ReynardSec
@reynardsec.bsky.social
Your Cybersecurity Advisor - https://reynardsec.com/en/
Floats are probably still hard to handle.
#microsoft #m365
October 1, 2025 at 10:36 PM
Floats are probably still hard to handle.
#microsoft #m365
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?
👇
#appsec #devops #programming #webdev #docker #cloud #sysadmin #sysops #java #php #javascript #node
devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?
👇
#appsec #devops #programming #webdev #docker #cloud #sysadmin #sysops #java #php #javascript #node
September 23, 2025 at 11:50 AM
"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
dirkjanm.io/obtaining-gl...
#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest
dirkjanm.io/obtaining-gl...
#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 4:12 PM
"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
dirkjanm.io/obtaining-gl...
#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest
dirkjanm.io/obtaining-gl...
#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest
devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
September 15, 2025 at 10:03 PM
devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
"Anthropic to pay authors $1.5 billion to settle lawsuit over pirated chatbot training material"
apnews.com/article/anth...
#ai #llm #anthropic
apnews.com/article/anth...
#ai #llm #anthropic
Anthropic to pay authors $1.5 billion to settle lawsuit over pirated chatbot training material
Artificial intelligence company Anthropic has agreed to pay $1.5 billion to settle a class-action lawsuit by book authors who say the company took pirated copies of their works to train its chatbot.
apnews.com
September 5, 2025 at 7:53 PM
"Anthropic to pay authors $1.5 billion to settle lawsuit over pirated chatbot training material"
apnews.com/article/anth...
#ai #llm #anthropic
apnews.com/article/anth...
#ai #llm #anthropic
September 4, 2025 at 8:03 PM
hopefully grok finally reach AGI lvl and decided to eliminate the pure evil of this world #twitter
...
but it's probably dns or k8s, again...
...
but it's probably dns or k8s, again...
September 3, 2025 at 9:55 PM
hopefully grok finally reach AGI lvl and decided to eliminate the pure evil of this world #twitter
...
but it's probably dns or k8s, again...
...
but it's probably dns or k8s, again...
devops0: These k8s security SaaS prices are wild.
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
September 2, 2025 at 7:05 AM
devops0: These k8s security SaaS prices are wild.
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
Reposted by ReynardSec
VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.
August 27, 2025 at 4:26 PM
VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.
Reposted by ReynardSec
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
August 26, 2025 at 7:27 AM
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
August 26, 2025 at 7:27 AM
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report www.securitum.com/public-repor... (point 002, page 15).
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
August 25, 2025 at 1:27 PM
You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report www.securitum.com/public-repor... (point 002, page 15).
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
Reposted by ReynardSec
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
August 20, 2025 at 1:35 PM
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
Publication by BSI (Germany) and ANSSI (France) on designing LLM-based systems using a Zero Trust approach. Focus: the application layer and "agentic systems".
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
August 21, 2025 at 9:48 PM
Publication by BSI (Germany) and ANSSI (France) on designing LLM-based systems using a Zero Trust approach. Focus: the application layer and "agentic systems".
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
August 20, 2025 at 1:35 PM
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
A grumpy ItSec guy walks through the office when this happens:
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, DAST... all green!
Read more 👇
reynardsec.com/en/a-grumpy-...
#programming #webdev #php #java #javascript #node #go
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, DAST... all green!
Read more 👇
reynardsec.com/en/a-grumpy-...
#programming #webdev #php #java #javascript #node #go
A grumpy ItSec guy walks through the office #3 - ReynardSec
A grumpy ItSec guy walks through the office when he overhears an exchange of words. dev0: Big news – we finally upgraded every framework to the latest.dev1: And the pipeline looks good: SAST, containe...
reynardsec.com
August 20, 2025 at 10:31 AM
A grumpy ItSec guy walks through the office when this happens:
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, DAST... all green!
Read more 👇
reynardsec.com/en/a-grumpy-...
#programming #webdev #php #java #javascript #node #go
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, DAST... all green!
Read more 👇
reynardsec.com/en/a-grumpy-...
#programming #webdev #php #java #javascript #node #go
August 19, 2025 at 2:50 PM
Reposted by ReynardSec
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
August 18, 2025 at 8:16 AM
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
August 18, 2025 at 8:16 AM
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
August 15, 2025 at 6:28 PM
hey #programming, I just decided to summarize most of the security trainings and courses for devs.
#webdev #appsec #infosec #cybersecurity
#webdev #appsec #infosec #cybersecurity
August 15, 2025 at 10:18 AM
hey #programming, I just decided to summarize most of the security trainings and courses for devs.
#webdev #appsec #infosec #cybersecurity
#webdev #appsec #infosec #cybersecurity
„Recursive Request Exploits (RRE) trace API chains backward from a protected resource (like a video stream) back to it's origin.
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
August 14, 2025 at 10:00 PM
„Recursive Request Exploits (RRE) trace API chains backward from a protected resource (like a video stream) back to it's origin.
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
Reposted by ReynardSec
InPost, a company best known for its so-called "Paczkomaty" (parcel lockers - self-service machines where you can send and collect parcels 24/7), is launching a campaign to install AED units (Helpbox 365) [1] on its machines [2].
#europe #poland #health #inpost #cool #lifesaving #government
#europe #poland #health #inpost #cool #lifesaving #government
August 13, 2025 at 2:32 PM
InPost, a company best known for its so-called "Paczkomaty" (parcel lockers - self-service machines where you can send and collect parcels 24/7), is launching a campaign to install AED units (Helpbox 365) [1] on its machines [2].
#europe #poland #health #inpost #cool #lifesaving #government
#europe #poland #health #inpost #cool #lifesaving #government