Brendan
@tychosmoose.bsky.social
Hackaveloper, trophy husband, fur-baby daddy, hobby ranch-hand, hiker, and Researcher for Metasploit. My opinions are my own unless I stole them. He/Him
Reposted by Brendan
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
November 21, 2025 at 1:29 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
Reposted by Brendan
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT | Blog | VulnCheck
A new critical vulnerability was disclosed in Fortra's GoAnywhere managed file transfer product, which has been targeted in the past by ransomware and extortion groups
www.vulncheck.com
September 19, 2025 at 4:36 PM
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
In happy news, our most recent foster found his forever home this weekend. He showed up on the ranch when the weather was in the 20's, and stayed for a warm bed, lots of kibble, surgery to remove a benign tumor, a couple baths, rest, and lots of treats and pets. Day 1 vs day 40(?).
March 3, 2025 at 8:46 PM
In happy news, our most recent foster found his forever home this weekend. He showed up on the ranch when the weather was in the 20's, and stayed for a warm bed, lots of kibble, surgery to remove a benign tumor, a couple baths, rest, and lots of treats and pets. Day 1 vs day 40(?).
Reposted by Brendan
He probably started the form, but didn’t finish it.
July 17, 2024 at 4:50 PM
He probably started the form, but didn’t finish it.
Super excited that Microsoft has enabled "quick create" on Hyper-V to let you automagically create popular VMs. Less excited that it appears to create the same x64 VM, even if your host OS is ARM-based. 😅 Maybe at least put the arch in the vhdx filename?
July 9, 2024 at 1:44 PM
Super excited that Microsoft has enabled "quick create" on Hyper-V to let you automagically create popular VMs. Less excited that it appears to create the same x64 VM, even if your host OS is ARM-based. 😅 Maybe at least put the arch in the vhdx filename?
Reposted by Brendan
I'm on at 15:15 ET tomorrow!
Not in Montreal for NorthSec? Too bad, but you can follow the conferences anyway!
NorthSec
https://nsec.io
NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike. We are a volunteer-run organizatio...
www.youtube.com
May 16, 2024 at 12:03 PM
I'm on at 15:15 ET tomorrow!
Truly uncanny how he can find waterfowl hidden in the grass.
April 30, 2024 at 1:43 PM
Truly uncanny how he can find waterfowl hidden in the grass.
Reposted by Brendan
CVE-2023-20198 (critical RCE in Cisco IOS XE) PoC and associated Fofa query:
github.com/W01fh4cker/C...
github.com/W01fh4cker/C...
GitHub - W01fh4cker/CVE-2023-20198-RCE: CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.
CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands. - W01fh4cker/CVE-2023-20198-RCE
github.com
April 26, 2024 at 8:39 AM
CVE-2023-20198 (critical RCE in Cisco IOS XE) PoC and associated Fofa query:
github.com/W01fh4cker/C...
github.com/W01fh4cker/C...
I don't know why I keep being surprised that Enterprise software is as utterly cobbled together as the code I wrote to control the temperature of my kegerator 20 years ago.
April 19, 2024 at 4:42 PM
I don't know why I keep being surprised that Enterprise software is as utterly cobbled together as the code I wrote to control the temperature of my kegerator 20 years ago.
That time we found our Great Pyr had taken out a K-BAR, managed to get it unsheathed, and got real serious about livestock guarding.....
March 27, 2024 at 3:09 PM
That time we found our Great Pyr had taken out a K-BAR, managed to get it unsheathed, and got real serious about livestock guarding.....
Reposted by Brendan
do u enjoy silly little guys??? i got u. get yourself some silly little guys, today 🦴✨ fangcrush.storenvy.com
March 15, 2024 at 10:00 PM
do u enjoy silly little guys??? i got u. get yourself some silly little guys, today 🦴✨ fangcrush.storenvy.com
I am often jealous of our dogs....
February 13, 2024 at 3:27 PM
I am often jealous of our dogs....
I'm in a meeting and someone said "all the way back in Python 2.7" like it was code carved in stone and now my back hurts.
September 26, 2023 at 3:37 PM
I'm in a meeting and someone said "all the way back in Python 2.7" like it was code carved in stone and now my back hurts.
Can we please put one introvert in every HR department and give them veto power?
September 22, 2023 at 2:32 PM
Can we please put one introvert in every HR department and give them veto power?