Andy GreenbergNew book coming next year. Working title, THE GRAYSCALE: True Stories of Hackers, Outlaws and Rogues From the Digital Underground.
| Blog | https://www.leeholmes.com |
Lee Holmes 
- 2.7K Followers
- 334 Following
- 2.2K Posts
Partner Security Architect, Azure Security. PowerShell developer, fanatical hobbyist, and author of the PowerShell Cookbook.
Just had an internal web application break, and when I dug in through DevTools there was some dependent fetch running into a server error. The server error message provided the internal DRI contact to reach out to for how to engage and report.
This is so. smart. If you've figured out the DRI contact by going through DevTools, you clearly don't need any central helpdesk support on basic troubleshooting like checking your adblocker.
Makes me think of @shanselman 's "FizzBin" - https://www.hanselman.com/blog/fizzbin-the-technical-support-secret-handshake
lcamtuf 
The cat's out of the bag! My latest book, "The Secret Life of Circuits", is available in early access:
https://lcamtuf.coredump.cx/blog/secret/
It's the reference I wish I had when I was starting out. Electrons to embedded systems, 290+ color illustrations and 420+ pages of well-explained theory.
This is amazing. An hour ago, had an idea of an app to convert howto videos into descriptive text. Now it's done.
web3 is going just greatHyperbridge exploited two weeks after April Fools' hack joke
April 13, 2026
https://www.web3isgoinggreat.com/?id=hyperbridge-exploit
John Regehrthis is a lovely post, where someone takes formally verified code, fuzzes it, and finds real problems.
while reading the piece, I was thinking about my own very similar experience ~15 years ago fuzzing CompCert. and then the author makes this precise comparison :)
https://kirancodes.me/posts/log-who-watches-the-watchers.html
Barry DorransI still love making bounty payouts though.
It's the best bit of my job.
PowerShell Desired State Configuration supports a feature I'm very proud of: you can tell nodes to only allow configuration documents signed by a specified publisher. So if the host these things are pulling their configuration documents from gets popped, you have no risk of company-wide remote code execution unless they also got your signing key.
This saves you from attacks like this that leverage trusted internal supply chains like Group Policy: https://blog.quest.com/how-attackers-abuse-group-policy-and-how-to-thwart-them/
Accidental CISOHow long before AI can’t get to fixing all the bugs AI finds because AI is too busy building new features?
If you have more than a passing interest in PowerShell, I can't recommend this book enough. It goes into the fantastic whirlwind of what it took to bring PowerShell to life, and Don captured the history so incredibly well.
https://www.amazon.com/Shell-Idea-Untold-History-PowerShell/dp/B089M1FCH5