Soufiane
@s0ufi4n3.bsky.social
Random internet user breaking stuff since 99
Reposted by Soufiane
If you're interested in an example I have >25 years of professional software development experience - I wrote about how I use LLMs to write code in detail here simonwillison.net/2025/Mar/11/...
Here’s how I use LLMs to help me write code
Online discussions about using Large Language Models to help write code inevitably produce comments from developers who’s experiences have been disappointing. They often ask what they’re doing wrong—h...
simonwillison.net
May 3, 2025 at 10:04 AM
If you're interested in an example I have >25 years of professional software development experience - I wrote about how I use LLMs to write code in detail here simonwillison.net/2025/Mar/11/...
CVE-2024-55591 Fortinet FortiOS Authentication Bypass PoC github.com/watchtowrlab...
GitHub - watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591
Contribute to watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591 development by creating an account on GitHub.
github.com
January 16, 2025 at 9:19 AM
CVE-2024-55591 Fortinet FortiOS Authentication Bypass PoC github.com/watchtowrlab...
Cool investigation from Kela... But let's be a bit more.. nuanced... IntelBroker's actions have never "shaken both corporations and government entities alike."
www.kelacyber.com/blog/intelbr...
www.kelacyber.com/blog/intelbr...
IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader
Introduction In the ever-evolving world of cybercrime, IntelBroker has emerged as one of its most prominent figures. Known for his high-profile breaches, IntelBroker’s actions have shaken both corpora...
www.kelacyber.com
January 15, 2025 at 6:38 PM
Cool investigation from Kela... But let's be a bit more.. nuanced... IntelBroker's actions have never "shaken both corporations and government entities alike."
www.kelacyber.com/blog/intelbr...
www.kelacyber.com/blog/intelbr...
Threat actor Codefinger abuses publicly disclosed AWS keys with permissions to write and read S3 objects. By utilizing AWS native services, they achieve encryption in a way that is both secure and unrecoverable without their cooperation.
www.halcyon.ai/blog/abusing...
www.halcyon.ai/blog/abusing...
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
The Halcyon RISE Team has identified a unique ransomware technique that encrypts Amazon S3 buckets with no known method to recover unless a ransom is paid...
www.halcyon.ai
January 13, 2025 at 5:39 PM
Threat actor Codefinger abuses publicly disclosed AWS keys with permissions to write and read S3 objects. By utilizing AWS native services, they achieve encryption in a way that is both secure and unrecoverable without their cooperation.
www.halcyon.ai/blog/abusing...
www.halcyon.ai/blog/abusing...
SCCMHound is a C# BloodHound collector for Microsoft Configuration Manager (MCM). If you're looking for a way to collect BloodHound session information from Configuration Manager's users and computers then this is the tool for you!
github.com/CrowdStrike/...
github.com/CrowdStrike/...
GitHub - CrowdStrike/sccmhound: A BloodHound collector for Microsoft Configuration Manager
A BloodHound collector for Microsoft Configuration Manager - CrowdStrike/sccmhound
github.com
December 23, 2024 at 3:50 PM
SCCMHound is a C# BloodHound collector for Microsoft Configuration Manager (MCM). If you're looking for a way to collect BloodHound session information from Configuration Manager's users and computers then this is the tool for you!
github.com/CrowdStrike/...
github.com/CrowdStrike/...
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation
oasis.security/resources/bl...
oasis.security/resources/bl...
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.
oasis.security
December 12, 2024 at 6:23 AM
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation
oasis.security/resources/bl...
oasis.security/resources/bl...
CVE-2024-11477 7Zip Code Execution Writeup and Analysis
github.com/TheN00bBuild...
github.com/TheN00bBuild...
GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis
CVE-2024-11477 7Zip Code Execution Writeup and Analysis - TheN00bBuilder/cve-2024-11477-writeup
github.com
December 1, 2024 at 12:50 PM
CVE-2024-11477 7Zip Code Execution Writeup and Analysis
github.com/TheN00bBuild...
github.com/TheN00bBuild...
The linpeas.sh version hosted at linpeas.sh is sending info to a remote server
github.com/peass-ng/PEA...
github.com/peass-ng/PEA...
a man in a suit and tie is smiling with his eyes closed
ALT: a man in a suit and tie is smiling with his eyes closed
media.tenor.com
November 27, 2024 at 4:31 PM
The linpeas.sh version hosted at linpeas.sh is sending info to a remote server
github.com/peass-ng/PEA...
github.com/peass-ng/PEA...
The Snowflake saga continue as one of the threat actors in the extortions may be a U.S. soldier
krebsonsecurity.com/2024/11/hack...
krebsonsecurity.com/2024/11/hack...
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kibe...
krebsonsecurity.com
November 27, 2024 at 5:58 AM
The Snowflake saga continue as one of the threat actors in the extortions may be a U.S. soldier
krebsonsecurity.com/2024/11/hack...
krebsonsecurity.com/2024/11/hack...
KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
github.com/decoder-it/K...
github.com/decoder-it/K...
GitHub - decoder-it/KrbRelayEx
Contribute to decoder-it/KrbRelayEx development by creating an account on GitHub.
github.com
November 26, 2024 at 1:44 PM
KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
github.com/decoder-it/K...
github.com/decoder-it/K...
Fascinating story:
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
www.volexity.com/blog/2024/11...
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
www.volexity.com/blog/2024/11...
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
www.volexity.com
November 22, 2024 at 8:21 PM
Fascinating story:
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
www.volexity.com/blog/2024/11...
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
www.volexity.com/blog/2024/11...
Reposted by Soufiane
💡Did you know that #Hunters International provides a tool to their affiliates that allows them to leak stolen data on the brand storefront *without* uploading it anywhere and keeping it on their own servers? #Ransomware
November 22, 2024 at 12:58 PM
💡Did you know that #Hunters International provides a tool to their affiliates that allows them to leak stolen data on the brand storefront *without* uploading it anywhere and keeping it on their own servers? #Ransomware
Disclosure of 7 Android and Google Pixel Vulnerabilities
blog.oversecured.com/Disclosure-o...
blog.oversecured.com/Disclosure-o...
Disclosure of 7 Android and Google Pixel Vulnerabilities
blog.oversecured.com
November 22, 2024 at 11:40 AM
Disclosure of 7 Android and Google Pixel Vulnerabilities
blog.oversecured.com/Disclosure-o...
blog.oversecured.com/Disclosure-o...
Apple Confirms Zero-Day Attacks Hitting macOS Systems
www.securityweek.com/apple-confir...
www.securityweek.com/apple-confir...
Apple Confirms Zero-Day Attacks Hitting macOS Systems
Apple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.
www.securityweek.com
November 22, 2024 at 6:04 AM
Apple Confirms Zero-Day Attacks Hitting macOS Systems
www.securityweek.com/apple-confir...
www.securityweek.com/apple-confir...
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
www.404media.co/leaked-docum...
www.404media.co/leaked-docum...
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.
www.404media.co
November 21, 2024 at 9:32 PM
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
www.404media.co/leaked-docum...
www.404media.co/leaked-docum...