XPN
@xpnsec.com
Hacker for hire at @specterops.bsky.social
Blog: https://blog.xpnsec.com
Blog: https://blog.xpnsec.com
My second post for the month is now live 🎉
Get the scoop on the incoming Administrator Protection for Windows 11.
@xpnsec.com covers the architecture, access controls, and why some legacy UAC bypass techniques remain effective in his latest blog post. ghst.ly/44mw5JM
@xpnsec.com covers the architecture, access controls, and why some legacy UAC bypass techniques remain effective in his latest blog post. ghst.ly/44mw5JM
Administrator Protection Review - SpecterOps
Microsoft will be introducing Administrator Protection into Windows 11. This post explores security considerations for red teamers.
ghst.ly
June 18, 2025 at 6:54 PM
My second post for the month is now live 🎉
Talking Heads released a music video for Psycho Killer and it's fucking awesome :D www.youtube.com/watch?v=CJ54...
Talking Heads - Psycho Killer (Official Video)
YouTube video by Talking Heads
www.youtube.com
June 13, 2025 at 11:37 AM
Talking Heads released a music video for Psycho Killer and it's fucking awesome :D www.youtube.com/watch?v=CJ54...
Reposted by XPN
🚨 New blog post alert!
@xpnsec.com drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs.
Read more: ghst.ly/4koUJiz
@xpnsec.com drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs.
Read more: ghst.ly/4koUJiz
Tokenization Confusion - SpecterOps
Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.
ghst.ly
June 3, 2025 at 5:44 PM
🚨 New blog post alert!
@xpnsec.com drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs.
Read more: ghst.ly/4koUJiz
@xpnsec.com drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs.
Read more: ghst.ly/4koUJiz
New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06...
Tokenization Confusion - SpecterOps
Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.
specterops.io
June 3, 2025 at 4:57 PM
New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06...
The level of snark in my upcoming blogpost is next level... And I'm not even sorry!
taylor swift is wearing a black off the shoulder top .
ALT: taylor swift is wearing a black off the shoulder top .
media.tenor.com
May 21, 2025 at 3:34 PM
The level of snark in my upcoming blogpost is next level... And I'm not even sorry!
Reposted by XPN
Didn’t know this impressive fact. @xpnsec.com did you?
Each year, Eurovision has more live viewers than the Super Bowl, Oscars and Grammys combined. This shocks Europeans when I tell them.
So check it out. Live semi-final 1 airing now: www.youtube.com/live/0HNXVB2...
So check it out. Live semi-final 1 airing now: www.youtube.com/live/0HNXVB2...
Eurovision Song Contest 2025 - First Semi-Final - Livestream | #Eurovision2025
YouTube video by Eurovision Song Contest
www.youtube.com
May 13, 2025 at 8:47 PM
Didn’t know this impressive fact. @xpnsec.com did you?
Reposted by XPN
You've been prepping for #OSCP exam day, and it finally arrives. 🙇
In Part 4 of his blog series, @anam0x.bsky.social focuses on the test & how to maximize the educational, financial, & professional value of the exam experience.
Read more: ghst.ly/4lHDw4M
🧵: 1/4
In Part 4 of his blog series, @anam0x.bsky.social focuses on the test & how to maximize the educational, financial, & professional value of the exam experience.
Read more: ghst.ly/4lHDw4M
🧵: 1/4
April 22, 2025 at 4:14 PM
You've been prepping for #OSCP exam day, and it finally arrives. 🙇
In Part 4 of his blog series, @anam0x.bsky.social focuses on the test & how to maximize the educational, financial, & professional value of the exam experience.
Read more: ghst.ly/4lHDw4M
🧵: 1/4
In Part 4 of his blog series, @anam0x.bsky.social focuses on the test & how to maximize the educational, financial, & professional value of the exam experience.
Read more: ghst.ly/4lHDw4M
🧵: 1/4
Worked on a simple POC last night for connecting Mythic up to LiteLLM (pointing to Claude) for riding shotgun on a C2 session. Only using shell cmd, but provides oversight and hints to potential paths to explore. Quite happy for a weekend project :D youtu.be/C9J5okm6cA4
Superintendent POC
YouTube video by Adam Chester
youtu.be
April 20, 2025 at 10:53 AM
Worked on a simple POC last night for connecting Mythic up to LiteLLM (pointing to Claude) for riding shotgun on a C2 session. Only using shell cmd, but provides oversight and hints to potential paths to explore. Quite happy for a weekend project :D youtu.be/C9J5okm6cA4
New AI Slop Avatar, who dis?
April 18, 2025 at 12:02 PM
New AI Slop Avatar, who dis?
