WarthogTK
@warthogtk.bsky.social
Pentester | Ex MD (Intensivist & Healthcare Simulation) | (Black) Arch Enthusiast |
Infosec - AD - Windows Internals/Maldev enthusiast |
Geopolitics, Defense, Disinformation, Hybrid warfare | DCS, Gaming, Metal
(OU=FR,DC=WORLD,DC=UNIVERSE)
Infosec - AD - Windows Internals/Maldev enthusiast |
Geopolitics, Defense, Disinformation, Hybrid warfare | DCS, Gaming, Metal
(OU=FR,DC=WORLD,DC=UNIVERSE)
Automating GOAD and Live Malware Labs www.elastic.co/security-lab...
Automating GOAD and Live Malware Labs — Elastic Security Labs
Stop building labs by hand. Automate the deployment of a fully instrumented Purple Team range using Ludus and Elastic Security. Spin up infrastructure, execute attacks, and validate detection rules…
www.elastic.co
February 10, 2026 at 9:37 PM
Automating GOAD and Live Malware Labs www.elastic.co/security-lab...
Claude in Chrome: A Threat Analysis
labs.zenity.io/p/claude-in-...
labs.zenity.io/p/claude-in-...
Claude in Chrome: A Threat Analysis
A threat model for Claude in Chrome, agentic browsers risks. Claude in Chorme JS tool resulting risks, and what you should be aware of when adopting Claude in your org.
labs.zenity.io
February 10, 2026 at 7:26 PM
Claude in Chrome: A Threat Analysis
labs.zenity.io/p/claude-in-...
labs.zenity.io/p/claude-in-...
Prompt injection in Google Translate reveals base model behaviors behind task-specific fine-tuning
www.lesswrong.com/posts/tAh2ke...
www.lesswrong.com/posts/tAh2ke...
Prompt injection in Google Translate reveals base model behaviors behind task-specific fine-tuning — LessWrong
tl;dr Argumate on Tumblr found you can sometimes access the base model behind Google Translate via prompt injection. The result replicates for me, an…
www.lesswrong.com
February 8, 2026 at 9:03 AM
Prompt injection in Google Translate reveals base model behaviors behind task-specific fine-tuning
www.lesswrong.com/posts/tAh2ke...
www.lesswrong.com/posts/tAh2ke...
Méthodologie d’intrusion dans les systèmes d’IA : Attaquer l’apprentissage machine de bout-en-bout, de la source au service
aet1us.github.io/article_ia
aet1us.github.io/article_ia
Méthodologie d’attaques sur IA
ENGLISH version Auteur: Jules BADER, penetration tester et auditeur cyber au Cyslab de CGI Business Consulting France.
aet1us.github.io
February 7, 2026 at 10:23 AM
Méthodologie d’intrusion dans les systèmes d’IA : Attaquer l’apprentissage machine de bout-en-bout, de la source au service
aet1us.github.io/article_ia
aet1us.github.io/article_ia
A CTF-Style XSS Chain in the Wild: DOM Clobbering, Gadgets, and CSP Bypass · antoniusblock
blog.antoniusblock.net/posts/dom-cl...
blog.antoniusblock.net/posts/dom-cl...
A CTF-Style XSS Chain in the Wild: DOM Clobbering, Gadgets, and CSP Bypass
A bug bounty target that unexpectedly felt like a CTF. What began as simple recon turned into a nice chain of discoveries that ultimately led to a valid XSS
blog.antoniusblock.net
February 6, 2026 at 8:03 PM
A CTF-Style XSS Chain in the Wild: DOM Clobbering, Gadgets, and CSP Bypass · antoniusblock
blog.antoniusblock.net/posts/dom-cl...
blog.antoniusblock.net/posts/dom-cl...
Top 10 web hacking techniques of 2025 portswigger.net/research/top...
Top 10 web hacking techniques of 2025
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 6, 2026 at 2:33 PM
Top 10 web hacking techniques of 2025 portswigger.net/research/top...
Firewall Penetration Testing: StrengthenYour Network Security
blog.securelayer7.net/firewall-pen...
blog.securelayer7.net/firewall-pen...
Firewall Penetration Testing: Strengthen Your Network Security
Firewalls are the first line of defense against unauthorized access and cyberattacks, but even the most advanced configurations can contain overlooked rules or misconfigured ports that create…
blog.securelayer7.net
February 4, 2026 at 7:49 PM
Firewall Penetration Testing: StrengthenYour Network Security
blog.securelayer7.net/firewall-pen...
blog.securelayer7.net/firewall-pen...
The Notepad++ supply chain attack – unnoticed execution chains and new IoCs securelist.com/notepad-supp...
The Notepad++ supply chain attack – unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL…
securelist.com
February 3, 2026 at 10:35 AM
The Notepad++ supply chain attack – unnoticed execution chains and new IoCs securelist.com/notepad-supp...
Reposted by WarthogTK
In our latest article, @niozow.bsky.social dives into the inner workings of #Windows access tokens, privileges and logon rights.
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
Beyond ACLs: Mapping Windows Privilege Escalation Paths with
Beyond ACLs: Mapping Windows Privilege Escalation Paths with
www.synacktiv.com
February 2, 2026 at 3:30 PM
In our latest article, @niozow.bsky.social dives into the inner workings of #Windows access tokens, privileges and logon rights.
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
A Tiny Privilege Escalation by Abusing Dangling Templates
Hello, friends!
www.intigriti.com
February 1, 2026 at 7:21 PM
Why you should remove ‘ClawdBot’ (or whatever it’s called) right now
andreafortuna.org/2026/01/31/r...
andreafortuna.org/2026/01/31/r...
Why you should remove ‘ClawdBot’ (or whatever it’s called) right now
If you’ve been keeping an eye on developer news in 2026, you’ve probably come across ClawdBot. Maybe you know it as MoltBot or the latest fork, OpenClaw. No matter what it’s called today, the story…
andreafortuna.org
February 1, 2026 at 1:01 PM
Why you should remove ‘ClawdBot’ (or whatever it’s called) right now
andreafortuna.org/2026/01/31/r...
andreafortuna.org/2026/01/31/r...
A Tiny Privilege Escalation by Abusing Dangling Templates
Hello, friends!
jakehildreth.github.io
January 31, 2026 at 9:28 PM
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
blog.sucuri.net/2026/01/shad...
blog.sucuri.net/2026/01/shad...
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
A new WordPress malware technique uses fake directories to override permalinks and serve spam to search engines. Learn the signs and fixes.
blog.sucuri.net
January 31, 2026 at 11:45 AM
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
blog.sucuri.net/2026/01/shad...
blog.sucuri.net/2026/01/shad...
DCS 2026 AND BEYOND
YouTube video by Eagle Dynamics: Digital Combat Simulator
youtube.com
January 31, 2026 at 10:47 AM
DCS 2026 AND BEYOND
YouTube video by Eagle Dynamics: Digital Combat Simulator
youtube.com
January 31, 2026 at 10:39 AM