?ip=8.8.8.8
Made a simple service for this:
checkip.sh
or
checkip.sh?ip=8.8.8.8
Command line too (-L needed):
curl -L checkip.sh/cli
or for a specific IP instead of your source IP:
curl -L checkip.sh/cli?ip=8.8.8.8
Looking forward to showing off the latest features. Hoping to have some fun conversations during the Livestream.
Join us tomorrow for a Discord Livestream with @hoodoer.bsky.social! Drew will be doing a demo of his JS-Tap tool and showing the new updates. Set a reminder for 11am ET/10am CT so you don't miss it!
trustedsec.com/about-us/eve...
trustedsec.com/about-us/eve...
April 23, 2025 at 6:24 PM
Looking forward to showing off the latest features. Hoping to have some fun conversations during the Livestream.
Reposted by Drew @hoodoer
The #eagles are Conowingo at feisty. One eagle catches, 3 more chase and it's fair game to steal food if you can. #birds #eagle #wildlife #photography
April 12, 2025 at 3:14 PM
The #eagles are Conowingo at feisty. One eagle catches, 3 more chase and it's fair game to steal food if you can. #birds #eagle #wildlife #photography
I just pushed my private JS-Tap repo changes over to public for v2.2 release.
Network obfuscation, rendering improvements, reverse filter searching, and client fingerprinting that isn't completely broken now available.
Release notes:
github.com/hoodoer/JS-T...
Repo:
github.com/hoodoer/JS-Tap
Network obfuscation, rendering improvements, reverse filter searching, and client fingerprinting that isn't completely broken now available.
Release notes:
github.com/hoodoer/JS-T...
Repo:
github.com/hoodoer/JS-Tap
v2.2 Release: Network traffic obfuscation, lazy rendering, reverse filter search option, and fingerprinting fixes · hoodoer JS-Tap · Discussion #36
Development has been in a private branch for a little while, but this is the latest code. Network Obfuscation: You now have the option in app settings to turn on traffic obfuscation. If the browser...
github.com
March 26, 2025 at 2:19 PM
I just pushed my private JS-Tap repo changes over to public for v2.2 release.
Network obfuscation, rendering improvements, reverse filter searching, and client fingerprinting that isn't completely broken now available.
Release notes:
github.com/hoodoer/JS-T...
Repo:
github.com/hoodoer/JS-Tap
Network obfuscation, rendering improvements, reverse filter searching, and client fingerprinting that isn't completely broken now available.
Release notes:
github.com/hoodoer/JS-T...
Repo:
github.com/hoodoer/JS-Tap
Waste.Gov – Tracking government waste.Waste.Gov – Tracking government waste.
waste.gov
February 13, 2025 at 12:44 PM
This should be fun, this is a great tool.
Principal Security Consultant @hoodoer.bsky.social will be giving a talk on his JS-Tap tool this week at CactusCon
in Mesa, AZ. His talk will take place at 10:30am on Track 3 so check it out if you'll be there! www.cactuscon.com
in Mesa, AZ. His talk will take place at 10:30am on Track 3 so check it out if you'll be there! www.cactuscon.com
February 10, 2025 at 5:54 PM
This should be fun, this is a great tool.
Reposted by Drew @hoodoer
Senior Security Consultant Whitney Phillips will be speaking at CactusCon next week! Her session "Tips and Tricks to Creating Your First Conference Talk" will take place on Feb 14 at 11am in the Career Village. Stop by our booth too if you'll be there! www.cactuscon.com/cc13-schedule
February 7, 2025 at 9:33 PM
Senior Security Consultant Whitney Phillips will be speaking at CactusCon next week! Her session "Tips and Tricks to Creating Your First Conference Talk" will take place on Feb 14 at 11am in the Career Village. Stop by our booth too if you'll be there! www.cactuscon.com/cc13-schedule
Anyone need a @cactuscon.com ticket? I think I have a spare
February 3, 2025 at 9:21 PM
Anyone need a @cactuscon.com ticket? I think I have a spare
Reposted by Drew @hoodoer
ShmooCon 2025 - YouTube
You can reach me at https://twitter.com/Strong1Wind
youtube.com
January 14, 2025 at 1:06 PM
See all you fabulous nerds at ShmooCon
January 9, 2025 at 2:08 PM
See all you fabulous nerds at ShmooCon
Reposted by Drew @hoodoer
It's that time of year again! We are excited to reveal our top 10 most read blogs of 2024 🥳
trustedsec.com/blog/top-10-...
trustedsec.com/blog/top-10-...
Top 10 Blogs of 2024
trustedsec.com
December 17, 2024 at 5:15 PM
It's that time of year again! We are excited to reveal our top 10 most read blogs of 2024 🥳
trustedsec.com/blog/top-10-...
trustedsec.com/blog/top-10-...
Reposted by Drew @hoodoer
Reposted by Drew @hoodoer
Our Business Email Compromise #webinar is this week! Don't miss your chance to learn the basics of BEC analysis from our experts so you can better protect your M365 environment. Register now! trustedsec.zoom.us/webinar/regi...
December 2, 2024 at 5:16 PM
Our Business Email Compromise #webinar is this week! Don't miss your chance to learn the basics of BEC analysis from our experts so you can better protect your M365 environment. Register now! trustedsec.zoom.us/webinar/regi...
I've never been blue team, but I setup SIEM/XDR in the home lab and I can completely understand falling into an endless chase of increasing visibility into the environment and tweaking on false positives.
Kinda addicting.
Kinda addicting.
November 28, 2024 at 1:36 AM
I've never been blue team, but I setup SIEM/XDR in the home lab and I can completely understand falling into an endless chase of increasing visibility into the environment and tweaking on false positives.
Kinda addicting.
Kinda addicting.
Reposted by Drew @hoodoer
So why does Rob have an ATM in his garage? 🤑 Watch the full hardware hacking episode of Security Noise now! youtu.be/ZJXB8NybMHg
Security Noise Ep 7.6 - Ghost in The Machine: Hardware Hacking w/ Rob Simon
YouTube video by TrustedSec
youtu.be
November 22, 2024 at 4:03 PM
So why does Rob have an ATM in his garage? 🤑 Watch the full hardware hacking episode of Security Noise now! youtu.be/ZJXB8NybMHg
Reposted by Drew @hoodoer
I'm excited to get to share the new offensive features of JS-Tap at @cackalackycon.bsky.social. I'll be doing a lengthy demo of all the new toys and tricks in the afternoon on Friday May 17th, hope to see folks at this fantastic conference.
April 2, 2024 at 7:30 PM
I'm excited to get to share the new offensive features of JS-Tap at @cackalackycon.bsky.social. I'll be doing a lengthy demo of all the new toys and tricks in the afternoon on Friday May 17th, hope to see folks at this fantastic conference.
Terrifying pitbull
October 14, 2023 at 2:53 AM
Terrifying pitbull
I really need to start using this. Who wants to hang out at wild west hacking fest?
October 11, 2023 at 12:25 AM
I really need to start using this. Who wants to hang out at wild west hacking fest?