Reposted by XPN
WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-04-14
WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!
blog.badsectorlabs.com
April 15, 2025 at 7:46 PM
WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Slides from my SOCON 2025 presentation are now up on GitHub github.com/xpn/Presenta...
Presentations/SOCON2025 at main · xpn/Presentations
A collections of presentations. Contribute to xpn/Presentations development by creating an account on GitHub.
github.com
April 15, 2025 at 9:36 AM
Slides from my SOCON 2025 presentation are now up on GitHub github.com/xpn/Presenta...
Awesome post from @atomicchonk.bsky.social on NLP Tokenizing. We need more content like this to show the "how" behind the LLM :) www.corgi-corp.com/post/tokeniz...
Tokenizing the Sandwich Debate: How NLP Models Weigh In on Hot Dogs
Get the gist for Natural Language Processing (NLP) and how tokenization plays a factor
www.corgi-corp.com
April 11, 2025 at 1:51 PM
Awesome post from @atomicchonk.bsky.social on NLP Tokenizing. We need more content like this to show the "how" behind the LLM :) www.corgi-corp.com/post/tokeniz...
Reposted by XPN
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
April 8, 2025 at 11:00 PM
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
New blog post 🤗
In our latest blog post, @xpnsec.com breaks down how SQL Server Transparent Data Encryption works, shares new methods for brute-forcing database encryption keys, & reveals a default key used by ManageEngine's ADSelfService product backups.
Read more 👉 ghst.ly/4iXFTyF
Read more 👉 ghst.ly/4iXFTyF
April 8, 2025 at 6:45 PM
New blog post 🤗
Celebrating 1 year at SpecterOps, this was the first project I worked on after starting. Looking at SQL Server Transparent Data Encryption, how to bruteforce weak keys, and how ManageEngine's ADSelfService product uses TDE with a suspect key. Enjoy :) specterops.io/blog/2025/04...
The SQL Server Crypto Detour - SpecterOps
As part of my role as Service Architect here at SpecterOps, one of the things I’m tasked with is exploring all kinds of technologies to help those on assessments with advancing their engagement. Not l...
specterops.io
April 8, 2025 at 4:03 PM
Celebrating 1 year at SpecterOps, this was the first project I worked on after starting. Looking at SQL Server Transparent Data Encryption, how to bruteforce weak keys, and how ManageEngine's ADSelfService product uses TDE with a suspect key. Enjoy :) specterops.io/blog/2025/04...
Love this article. It’s something that I’ve tried to follow throughout my career, having a line of sight to business profit centres. Even more important in the days of tech layoffs www.seangoedecke.com/where-the-mo...
Knowing where your engineer salary comes from
How tech companies make money and why it's important
www.seangoedecke.com
April 8, 2025 at 2:37 PM
Love this article. It’s something that I’ve tried to follow throughout my career, having a line of sight to business profit centres. Even more important in the days of tech layoffs www.seangoedecke.com/where-the-mo...
1 year anniversary at SpecterOps, so many personal and professional achievements in a short space of time. My advice for anyone getting into this field, try and make sure that you work companies and colleagues that push you beyond your comfort level. \o/
April 6, 2025 at 5:17 PM
1 year anniversary at SpecterOps, so many personal and professional achievements in a short space of time. My advice for anyone getting into this field, try and make sure that you work companies and colleagues that push you beyond your comfort level. \o/
Reposted by XPN
Excited to be at @specterops.bsky.social SO-CON this week!! If you're around, I'll be presenting "Abusing AUs, Confusing the SOC" tomorrow bright & early:
March 31, 2025 at 2:39 PM
Excited to be at @specterops.bsky.social SO-CON this week!! If you're around, I'll be presenting "Abusing AUs, Confusing the SOC" tomorrow bright & early:
Talking tomorrow so can just enjoy today before the nerves kick in 🤣 #socon2025
March 31, 2025 at 1:14 PM
Talking tomorrow so can just enjoy today before the nerves kick in 🤣 #socon2025
Reposted by XPN
We are excited to see everyone at #SOCON2025 tomorrow! 🙌
Get the details on everything you need to know before arriving at the conference: specterops.io/so-con
Get the details on everything you need to know before arriving at the conference: specterops.io/so-con
March 30, 2025 at 7:04 PM
We are excited to see everyone at #SOCON2025 tomorrow! 🙌
Get the details on everything you need to know before arriving at the conference: specterops.io/so-con
Get the details on everything you need to know before arriving at the conference: specterops.io/so-con
Reposted by XPN
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
March 29, 2025 at 12:08 PM
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
