mosesrenegade
@mosesrenegade.bsky.social
Happy America Day for 2025.
July 4, 2025 at 10:00 PM
Happy America Day for 2025.
I am speaking at the South Florida ISSA Meeting Tonight. It's in the same venue as the HackMiami conference. If you are in the area and want to hang out, here are the details:
www.meetup.com/south...
www.meetup.com/south...
May SFISSA Meeting @ HackMiami XII, Thu, May 15, 2025, 6:00 PM | Meetup
We’re excited to be hosting this month’s meeting at the HackMiami Conference, one of South Florida’s most anticipated cybersecurity events.
Location: Marenas Beach Resort
www.meetup.com
May 15, 2025 at 5:05 PM
I am speaking at the South Florida ISSA Meeting Tonight. It's in the same venue as the HackMiami conference. If you are in the area and want to hang out, here are the details:
www.meetup.com/south...
www.meetup.com/south...
I have not been active on social media for the last 45 days. My ability to share sharply declined. After some deep thinking and professional life changes, I can now share more freely—such a burden lifted from my shoulders. Videos are coming soon.
May 5, 2025 at 12:17 PM
I have not been active on social media for the last 45 days. My ability to share sharply declined. After some deep thinking and professional life changes, I can now share more freely—such a burden lifted from my shoulders. Videos are coming soon.
If you have ever taken #SEC588, I have always said that SAML needs to go away. Here is a nasty bug in a library where you can bypass it altogether mostly: workos.com/blog/samlstorm
Just send a signed request, and you will be good to go.
Just send a signed request, and you will be good to go.
SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries — WorkOS
Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.
workos.com
March 25, 2025 at 5:50 PM
If you have ever taken #SEC588, I have always said that SAML needs to go away. Here is a nasty bug in a library where you can bypass it altogether mostly: workos.com/blog/samlstorm
Just send a signed request, and you will be good to go.
Just send a signed request, and you will be good to go.
If you see the following header in your weblogs and your running next.js ... well...
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
#CVE-2025-29927
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
#CVE-2025-29927
March 24, 2025 at 8:00 AM
If you see the following header in your weblogs and your running next.js ... well...
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
#CVE-2025-29927
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
#CVE-2025-29927
I just wanted to go on record in saying if the internet ever went dark, it is truly when this website is gone....
www.zombo.com
www.zombo.com
March 23, 2025 at 9:00 AM
I just wanted to go on record in saying if the internet ever went dark, it is truly when this website is gone....
www.zombo.com
www.zombo.com
This is an excellent writeup by the Objective See folks. I had to ensure I was still reading about an exploit halfway through the beginning because the build-up was so good.
If MacOS and Exploiting MacOS is your thing, this is a great read: bit.ly/4bTsGnZ
If MacOS and Exploiting MacOS is your thing, this is a great read: bit.ly/4bTsGnZ
Leaking Passwords
...and more on macOS
bit.ly
March 23, 2025 at 5:00 AM
This is an excellent writeup by the Objective See folks. I had to ensure I was still reading about an exploit halfway through the beginning because the build-up was so good.
If MacOS and Exploiting MacOS is your thing, this is a great read: bit.ly/4bTsGnZ
If MacOS and Exploiting MacOS is your thing, this is a great read: bit.ly/4bTsGnZ
I'll more than likely discuss this at some point in a video. This Apache Tomcat bug is pretty bad. The POC is dead simple and it will probably be easy to work around firewalls.
Patch!
www.darkreading.com/...
1/n
Patch!
www.darkreading.com/...
1/n
Apache Tomcat RCE Vulnerability Under Fire With Exploit
The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.
www.darkreading.com
March 22, 2025 at 1:00 PM
I'll more than likely discuss this at some point in a video. This Apache Tomcat bug is pretty bad. The POC is dead simple and it will probably be easy to work around firewalls.
Patch!
www.darkreading.com/...
1/n
Patch!
www.darkreading.com/...
