Tim (Wadhwa-)Brown 

@[email protected]
1.4K Followers
2K Following
7.1K Posts
push(@fediverse, "Adversarial Engineer"); # i hack in Perl
Papers and presentationshttps://scholar.google.co.uk/citations?user=vx_iiGYAAAAJ&hl=en
Blogshttps://blogs.cisco.com/author/timwadhwabrown | https://labs.portcullis.co.uk/author/tmb/
GitHub reposhttps://github.com/CiscoCXSecurity | https://github.com/timb-machine
Twitterhttps://twitter.com/timb_machine
LinkedInhttps://www.linkedin.com/in/timb-machine
Web sitehttps://www.nth-dimension.org.uk/
Tim (Wadhwa-)Brown 58m ago
Tim (Wadhwa-)Brown 23h ago

Interesting links of the week:

Strategy:

* https://codeberg.org/brib/slopfree-software-index - so you want slop free code?
* https://about.gitlab.com/blog/gitlab-act-2/ - no, not like that GitLab
* https://www.clearseclabs.com/blog/weve-been-here-before-ai-vulnerability-research/ - decompilers, fuzzers et al, we've been here before
* https://news.aliasrobotics.com/sovereign-ai-national-strategic-capability-locked-shields/ - using AI at Locked Shields 2026

Detection:

* https://lukasz.bromirski.net/bgp-blackholing/ - @mr0vka's naughty step

Bugs:

* https://vulnerability.garden/ - the best bugs have names?
* https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ - updated details from @Rapid7Official on the Cisco SD-WAN bug from a month or so back
* https://blog.calif.io/p/mad-bugs-finding-and-exploiting-a - popping PHP
* https://ghostlock.io/ - a ghost in the shell
* https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-dot/ - @bagder curls one out

Exploitation:

* https://back.engineering/blog/09/05/2026/ - devirtualising Themida
* https://www.reco.ai/blog/salesforce-experience-site-pentest-apex-predator - testing Salesf[ao]rce
* https://ransomware.sh/posts/env-nodejs-supply-chain-attack/ - last year's mentee discusses supply chain attacks

Hard hacks:

* https://icode4.coffee/?p=1465 - hacking disks

Hardening:

* https://cilium.io/blog/2026/05/06/securing-cicd-open-source-lessons-from-cilium/ - @cilium tips on CICD hardening

#security, #research

slopfree-software-index

A list of open-source projects that reject AI-generated code

Codeberg.org
Tim (Wadhwa-)Brown 4h ago
Tim (Wadhwa-)Brown 23h ago

Interesting Git repos of the week:

Strategy:

* https://github.com/stnert/the-supreme-art-of-cyberwar - surveillance, privacy and cyber war

Bugs:

* https://github.com/Swival/security-audits - interesting bug reports from @jedisct1 🤖
* https://github.com/v12-security/pocs - interesting Linux PoCs
* https://github.com/kiddo-pwn/ffffirefox - originally an 0day but now tracked as CVE-2026-8390
* https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn - race condition in ssh-keysign that allows arbitrary file reads, now tracked as CVE-2026-46333
* https://github.com/Nightmare-Eclipse/YellowKey - another goodie, this one is a bugdoor in BitLocker
* https://github.com/Nightmare-Eclipse/MiniPlasma - previously known as CVE-2020-17103, MiniPlasma pops cldflt.sys

Exploitation:

* https://github.com/1r0BIT/WinSSHound - map SSH usage on Windows

Nerd:

* https://github.com/inferno-os/inferno-os - distributed Plan 9-esque OS... I remember playing with this growing up

#security, #research, #code

GitHub - stnert/the-supreme-art-of-cyberwar: Repository containing content about the supreme art of cyberwarfare in parallel dimensions: Surveillance, cybersecurity, and how privacy is a paradoxical concept nowadays.

Repository containing content about the supreme art of cyberwarfare in parallel dimensions: Surveillance, cybersecurity, and how privacy is a paradoxical concept nowadays. - stnert/the-supreme-art-...

