superkojiman
@techorganic.com
Will occasionally cosplay as a hacker.
🌐 techorganic.com
🐘 infosec.exchange/@superkojiman
💻 github.com/superkojiman
🌐 techorganic.com
🐘 infosec.exchange/@superkojiman
💻 github.com/superkojiman
Reposted by superkojiman
HEY THERE, BUCKAR00Z!!1!
Revised 2nd Edition of @joemenn.bsky.social's CULT OF THE DEAD COW book is coming out in two weeks! A MERE FORTNIGHT!
Perfect Xmas/Kwaanzaa/Chanukah/Solstice/Krampusnacht gift for your best/worst friends/spouses/enemies/pets/neighbours/houseplants!
GET IT GET IT GET IT!
Revised 2nd Edition of @joemenn.bsky.social's CULT OF THE DEAD COW book is coming out in two weeks! A MERE FORTNIGHT!
Perfect Xmas/Kwaanzaa/Chanukah/Solstice/Krampusnacht gift for your best/worst friends/spouses/enemies/pets/neighbours/houseplants!
GET IT GET IT GET IT!
November 18, 2025 at 5:47 PM
HEY THERE, BUCKAR00Z!!1!
Revised 2nd Edition of @joemenn.bsky.social's CULT OF THE DEAD COW book is coming out in two weeks! A MERE FORTNIGHT!
Perfect Xmas/Kwaanzaa/Chanukah/Solstice/Krampusnacht gift for your best/worst friends/spouses/enemies/pets/neighbours/houseplants!
GET IT GET IT GET IT!
Revised 2nd Edition of @joemenn.bsky.social's CULT OF THE DEAD COW book is coming out in two weeks! A MERE FORTNIGHT!
Perfect Xmas/Kwaanzaa/Chanukah/Solstice/Krampusnacht gift for your best/worst friends/spouses/enemies/pets/neighbours/houseplants!
GET IT GET IT GET IT!
Reposted by superkojiman
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
Reposted by superkojiman
Dust off the denim jacket, crank up the synth, and get ready to hack the planet 80's style. Tickets are now on sale at www.bsidesto.ca ya dig?
BSides Toronto 2025
www.bsidesto.ca
September 24, 2025 at 1:50 AM
Dust off the denim jacket, crank up the synth, and get ready to hack the planet 80's style. Tickets are now on sale at www.bsidesto.ca ya dig?
Reposted by superkojiman
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 1:20 PM
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
Reposted by superkojiman
here, I tell you what, in honor the Hackers anniversary have a documentary about hackers from 1994 that 1) kicks ass, 2) has honestly nearly as good a soundtrack as Hackers the movie 3) has me (briefly) and my friends in it and 4) was I know for certain part of the Hackers filmmaker's research
September 16, 2025 at 1:57 AM
here, I tell you what, in honor the Hackers anniversary have a documentary about hackers from 1994 that 1) kicks ass, 2) has honestly nearly as good a soundtrack as Hackers the movie 3) has me (briefly) and my friends in it and 4) was I know for certain part of the Hackers filmmaker's research
Reposted by superkojiman
Want to learn reverse engineering? There'll be a free, women*-only BlackHoodie workshop from October 6th to 9th in Paris!
Topics:
• Linux memory forensics 🕵️♀️ (by Sonia)
• Web app and mobile app pentesting 🕸️📱 (by Paula)
• iOS reversing 🍎 (by me)
Topics:
• Linux memory forensics 🕵️♀️ (by Sonia)
• Web app and mobile app pentesting 🕸️📱 (by Paula)
• iOS reversing 🍎 (by me)
September 10, 2025 at 7:52 PM
Want to learn reverse engineering? There'll be a free, women*-only BlackHoodie workshop from October 6th to 9th in Paris!
Topics:
• Linux memory forensics 🕵️♀️ (by Sonia)
• Web app and mobile app pentesting 🕸️📱 (by Paula)
• iOS reversing 🍎 (by me)
Topics:
• Linux memory forensics 🕵️♀️ (by Sonia)
• Web app and mobile app pentesting 🕸️📱 (by Paula)
• iOS reversing 🍎 (by me)
Reposted by superkojiman
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
September 9, 2025 at 8:02 AM
We've received 50 required articles for issue #7 of
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
@pagedout.bsky.social - this means we're publishing the issue in the few next weeks.
1. Want to get an article in #7? You should write it now and send it in in the next few days.
2. We're still looking for more issue sponsors!
Reposted by superkojiman
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
August 18, 2025 at 9:33 PM
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
Reposted by superkojiman
We've just released a massive update to Collaborator Everywhere! This is a complete rewrite by @compass-security.com which adds loads of features including in-tool payload customization. Massive thanks to Compass for this epic project takeover. Check out the new features:
July 14, 2025 at 2:51 PM
We've just released a massive update to Collaborator Everywhere! This is a complete rewrite by @compass-security.com which adds loads of features including in-tool payload customization. Massive thanks to Compass for this epic project takeover. Check out the new features:
Reposted by superkojiman
Introducing the BloodHound Query Library! 📚
@martinsohn.dk & @joeydreijer.bsky.social explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ
@martinsohn.dk & @joeydreijer.bsky.social explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ
Introducing the BloodHound Query Library - SpecterOps
The BloodHound Query Library is a community-driven collection of BloodHound Cypher available at https://queries.specterops.io
ghst.ly
June 17, 2025 at 7:14 PM
Introducing the BloodHound Query Library! 📚
@martinsohn.dk & @joeydreijer.bsky.social explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ
@martinsohn.dk & @joeydreijer.bsky.social explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ
Reposted by superkojiman
Received the news today that my talk "Advanced Active Directory to Entra ID lateral movement techniques" was also accepted for @defcon.bsky.social 🎉 hope to see everyone there!
