ll  

@[email protected]
30 Followers
211 Following
296 Posts
Twitterhttps://twitter.com/_l_a_u_r_e_n_t_
ll  May 11
Will DormannMay 11

Pwn2Own Berlin 2026 is rejecting working RCEs because organizers ran out of contest slots.

Visit a website in Firefox and get code execution? Rejected.

Strange days indeed.

ll  May 11
Taggart May 11

Truly phenomenal work from @flyingpenguin here. A breakdown of the timeline of the Ubuntu attack, the business behind the booter service, and Cloudflare's problematic role.

https://www.flyingpenguin.com/can-someone-please-explain-whether-cloudflare-blackmailed-canonical/

Can Someone Please Explain Whether Cloudflare Blackmailed Canonical? | flyingpenguin

ll  May 11
Fabian BaderMay 11

In my latest blog "Now You See Me: AADGraphActivityLogs" I explore the newly released Azure AD Graph logs and demonstrate how you can detect tools like ROADtools and AADinternals that rely on this API and have been under the radar for defenders so far.

https://cloudbrothers.info/en/aadgraphactivitylogs/

Now You See Me: AADGraphActivityLogs

KQL hunting queries for the new AADGraphActivityLogs table to detect Entra ID reconnaissance tooling based on UserAgent, RequestUri, and volume.

Cloudbrothers
ll  May 5
Taggart May 4
Hey @cloudflare, how come you're protecting beamed[.]st, the DDoS service that's attacking Ubuntu? It's an obvious criminal enterprise that literally advertises botnet access.
ll  Apr 13
MetacurityApr 13
OK, I just discovered this extremely useful take on Claude Mythos and highly recommend it to all cyber practitioners.
https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready.pdf
ll  Mar 26
Show threadSerge DrozMar 26

We have a preliminary program: https://www.first.org/events/colloquia/geneva2026/program

Join us for free in Geneva to talk about DNS, FOSS, large infrastructures and Incident response.

Program Overview: 2026 Peak Incident Response Technical Colloquium

FIRST — Forum of Incident Response and Security Teams
ll  Mar 11
Fabian BaderMar 11

Microsoft just announced official support to store device bound Passkeys for Entra ID in the Windows Hello container. No app, no external hardware key but built in support. Sadly no attestation while in preview.

https://mc.merill.net/message/MC1247893

#Passkey #EntraID

MC1247893 - Microsoft Entra passkeys on Windows now support phishing-resistant sign-in | Microsoft 365 Message Center Archive

Microsoft Entra passkeys on Windows enable phishing-resistant, passwordless sign-in using Windows Hello on Entra-protected resources, including unmanaged devices. Public preview starts mid-March 2026. Organizations must opt in and configure policies to enable this feature; no impact occurs without activation.

ll  Feb 24
Jerry 🦙💝🦙Feb 23

RE: https://infosec.exchange/@Lee_Holmes/116122443123305628

This made my week

ll  Feb 13
watchTowrFeb 13

2026, the year of the AI-driven attacker that could do back flips, they said.

Meanwhile, there's a magic number that allows Auth Bypass against Ivanti EPM (CVE-2026-1603)

something about a pledge 🙄

ll  Feb 13
Tanya Janca | SheHacksPurple  Feb 13
My CSS might look a bit like this...