Balthasar

@[email protected]
123 Followers
198 Following
60 Posts
Infosec guy breaking into networks and making sure they get more secure (he/him)
Red team lead @ http://srlabs.de
BalthasarMar 17
linuziferMar 17

Fun stuff from my team mates Rene Rehme @renereh1, Nina Piontek and @kantorkel:

"Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.”

https://srlabs.de/blog/hacking-ai-agent

https://infosec.exchange/@srlabs/116243968443532012

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

We strolled through an enterprise AI assistant's backend, helped ourselves to full application takeover and access to every chat log, and had a Microsoft Entra ID dump for dessert — no prompt injection, no model tricks, no AI expertise required.

SRLabs
BalthasarMar 3
LisaMar 3
On April 16th, we have our first event for #CyberDefendHERs in Berlin, an initiative for underrepresented groups in #Cybersecurity. For this event, we offer a full day of exchange, inspiration and presentations on „resilience and response“. Feel free to get your tickets to the event and please please please spread the word: https://cyberdefendhers.com
(Allies to the cause are also welcome)
Cyberdefendhers - Resilience and Response

BalthasarFeb 1
Show threadbuheratorFeb 1
@XC3LL Thanks for posting this, great to see someone has the guts to say the emperor is naked!

My 2c:
- Red Teams should be about the "difficult" things you mention at the end IMO. Spending resources on initial access is mostly pointless (from the client's perspective, finding 0d is always cool ofc) when a new blinky box exploit, leaked code signing cert, etc. is popping up every other week. IME many clients pay for (bad) initial access simulations because organizing assumed breach in-house is hard.
- A way to burst the bubbles you describe is to mandate scenarios based on real-world threat intel. But this works against intial access again, because RT's can't scale their R&D as black hats do (attack surface is clients vs the Internet).
BalthasarFeb 1
Juanma FernandezJan 31

A small rant:

The State of Art in Red Team is whatever you want to believe

https://x-c3ll.github.io/posts/Rant-Red-Team/

The State of Art in Red Team is whatever you want to believe

a rant about Red Teaming.

Doomsday Vault
BalthasarDec 30
Markus ReuterDec 30

Der Kongress des CCC ist und bleibt die skurrilste, unterhaltsamste und selbstorganierteste Großkonferenz, die es gibt.

Sie ist als unkommerzielles, politisches und wirkmächtiges Ereignis ein Leuchtturm dafür, was möglich ist, wenn Menschen sich verbünden und solidarisch etwas schaffen.

Gerade in Zeiten der faschistischen Bedrohung sind solche Zusammenkünfte und Orte unglaublich wichtig, weil sie Mut machen und Kraft spenden.

Danke, #39c3

BalthasarDec 16
The Hacker‘s ChoiceDec 16

THC Release 💥: The world’s largest IP<>Domain database: https://ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl https://ip.thc.org/1.1.1.1

Raw data: https://ip.thc.org/docs/bulk-data-access

(The fine work of messede 👌)

What does everyone think? Need feedback before release tomorrow :)

Show threadBalthasarNov 22

@hacks4pancakes I once witnessed well-known European red teamers get into a push up contest at a conference after a few beers…

In the industry, a self-perception of “I can hack it, I am so much better than the people who build it”, really feeds into this male ego culture.

I think we need to emphasise our purpose as red teamers is not to show how good we are but to help organisations understand weak spots and attacker behaviour. We should view red teaming as tricky puzzles instead of being a vigilante mercenaries.

Show threadBalthasarOct 9
@mubix it seems really thoroughly implemented. I recently had a TGT that threw unhandled crypto errors with many tools. The Mimikatz parsing finally showed the TGT encryption key was missing (because credential guard was enabled when dumping).
BalthasarOct 2
LisaOct 2

Since there are some pretty cool people around here, let me reshare this job offer here: We just published the first job posting for the team, I'm allowed to build at Security Research Labs.
I can honestly say, it's been a month full of awesome people, interesting, impactful work and lots of fun and new learnings. If you wanna explore that together and develop something great, feel free to hit me up. Also, if you have any questions, let me know! If you know someone, that would be a great fit for the team, the company and the topic, feel free to send them over :)

https://srlabs.de/careers#open-positions

Security Research Labs

SRLabs is a cybersecurity consultancy committed to making the world more secure.

SRLabs
BalthasarSep 18, 2025
chompieSep 18, 2025
kernel hackers go serverless
ring0 → cloud 9 ☁️ ??
brb pwning yr gpu nodes ✨