GitHub
Tim (Wadhwa-)Brown 16h ago
Patches are the BEST.
Tim (Wadhwa-)Brown 22h ago
PSA: It's always nice when the expert (not me) tells the hopefully competent (me) that they've written an "excellent report". People thrive on +ve feedback, do remember this.
Tim (Wadhwa-)Brown 23h ago

Interesting links of the week:

Strategy:

* https://codeberg.org/brib/slopfree-software-index - so you want slop free code?
* https://about.gitlab.com/blog/gitlab-act-2/ - no, not like that GitLab
* https://www.clearseclabs.com/blog/weve-been-here-before-ai-vulnerability-research/ - decompilers, fuzzers et al, we've been here before
* https://news.aliasrobotics.com/sovereign-ai-national-strategic-capability-locked-shields/ - using AI at Locked Shields 2026

Detection:

* https://lukasz.bromirski.net/bgp-blackholing/ - @mr0vka's naughty step

Bugs:

* https://vulnerability.garden/ - the best bugs have names?
* https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ - updated details from @Rapid7Official on the Cisco SD-WAN bug from a month or so back
* https://blog.calif.io/p/mad-bugs-finding-and-exploiting-a - popping PHP
* https://ghostlock.io/ - a ghost in the shell
* https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-dot/ - @bagder curls one out

Exploitation:

* https://back.engineering/blog/09/05/2026/ - devirtualising Themida
* https://www.reco.ai/blog/salesforce-experience-site-pentest-apex-predator - testing Salesf[ao]rce
* https://ransomware.sh/posts/env-nodejs-supply-chain-attack/ - last year's mentee discusses supply chain attacks

Hard hacks:

* https://icode4.coffee/?p=1465 - hacking disks

Hardening:

* https://cilium.io/blog/2026/05/06/securing-cicd-open-source-lessons-from-cilium/ - @cilium tips on CICD hardening

#security, #research

slopfree-software-index

A list of open-source projects that reject AI-generated code

Codeberg.org
Tim (Wadhwa-)Brown 23h ago

Interesting Git repos of the week:

Strategy:

* https://github.com/stnert/the-supreme-art-of-cyberwar - surveillance, privacy and cyber war

Bugs:

* https://github.com/Swival/security-audits - interesting bug reports from @jedisct1 🤖
* https://github.com/v12-security/pocs - interesting Linux PoCs
* https://github.com/kiddo-pwn/ffffirefox - originally an 0day but now tracked as CVE-2026-8390
* https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn - race condition in ssh-keysign that allows arbitrary file reads, now tracked as CVE-2026-46333
* https://github.com/Nightmare-Eclipse/YellowKey - another goodie, this one is a bugdoor in BitLocker
* https://github.com/Nightmare-Eclipse/MiniPlasma - previously known as CVE-2020-17103, MiniPlasma pops cldflt.sys

Exploitation:

* https://github.com/1r0BIT/WinSSHound - map SSH usage on Windows

Nerd:

* https://github.com/inferno-os/inferno-os - distributed Plan 9-esque OS... I remember playing with this growing up

#security, #research, #code

GitHub - stnert/the-supreme-art-of-cyberwar: Repository containing content about the supreme art of cyberwarfare in parallel dimensions: Surveillance, cybersecurity, and how privacy is a paradoxical concept nowadays.

Repository containing content about the supreme art of cyberwarfare in parallel dimensions: Surveillance, cybersecurity, and how privacy is a paradoxical concept nowadays. - stnert/the-supreme-art-...

GitHub
Tim (Wadhwa-)Brown 1d ago
Excellent DR exercise last week after the DC caught fire. Now, I do parallel backups so wasn't directly caught out but it turns out the corporate backup solution doesn't notify on failure. This seems a gap.
Tim (Wadhwa-)Brown 2d ago
Gotta love IT. copy.fail directions that use perl and curl to apply patches. Not only elite UNIX knowledge but the patching command rhymes. We must curl the perl.
Tim (Wadhwa-)Brown 2d ago
Did some adulting today. Took my parents-in-law into central London for an eye hospital appointment. Same one my dad used to go to. Tired.
Tim (Wadhwa-)Brown 3d ago
Today in Tim meets old colleagues in random places, bumped into one of our old red team and an old Portcullis customer at the ATT&CK event.