🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We're heading to Vegas August 5-10! Send us a DM if you'd like to meet up onsite. Happy to share our latest offensive agents, AI red team tooling, custom evals, and training capabilities on the Strikes platform. Plus, "shiny rocks"??

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

My first SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. specterops.io/blog/2025/07/2…

Thanks to the team dreadnode for joining me for an informative stream today! You can watch the recording on YouTube here: youtube.com/watch?v=BzOmGw… Off By One Security

I have three specific Vegas goals and they're all related to hats. We're going for the hat trick with dreadnode, SpecterOps, and FalconForce Official. Why? I'm a fan of these companies and their logos and I need new hats that I actually like.

Red team meme of the day from James 🏴󠁧󠁢󠁷󠁬󠁳󠁿 😂

BloodHound v8.0 is here! 🎉 This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID. Read more from Justin Kohler: ghst.ly/bloodhoundv8 🧵: 1/7

While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes googleprojectzero.blogspot.com/2025/07/report…

GRPO reward functions for complex tasks are hard. I learned a lot though and we'll keep iterating!

I’m honored to be joining some amazing women in cybersecurity at the #BHUSA panel “Hacking the Status Quo”. We’ll be sharing the journey of our careers: how we got started and what’s shaped us. Bring your questions and leave with fresh perspective 😊 blackhat.com/us-25/briefing…

Going to DEF CON?! We'll have 9500 print copies of Phrack, and Sunday @ noon Battle Programmer Yuu Richard Johnson and @chompie will be on main stage! info.defcon.org/content/?id=60…

I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…

We deployed 44 AI agents and offered the internet $170K to attack them. 1.8M attempts, 62K breaches, including data leakage and financial loss. 🚨 Concerningly, the same exploits transfer to live production agents… (example: exfiltrating emails through calendar event) 🧵

I'm releasing a backend for multi-agent AI systems that need to model complex non-linear problems. Kafka handles async agent communication, with ingestion plugins that route data to Neo4j, Qdrant, and MinIO. Check it out on the IBM X-Force GitHub! github.com/xforcered/Agen…

ICYMI, LOLRMM (lolrmm.io) now has SIEM (or XDR) detections as well This is an absolute must have detection query, exclude your actual RMM(s) and alert on any that aren't supposed to be used

New BH OpenGraph stuff is pretty cool, threw together a super basic PoC to map attack paths through SCCM this afternoon using data pulled from the site DB:

New blog! Here's our case study on using LLMs for accelerating offensive R&D. Our post details how we used Large Language Models to identify and exploit trapped COM objects. Next week at BlackHat we'll drop even hotter stuff on offensive AI research. 🔥 outflank.nl/blog/2025/07/2…

there are some cool opportunities for automation with public models (gpt-4.1 in this case) more on training custom models next thursday