meadxmoon

@[email protected]
18 Followers
175 Following
327 Posts
CTI dude/he/they
🐶 🌪️ 🇱🇹 🇺🇦 🏳️‍🌈⚔️
📍MPLS ↙️↙️↙️
r**sia is a terrorist state
~armed with a mind~
sig: _Ob3l1sk.10
meadxmoon7h ago
certified computer toucherAug 29, 2023
oh look they finally made unicode for gamers (U+1D177, U+1D178)
meadxmoon2d ago
Raphael Albert2d ago

Running a slop machine locally doesn't magically solve every issue that comes with the tech.

Building it still wasted obscene amounts of energy and resources.

It is still built on the exploitation of other people's work and information.

It still can have adverse effects on individual skills and mental health.

Those who tell you otherwise are just trying to sell you something.
--
#StopTheSlop #Slopposition #LLMs #AI [sic!] #technology #IrresponsibleTech

meadxmoon2d ago
0xdf2d ago

NanoCorp from HackTheBox is a Windows AD box. A careers site extracts uploaded zips, so a .library-ms file leaks a Net-NTLMv2 hash. Then ACL abuse to reset a Protected Users account, and a Checkmk agent privesc to SYSTEM.

https://0xdf.gitlab.io/2026/06/20/htb-nanocorp.html

HTB: NanoCorp

NanoCorp is a Windows Active Directory machine built around a careers portal that accepts uploaded application archives. I’ll craft a malicious archive that leaks a service account’s authentication to my host when an automated job extracts it, and crack the result to get a foothold. With BloodHound, I’ll map a permissions chain that lets me add my user to a support group and then reset a second service account’s password. That account sits in the Protected Users group, so I’ll authenticate over Kerberos to get a shell. From there, I’ll find the Checkmk monitoring agent installed and abuse CVE-2024-0670 to drop write-protected files into a temp directory that the agent runs as SYSTEM, taking full control of the host. In Beyond Root, I’ll dig into the scheduled automations that keep the box in its intended state.

0xdf hacks stuff
meadxmoon2d ago
lcamtuf   2d ago
NOT COOL, MUSEUM. Not cool.
meadxmoon5d ago
Troy - KD3BTG6d ago

RE: https://mastodon.radio/@kb6nu/116761320560900171

I downloaded Dan’s free Technician guide + hamstudy app at the airport on the way to defcon last summer and passed on my first try 2 days later.

3 months later I ordered print copies of his General and Extra books and passed those exams on my first try as well.

Everyone learns differently so maybe Dan’s books aren’t the right one for you, but the Technician PDF is free so give it a try if you’re thinking about going for your US technician license.

meadxmoon6d ago
Juustoperse6d ago
SORRY. Had to do it.
meadxmoon6d ago
Show threadKevin Beaumont6d ago
Grok how do you invade Iran
meadxmoon6d ago
Wietze6d ago

🫯 New entry added to the #LOLBAS Project:
Proxy execution via system-native scp.exe. Takes any remote destination, doesn't actually have to run an SSH server.

👉 https://lolbas-project.github.io/lolbas/Binaries/Scp/
Thanks @BinFault

meadxmoon6d ago

RE: https://aus.social/@dgar/116759570578615595

missed opportunity for @somafm

meadxmoonJun 15
Eugen RochkoJun 15

RE: https://phpc.social/@theshaunwalker/116753314614249073

As someone who found friends and community exclusively through the online world back when I was a teen, 💯