ReynardSec
@reynardsec.bsky.social
Your Cybersecurity Advisor - https://reynardsec.com/en/
Floats are probably still hard to handle.
#microsoft #m365
October 1, 2025 at 10:36 PM
Floats are probably still hard to handle.
#microsoft #m365
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?
👇
#appsec #devops #programming #webdev #docker #cloud #sysadmin #sysops #java #php #javascript #node
devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?
👇
#appsec #devops #programming #webdev #docker #cloud #sysadmin #sysops #java #php #javascript #node
September 23, 2025 at 11:50 AM
devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
September 15, 2025 at 10:03 PM
devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
👇
#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity
September 4, 2025 at 8:03 PM
devops0: These k8s security SaaS prices are wild.
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
September 2, 2025 at 7:05 AM
devops0: These k8s security SaaS prices are wild.
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?
👇
#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
August 26, 2025 at 7:27 AM
A grumpy ItSec guy walks through the office when he overhears an exchange of words.
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.
👇
#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming
You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report www.securitum.com/public-repor... (point 002, page 15).
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
August 25, 2025 at 1:27 PM
You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report www.securitum.com/public-repor... (point 002, page 15).
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
#pentest #cybersecurity #hardware #research #infosec #pentesting #computers
Publication by BSI (Germany) and ANSSI (France) on designing LLM-based systems using a Zero Trust approach. Focus: the application layer and "agentic systems".
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
August 21, 2025 at 9:48 PM
Publication by BSI (Germany) and ANSSI (France) on designing LLM-based systems using a Zero Trust approach. Focus: the application layer and "agentic systems".
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
www.bsi.bund.de/SharedDocs/D...
#ai #programming #llm #llms #cybersecurity #infosec #appsec
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
August 20, 2025 at 1:35 PM
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
1) Part1: leftarcode.com/posts/afd-re...
#reverseengineering #windows #cyber #malware
August 19, 2025 at 2:50 PM
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
August 18, 2025 at 8:16 AM
A grumpy ItSec guy walks through the office...
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!
👇
#webdev #programming #cybersecurity #infosec #java #php
August 15, 2025 at 6:28 PM
hey #programming, I just decided to summarize most of the security trainings and courses for devs.
#webdev #appsec #infosec #cybersecurity
#webdev #appsec #infosec #cybersecurity
August 15, 2025 at 10:18 AM
hey #programming, I just decided to summarize most of the security trainings and courses for devs.
#webdev #appsec #infosec #cybersecurity
#webdev #appsec #infosec #cybersecurity
„Recursive Request Exploits (RRE) trace API chains backward from a protected resource (like a video stream) back to it's origin.
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
August 14, 2025 at 10:00 PM
„Recursive Request Exploits (RRE) trace API chains backward from a protected resource (like a video stream) back to it's origin.
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
If any upstream API is unauthenticated, the whole chain can be abused to bypass access”
github.com/jumpycastle/...
#pentest #cybersecurity #webdev
InPost, a company best known for its so-called "Paczkomaty" (parcel lockers - self-service machines where you can send and collect parcels 24/7), is launching a campaign to install AED units (Helpbox 365) [1] on its machines [2].
#europe #poland #health #inpost #cool #lifesaving #government
#europe #poland #health #inpost #cool #lifesaving #government
August 13, 2025 at 2:32 PM
InPost, a company best known for its so-called "Paczkomaty" (parcel lockers - self-service machines where you can send and collect parcels 24/7), is launching a campaign to install AED units (Helpbox 365) [1] on its machines [2].
#europe #poland #health #inpost #cool #lifesaving #government
#europe #poland #health #inpost #cool #lifesaving #government
A grumpy ItSec guy walks through the office #2
devops0: dude, we've got so many roles in this cluster my terminal buffer runs out when I try to list them all.
devops1: bro, if it works, don't touch.
Read more 👇
#devops #programming #webdev #cybersecurity #infosec #sysadmin #kubernetes #containers
devops0: dude, we've got so many roles in this cluster my terminal buffer runs out when I try to list them all.
devops1: bro, if it works, don't touch.
Read more 👇
#devops #programming #webdev #cybersecurity #infosec #sysadmin #kubernetes #containers
August 12, 2025 at 7:33 AM
A grumpy ItSec guy walks through the office #2
devops0: dude, we've got so many roles in this cluster my terminal buffer runs out when I try to list them all.
devops1: bro, if it works, don't touch.
Read more 👇
#devops #programming #webdev #cybersecurity #infosec #sysadmin #kubernetes #containers
devops0: dude, we've got so many roles in this cluster my terminal buffer runs out when I try to list them all.
devops1: bro, if it works, don't touch.
Read more 👇
#devops #programming #webdev #cybersecurity #infosec #sysadmin #kubernetes #containers
Bad actor exploited Google's "Refresh Outdated Content" tool to suppress unwanted publication.
freedom.press/issues/censo...
#webdev #infosec #cybersecurity #press #legal #privacy
freedom.press/issues/censo...
#webdev #infosec #cybersecurity #press #legal #privacy
August 10, 2025 at 10:00 PM
Bad actor exploited Google's "Refresh Outdated Content" tool to suppress unwanted publication.
freedom.press/issues/censo...
