August 13, 2025
August 13, 2025
If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels: https://t.co/r8wDslYmAj pic.twitter.com/5DJsgO0kO6
— HD Moore (@hdmoore) August 13, 2025
Dropped a new blogpost.
— faulty *ptrrr (@0x_shaq) August 13, 2025
CVE-2025-52970: how I turned a limited, blind OOB read primitive into a full authentication bypass in one of Fortinet’s products :)https://t.co/wNmA6gRs0T
pwnedOrNot: An OSINT Tool for Finding Passwords of Compromised Email Accounts
— Dark Web Informer (@DarkWebInformer) August 13, 2025
GitHub: https://t.co/VPHUnv2jvl
Per the repo: "pwnedOrNot works in two phases. In the first phase it tests the given email address using HaveIBeenPwned v3 API to find if the account have been breached… pic.twitter.com/qZJaLXuaqF
Just posted my @defcon slides (talk #1): "Mastering Apple's Endpoint Security for Advanced macOS Malware Detection"
— Patrick Wardle (@patrickwardle) August 13, 2025
Writing 🍎 security software? You should be using Endpoint Security! But its advanced features are rather nuanced & often misunderstood 🫣https://t.co/TRn6dRnjV5
As a rare and precious hypervisor VM escaper authority, this RETbleed-on-VM research from Google is cool.
— Alisa Esage Шевченко (@alisaesage) August 12, 2025
Few realize: most Speculative Execution & Side-Channel exploits affect hypervisors *automatically* – even if it isn't mentioned in the paper.
Why?
They cross software… pic.twitter.com/VTDMzSKh8S
Apple just released Embedding Atlas:
— Leonie (@helloiamleonie) August 11, 2025
An open-source visualization tool for your embeddings.
I just gave it a quick spin with some data stored in my vector database.
These are my first impressions:
- Nice exploration UX with hover and tool tip for single data points
- Shows you… pic.twitter.com/LxSXRc2Ikc
This research from @Bitdefender_Ent Labs details a cluster of malicious activity they've been tracking since mid-2024. It uncovers a new threat actor group they’ve named Curly COMrades, operating to support Russian interests | https://t.co/X1KPQ0NhrA
— 780th Military Intelligence Brigade (Cyber) (@780thC) August 13, 2025
Tracing ToneShell: Mustang Panda's Evolving Tradecraft and Campaign Infrastructure
— 780th Military Intelligence Brigade (Cyber) (@780thC) August 7, 2025
August 2, 2025, LinkedIn | by Kyaw Pyiyt Htet (Mikoyan) https://t.co/c219DBaiRc
There were many moments over the past year where our LLM agents completely blew my mind! Plenty more to talk about soon, but for now, I highly recommend folks check out our public agent traces. You can watch our agents find, trigger, and patch a real exploitable 0day in sqlite! https://t.co/LD3UAoR9Pn
— Tim Becker (@tjbecker_) August 10, 2025
Direct link to the sqlite 0day logs:https://t.co/pQGpjD0pNP
— Tim Becker (@tjbecker_) August 11, 2025