1/n
Let me be crystal clear: the person who wrote the @watchtowrcyber blog is correct about deserialization gadgets. The video gives some thoughts, but I wanted to add context. Amazing work from @sinsinology
1/n
youtu.be/mJTo_YGwYzY
1/n
youtu.be/mJTo_YGwYzY
Infosec Drama of the Week?
I want to be clear that in the video, I'm talking about this post:https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in...
youtu.be
March 22, 2025 at 12:42 AM
Let me be crystal clear: the person who wrote the @watchtowrcyber blog is correct about deserialization gadgets. The video gives some thoughts, but I wanted to add context. Amazing work from @sinsinology
1/n
youtu.be/mJTo_YGwYzY
1/n
youtu.be/mJTo_YGwYzY
Is that Tomcat bug a non-issue? I'm hesitant to say so, primarily because of the many horror show bugs I've seen in Tomcat servlets in the past. Do I suspect there will be more issues on the internal networks? Yes.
Comment Below
Video: youtu.be/Du4d7Q4R51Q
Comment Below
Video: youtu.be/Du4d7Q4R51Q
March 21, 2025 at 12:29 AM
Is that Tomcat bug a non-issue? I'm hesitant to say so, primarily because of the many horror show bugs I've seen in Tomcat servlets in the past. Do I suspect there will be more issues on the internal networks? Yes.
Comment Below
Video: youtu.be/Du4d7Q4R51Q
Comment Below
Video: youtu.be/Du4d7Q4R51Q
The jc-action/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
tion/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
youtu.be/lqPoWd7CbTE
tion/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
youtu.be/lqPoWd7CbTE
March 20, 2025 at 1:15 AM
The jc-action/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
tion/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
youtu.be/lqPoWd7CbTE
tion/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
youtu.be/lqPoWd7CbTE
This is super interesting. An attacker gained access to a popular "plug-in" (the best way I could describe it) to your CI/CD pipeline in a Github Action that would do change file detection in your runs.
www.stepsecurity.io/...
1/n
www.stepsecurity.io/...
1/n
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
tj-actions/changed-files
www.stepsecurity.io
March 19, 2025 at 12:00 PM
This is super interesting. An attacker gained access to a popular "plug-in" (the best way I could describe it) to your CI/CD pipeline in a Github Action that would do change file detection in your runs.
www.stepsecurity.io/...
1/n
www.stepsecurity.io/...
1/n
The other day, one of my coworkers asked me a question, and it was around: what do you currently recommend for C2 in a Red Team Engagement? Now, this question comes up a ton. In practice, we have been using Cloudflare because it just "works," but what if that no longer works?
March 17, 2025 at 2:01 PM
The other day, one of my coworkers asked me a question, and it was around: what do you currently recommend for C2 in a Red Team Engagement? Now, this question comes up a ton. In practice, we have been using Cloudflare because it just "works," but what if that no longer works?
Do you all think Manus AI Is a threat. I thought I'd give some folks a fun one for a video update:
bit.ly/41ylBEo
bit.ly/41ylBEo
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
youtu.be
March 11, 2025 at 4:50 PM
Do you all think Manus AI Is a threat. I thought I'd give some folks a fun one for a video update:
bit.ly/41ylBEo
bit.ly/41ylBEo
Healthcare IT is a total mess. Microsoft is injecting some funding in it: bit.ly/4i4ts3I
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
youtu.be
March 7, 2025 at 8:00 PM
Healthcare IT is a total mess. Microsoft is injecting some funding in it: bit.ly/4i4ts3I
Everyone is alarmed by a "Webcam" used to deploy ransomware as a nothing-burger. The article should highlight that ransomware actors are not just automating the attack but actively looking into a network. If you have a vulnerable non-windows device, it will be used.
March 7, 2025 at 4:14 PM
Everyone is alarmed by a "Webcam" used to deploy ransomware as a nothing-burger. The article should highlight that ransomware actors are not just automating the attack but actively looking into a network. If you have a vulnerable non-windows device, it will be used.