#webdev #infosec #cybersecurity #press #legal #privacy
freedom.press/issues/censo...
#webdev #infosec #cybersecurity #press #legal #privacy
August 8, 2025 at 6:27 PM
If you're using the classic AD and AD CS, check this out 👇
github.com/Sleepw4lker/...
"TameMyCerts is a policy module for AD CS enterprise certification authorities that enables security automation for a lot of use cases in the PKI"
#windows #sysadmin #devops #infosec #cybersecurity #sysops
github.com/Sleepw4lker/...
"TameMyCerts is a policy module for AD CS enterprise certification authorities that enables security automation for a lot of use cases in the PKI"
#windows #sysadmin #devops #infosec #cybersecurity #sysops
August 6, 2025 at 8:47 PM
If you're using the classic AD and AD CS, check this out 👇
github.com/Sleepw4lker/...
"TameMyCerts is a policy module for AD CS enterprise certification authorities that enables security automation for a lot of use cases in the PKI"
#windows #sysadmin #devops #infosec #cybersecurity #sysops
github.com/Sleepw4lker/...
"TameMyCerts is a policy module for AD CS enterprise certification authorities that enables security automation for a lot of use cases in the PKI"
#windows #sysadmin #devops #infosec #cybersecurity #sysops
„Under the Hood of AFD.sys Part 4: Receiving TCP packets”
leftarcode.com/posts/afd-re...
#reverseengineering #windows #programming #cybersecurity
leftarcode.com/posts/afd-re...
#reverseengineering #windows #programming #cybersecurity
August 6, 2025 at 10:02 AM
„Under the Hood of AFD.sys Part 4: Receiving TCP packets”
leftarcode.com/posts/afd-re...
#reverseengineering #windows #programming #cybersecurity
leftarcode.com/posts/afd-re...
#reverseengineering #windows #programming #cybersecurity
Discover what DORA, TLPT & TIBER-EU are - from reinforcing digital resilience to live attack simulations - and find out which part I think is the coolest from an #offensivesecurity POV! 🚀🇪🇺
👉 reynardsec.com/en/eu-regula...
#privacy #europe #law #tlpt #pentesting #security
👉 reynardsec.com/en/eu-regula...
#privacy #europe #law #tlpt #pentesting #security
August 5, 2025 at 5:52 PM
Discover what DORA, TLPT & TIBER-EU are - from reinforcing digital resilience to live attack simulations - and find out which part I think is the coolest from an #offensivesecurity POV! 🚀🇪🇺
👉 reynardsec.com/en/eu-regula...
#privacy #europe #law #tlpt #pentesting #security
👉 reynardsec.com/en/eu-regula...
#privacy #europe #law #tlpt #pentesting #security
EU regulation in practice: what DORA, TLPT and TIBER-EU are and which part I think is the coolest from #offensivesecurity perspective 🇪🇺
reynardsec.com/en/eu-regula...
#cybersecurity #infosec #privacy #europe #law #tlpt #pentest #pentesting #security #itsecurity #threatintel
reynardsec.com/en/eu-regula...
#cybersecurity #infosec #privacy #europe #law #tlpt #pentest #pentesting #security #itsecurity #threatintel
August 4, 2025 at 7:30 AM
EU regulation in practice: what DORA, TLPT and TIBER-EU are and which part I think is the coolest from #offensivesecurity perspective 🇪🇺
reynardsec.com/en/eu-regula...
#cybersecurity #infosec #privacy #europe #law #tlpt #pentest #pentesting #security #itsecurity #threatintel
reynardsec.com/en/eu-regula...
#cybersecurity #infosec #privacy #europe #law #tlpt #pentest #pentesting #security #itsecurity #threatintel
A grumpy ItSec guy walks through the office... what happens?
👉 infosec.exchange/@reynardsec/...
#programming #devops #java #php #nodejs #infosec #cybersecurity
👉 infosec.exchange/@reynardsec/...
#programming #devops #java #php #nodejs #infosec #cybersecurity
August 3, 2025 at 8:03 AM
A grumpy ItSec guy walks through the office... what happens?
👉 infosec.exchange/@reynardsec/...
#programming #devops #java #php #nodejs #infosec #cybersecurity
👉 infosec.exchange/@reynardsec/...
#programming #devops #java #php #nodejs #infosec #cybersecurity
Check out this new Dirk's article, especially if you use AD, AD CS and Intune: "Extending AD CS attack surface to the cloud with Intune certificates".
dirkjanm.io/extending-ad...
#windows #pentest #pentesting #activedirectory #devops #sysadmin #infosec #cybersecurity #cloud #azure #m365 #intune
dirkjanm.io/extending-ad...
#windows #pentest #pentesting #activedirectory #devops #sysadmin #infosec #cybersecurity #cloud #azure #m365 #intune
July 30, 2025 at 5:17 PM
Check out this new Dirk's article, especially if you use AD, AD CS and Intune: "Extending AD CS attack surface to the cloud with Intune certificates".
dirkjanm.io/extending-ad...
#windows #pentest #pentesting #activedirectory #devops #sysadmin #infosec #cybersecurity #cloud #azure #m365 #intune
dirkjanm.io/extending-ad...
#windows #pentest #pentesting #activedirectory #devops #sysadmin #infosec #cybersecurity #cloud #azure #m365 #intune