June 10, 2025 at 12:28 PM
Received the news today that my talk "Advanced Active Directory to Entra ID lateral movement techniques" was also accepted for @defcon.bsky.social 🎉 hope to see everyone there!
Reposted by superkojiman
ICYMI it on the heathen platform, I recently launched a new training portal for Zero-Point. Read more here: www.zeropointsecurity.co.uk/blog/new-sit...
New Site Launch
www.zeropointsecurity.co.uk
May 20, 2025 at 5:20 PM
ICYMI it on the heathen platform, I recently launched a new training portal for Zero-Point. Read more here: www.zeropointsecurity.co.uk/blog/new-sit...
Reposted by superkojiman
I made a tool to help test archive (zip/tar) extraction bugs (sync working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrun...
GitHub - avlidienbrunn/archivealchemist: Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.
Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities. - avlidienbrunn/archivealchemist
github.com
May 9, 2025 at 8:47 AM
I made a tool to help test archive (zip/tar) extraction bugs (sync working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrun...
Reposted by superkojiman
We've just published a guide to writing your own custom actions, including some worked examples -> portswigger.net/burp/documen...
Custom actions reference guide
Custom actions are scripts that run directly in Burp Repeater to automate tasks and extract information during manual testing. This page includes building ...
portswigger.net
May 6, 2025 at 1:10 PM
We've just published a guide to writing your own custom actions, including some worked examples -> portswigger.net/burp/documen...
Reposted by superkojiman
Reposted by superkojiman
Red Team collaboration has evolved over time. I remember using SILC for encrypted chats and TRAC wiki and source code tracking. Here are the more modern services I think Red Teams can benefit from and a super easy way to stand them up: github.com/mubix/redtea...
What do you use?
What do you use?
GitHub - mubix/redteam-collab: Red Team Collaboration Infrastructure
Red Team Collaboration Infrastructure. Contribute to mubix/redteam-collab development by creating an account on GitHub.
github.com
April 21, 2025 at 10:28 PM
Red Team collaboration has evolved over time. I remember using SILC for encrypted chats and TRAC wiki and source code tracking. Here are the more modern services I think Red Teams can benefit from and a super easy way to stand them up: github.com/mubix/redtea...
What do you use?
What do you use?
Reposted by superkojiman
Save the date - BlackHoodie will be offering a free reverse engineering training for women by women in Stockholm at @sec-t.bsky.social conference on September 10th! Thanks to the wonderful people of SEC-T ♥️
April 8, 2025 at 6:43 PM
Save the date - BlackHoodie will be offering a free reverse engineering training for women by women in Stockholm at @sec-t.bsky.social conference on September 10th! Thanks to the wonderful people of SEC-T ♥️
Reposted by superkojiman
Reposted by superkojiman
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
March 29, 2025 at 12:08 PM
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
Reposted by superkojiman
tmp.0ut Volume 4 just came out!!! LET'S GO!
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
March 21, 2025 at 4:31 PM
tmp.0ut Volume 4 just came out!!! LET'S GO!
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
And guess who's article is there ;)
08 .... FixedASLR: .o ELF loader in a CTF task
tmpout.sh/4/
Reposted by superkojiman
Using frida-trace to hook thousands of methods in one go and get clean, readable output for large, obfuscated mobile apps 📲. Another post from Reino’s to level up your dynamic analysis: sensepost.com/blog/2025/us...
March 19, 2025 at 8:59 AM
Using frida-trace to hook thousands of methods in one go and get clean, readable output for large, obfuscated mobile apps 📲. Another post from Reino’s to level up your dynamic analysis: sensepost.com/blog/2025/us...
Reposted by superkojiman
A lot of you were telling me I should do my courses in English, so here we go:
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
March 19, 2025 at 3:15 PM
A lot of you were telling me I should do my courses in English, so here we go:
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
Mastering Binary Files and Protocols: The Complete Journey
hackarcana.com/bin?utm=gyn-b
This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc
Start Apr 8th
Reposted by superkojiman
I’m excited to introduce Namespace Confusion, a novel attack discovered during Gareth's and mySAML Roulette: The Hacker Always Wins research. We uncovered a brutal attack on XML signature validation that destroys authentication in Ruby-SAML!
March 18, 2025 at 3:01 PM
I’m excited to introduce Namespace Confusion, a novel attack discovered during Gareth's and mySAML Roulette: The Hacker Always Wins research. We uncovered a brutal attack on XML signature validation that destroys authentication in Ruby-SAML!
Reposted by superkojiman
Today I am publishing an in-browser, ✨GPU accelerated✨, MD5 password cracker. Whoever can get the best hashrate wins a big wet kiss on the lips. Post your score! noctonic.github.io/md5shader.html
March 13, 2025 at 10:38 PM
Today I am publishing an in-browser, ✨GPU accelerated✨, MD5 password cracker. Whoever can get the best hashrate wins a big wet kiss on the lips. Post your score! noctonic.github.io/md5shader.html
Reposted by superkojiman
🚨 Evilginx Pro is finally here! 🚨🎣🐟
This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!
Thank you all for your invaluable support 💗
breakdev.org/evilginx-pro...
This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!
Thank you all for your invaluable support 💗
breakdev.org/evilginx-pro...
Evilginx Pro is finally here!
After over two years of development, Evilginx Pro reverse proxy phishing framework for red teams is finally live!
breakdev.org
March 12, 2025 at 3:29 PM
🚨 Evilginx Pro is finally here! 🚨🎣🐟
This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!
Thank you all for your invaluable support 💗
breakdev.org/evilginx-pro...
This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!
Thank you all for your invaluable support 💗
breakdev.org/evilginx-pro...