You want to execute malware in a sandboxed environment. You want to do this self-hosted or in the cloud in your environment. What do you choose?
(Yes, I know that online analysis tools exist).
Comment Below
#security #cybersecurity #onlinesafety #privacy #technology
(Yes, I know that online analysis tools exist).
Comment Below
#security #cybersecurity #onlinesafety #privacy #technology
March 7, 2025 at 2:57 PM
You want to execute malware in a sandboxed environment. You want to do this self-hosted or in the cloud in your environment. What do you choose?
(Yes, I know that online analysis tools exist).
Comment Below
#security #cybersecurity #onlinesafety #privacy #technology
(Yes, I know that online analysis tools exist).
Comment Below
#security #cybersecurity #onlinesafety #privacy #technology
Quantum Curious? Today's topic is Post Quantum Cryptography, more or less.
#security #cybersecurity #onlinesafety #privacy #technology #crypto
bit.ly/3XuoNja
#security #cybersecurity #onlinesafety #privacy #technology #crypto
bit.ly/3XuoNja
Post Quantum Cryptography
What happens after PQC?
youtu.be
March 7, 2025 at 2:24 AM
Quantum Curious? Today's topic is Post Quantum Cryptography, more or less.
#security #cybersecurity #onlinesafety #privacy #technology #crypto
bit.ly/3XuoNja
#security #cybersecurity #onlinesafety #privacy #technology #crypto
bit.ly/3XuoNja
I don't yet know the full implications of this, but being able to "patch" your Microcode such that, idk, XOR compares always return true for specific functions would be bad. bit.ly/3F4V3TP
Blog: Zen and the Art of Microcode Hacking
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
bughunters.google.com
March 6, 2025 at 12:56 PM
I don't yet know the full implications of this, but being able to "patch" your Microcode such that, idk, XOR compares always return true for specific functions would be bad. bit.ly/3F4V3TP
Yesterday on a Podcast Interview I did with the ktrlpanel I ended it with a butchered quick explaination of Shors Algorithm and Quantum Computing. For those curious the idea is this. Quantum Computing should be able to, using a QFT, factorize prime numbers quickly.
March 6, 2025 at 12:42 PM
Yesterday on a Podcast Interview I did with the ktrlpanel I ended it with a butchered quick explaination of Shors Algorithm and Quantum Computing. For those curious the idea is this. Quantum Computing should be able to, using a QFT, factorize prime numbers quickly.
I'm posting this here while experimenting with different media. The focus, currently, is on short-form videos on a different Cyber Security Topic (bit.ly/YTMosesFrostShow). I am however going to expand that at some point.
The Moses Frost Show
Share your videos with friends, family, and the world
bit.ly
March 4, 2025 at 9:19 PM
I'm posting this here while experimenting with different media. The focus, currently, is on short-form videos on a different Cyber Security Topic (bit.ly/YTMosesFrostShow). I am however going to expand that at some point.
Mozilla Foundation is changing its Terms of Service and has decided to remove its promise never to sell your data, I.E., they can sell it. This has people in a tizzy; what alternative web browsers do you recommend? Comment Below!
bit.ly/3QEAekE
bit.ly/3QEAekE
March 1, 2025 at 7:37 PM
Mozilla Foundation is changing its Terms of Service and has decided to remove its promise never to sell your data, I.E., they can sell it. This has people in a tizzy; what alternative web browsers do you recommend? Comment Below!
bit.ly/3QEAekE
bit.ly/3QEAekE
Can multiple LLMs working in Tandem evaluate CTF Challenges? Some interesting research coming out of NYU.
arxiv.org/html/2406....
arxiv.org/html/2406....
March 1, 2025 at 2:32 PM
Can multiple LLMs working in Tandem evaluate CTF Challenges? Some interesting research coming out of NYU.
arxiv.org/html/2406....
arxiv.org/html/2406....