the grugq's newsletter

December 18, 2025

December 18, 2025

December 18, 2025 Song lyric: found a way to turn the lights off Text: when you turned the lights off again Source: Poland’s Foreign Intelligence Service…...

---

December 17, 2025

December 17, 2025

December 17, 2025 I regret to inform you that I am posting Big Suka Sukhoi again, because I think most people don't even know I made it. People always said I...

---

December 15-16, 2025

December 16, 2025

December 15-16, 2025 I've been working on a side project for some time: autonomous reverse-engineering powered by Gepetto.I shared some thoughts here...

---

December 14, 2025

December 14, 2025

December 14, 2025 Great NYT reporting on the CIA's loss of a plutonium power source in the Himalayas in the 1960s. "Extensive interviews with the people who...

---

December 13, 2025

December 13, 2025

December 13, 2025 I like to be transparent, so here’s a thread on some of the biggest misses (false negatives) we’ve had in detecting insider threats with...

---

Bad OPSEC Considered Harmful

December 11, 2025

Bad Opsec Considered Harmful I recently became aware of a GitHub repository collecting “Bad OPSEC” cases—instances where people were caught due to mistakes...

---

December 11, 2025

December 11, 2025

December 11, 2025 🔥Introducing a new Red Team tool - SessionHop: https://t.co/hChhDXzhiESessionHop utilizes the IHxHelpPaneServer COM object to hijack...

---

December 10, 2025

December 10, 2025

December 10, 2025 Could be worse - imagine how the janitor feels https://t.co/B4tzPPmHlE pic.twitter.com/EtLfTQ47KV— Havoc (@Havoc_Six) December 8, 2025 DOJ...

---

December 9, 2025

December 9, 2025

December 9, 2025 https://infosec.exchange/@kevinrothrock/115671633352186577 Found a great blog about my vulnerability! Besides tech things, there are also...

---

December 8, 2025

December 8, 2025

December 8, 2025 This report from Bleeping is crazy, is You can't make this stuff up! 😂https://t.co/4eC9E2yuZV pic.twitter.com/Y5zRarXRyn— Kostas...

---

December 5-6-7, 2025

December 7, 2025

December 5-6-7, 2025 Administrivia: sorry for the delay, it’s been hectic. Somehow I managed to get deadlines converge on the same day and my normal...

---

December 4, 2025

December 4, 2025

December 4, 2025 Our office has automatic gates that use facial recognition and set off a loud alarm if you follow someone though (and security is sitting...

---

December 2-3, 2025

December 3, 2025

December 2-3, 2025 Rest In Peace, Stealth Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a...

---

December 1, 2025

December 1, 2025

December 1, 2025 📻 Really enjoyed listening to this BBC show on modern espionage ⏬️https://t.co/0FO5eqUHqT pic.twitter.com/kybTkBVDoO— Dr. Dan Lomas...

---

November 30, 2025

November 30, 2025

November 30, 2025 Israel’s IDF Bans Android Phones—iPhones Now ‘Mandatory’ via @forbes https://t.co/hR0ZS0rr7D— Dr. Dan Lomas (@Sandbagger_01) November 30,...

---

November 29, 2025

November 29, 2025

November 29, 2025 btw: Kerberoasting in VBA is described (with POC) in the article "Hacking in an epistolary way: implementing kerberoast in pure VBA" from...

---

November 28, 2025

November 28, 2025

November 28, 2025 💻 macOS Red Teaming Comprehensive Guide Guide: https://t.co/PdZSvYaJI6 pic.twitter.com/0UtM3qrjUP— Muqsit 𝕏 (@mqst_) November 26, 2025...

---

November 26-27, 2025

November 27, 2025

November 26-27, 2025 https://t.co/ENsjxncdJlRandom exploit that has no uses to me anymore, bypasses every anticheat r/w protection without the use of any...

---

November 25, 2025

November 25, 2025

November 25, 2025 A ton of great info here about what Apple does for their secure boot chain: “A Reverse Engineer’s Anatomy of the macOS Boot Chain &...

---

November 24, 2025

November 24, 2025

November 24, 2025 🚀 open-sourced santamon — a lightweight macOS detection sidecar that reads Santa's ES telemetry, runs CEL detection rules locally, and only...

---