Nice finding: here's how an attacker can spoof multiple DNS records and make them all point at the same machine (not trivial as you'll see!)

A "sweet" attack campaign caught in our honeypot :) Spreads over SSH, mines crpytocurrency to a private pool and has a P2P malware module previously seen and analyzed by Unit 42. NoaBot is now uncovered and broken down by Stiv Kupchik >>

Windows paths -- the gift that keeps on giving

🐸 Ready for some ribbeting research? The FritzFrog botnet has found a new home in Log4Shell - or as we like to call it, Frog4Shell. See details on how this botnet hops around in our latest blog: akamai.com/blog/security-…

FritzFrog is back with some new "tricks" and Ori David made sure to cover it in his new blog >>

Very happy and excited to finally publish this blogpost! This blog is about a command injection vulnerability in Kubernetes. The vulnerability is with the local volumes feature and it will allow for RCE over all windows nodes in the cluster with SYSTEM privileges.

Excited to share my third blog covering Microsoft DHCP! This time we go into the DHCP Administrators group, while exploring the question: Can a DHCP admin become a Domain admin? (Spoiler alert: Pretty often!) Get the full details here: akamai.com/blog/security-…

I forgot (and now recall) how tedious it is to try to understand functions with big logic and how satisfying it is when you finally do

I mistyped "bit logic" which was the most important part of this tweet

it's the third time today that my build fails because in some miraculous way (i.e. vim) I managed to corrupt the source code. redundant lines added at the end of the file, endifs disappearing, you name it. I just wish I knew the keyboard shortcuts that made this happen

בוקר טוב מהכנסת. יש פה יותר בני משפחות של חטופים מחברי כנסת. לנו אין פגרה.

מדריך לעבודה עם חילונים חלק 1:

To all you newbies out there getting into this industry and being worried about not knowing enough.. Unfortunately I'm here to tell you that imposter syndrome never stops! Enjoy what you do and stay humble, because you'll always doubt your skillz... That is all.

השעה אחרי חצות בוושינגטון. כל צמרת הממשל כולל הנשיא ביידן עצמו פרסמו תגובות קורעות לב בנושא החטופים שנרצחו. השעה 7:45 בישראל. ראש הממשלה יודע מאז אתמול בלילה על האסון, והוא שותק. משאיר את הבשורה הקשה לדובר צה"ל. האיש הזה לא ראוי לכלום. פחדן.

סליחה, כרמלי. סליחה שלא עצרנו כשעוד היה אפשר. סליחה שנתנו להם להרוג אותך. הלוואי שראית ושמעת אותנו. הלוואי שלמרות שראית בעיניים את הרצח הנורא של אמא כנרת, גילית שאבא אשל ואחייך אלון ואור, הגיסה שלך ירדן והאחיינית שלך גפן, שרדו. הלוואי שראית איך החברות שלך נאבקו כדי שתחזרי

VR is tough psychologically. Often asked if it's a good discipline to get into, given that the difficulty is always increasing. Hacking will always exist, in one form or another. The right question - are u ok w repeated failure/uncertainty without it influencing your self worth?

Blue Hat IL's CFP is now open and I'm lucky to have been asked to join the committee again! I'd love to help those who are thinking about submitting a talk, send me a DM if I can assist. Excited to read some abstracts!

One week to go! If your plan is to submit your abstract to BlueHat IL 2025 at the very last second – we kind of respect that, but why not get it done now and save us all the stress? microsoftrnd.co.il/bluehatil/conf…

Hexacon CFP is open until July 14th! Don't miss the chance to submit a talk - being a speaker is currently the only way to get a ticket to the sold-out event ;)

Blackhoodie will be back at Hexacon this year, and we're currently looking for former BlackHoodies who would be willing to give a training, between Oct 6 and 9! blackhoodie.re/Hexacon2025/