mig 🇺🇦
LightNews LightNews
mig 🇺🇦
@miguelaya.bsky.social
87 followers 130 following 120 posts
infosec / fuck putin / fuck trump / fuck musk
Posts Replies Media Videos
How to crash your phone:
run the benchmark of
webcrack.octopwn.com
WebCrack GPU
webcrack.octopwn.com
December 19, 2025 at 7:42 AM
Reposted by mig 🇺🇦
specterops.io
PingOneHound, created in partnership with @pingidentity.com, brought BloodHound visibility into PingOne this year, helping defenders discover and remediate identity attack paths.

Check out @andyrobbins.bsky.social's post to learn more → ghst.ly/poh-eoybsky
December 12, 2025 at 11:20 PM
Reposted by mig 🇺🇦
andrewmorr.is
Shamlessly reposting from elsewhere- you can easily communicate between Linux VMs and guests using VSOCK (man7.org/linux/man-pa...). Here's some silly examples of bidirectional chat btwn host & guest using Socat. Or connecting via SSH to my home router from the VM without TCP/IP. No code required.
November 29, 2025 at 6:59 AM
1-click RCE on automotive industry
konatabrk.github.io/perfektblue/
PerfektBlue
konatabrk.github.io
November 24, 2025 at 4:43 PM
sensepost.com/blog/2025/no...
SensePost | Noooooooooo touch!
Leaders in Information Security
sensepost.com
November 19, 2025 at 3:30 PM
Reposted by mig 🇺🇦
kateinkharkiv.bsky.social
When I was younger, I naively believed that if the genocides of the past had occurred in our age of developed social media, the world would have stopped them sooner.

​And then Ukraine was attacked in this very age of developed social media: an era where everyone has their own "version of truth";
November 1, 2025 at 9:24 PM
Reposted by mig 🇺🇦
nathanmcnulty.com
Intune now has dedicated security recommendations docs just like Entra 🔥

The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance

Thanks to my collegaue (Josh Gatewood) for pointing this out!

learn.microsoft.com/en-us/intune...
October 10, 2025 at 4:49 AM
The drones in the nordics are a good example of hybrid warfare from russia.

In a DDoS attack a force multiplier is used: send a little traffic somewhere, get it to respond manyfold.

Drones are a cheap way to cause NATO countries to divest attention and resources from helping Ukraine.
October 2, 2025 at 3:34 AM
hey @bsky.app can you fix the app so you can select text
September 30, 2025 at 5:56 AM
RPC interfaces
blog.jcspencer.net/rpc-interfaces/
Windows RPC Interface Database - @jcspencer
A simple database of Windows RPC interfaces (DCE/RPC & Named Pipes)
blog.jcspencer.net
September 26, 2025 at 7:13 AM
Good post on using your context with SOCKS on other machines specterops.io/blog/2025/08...
Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP - SpecterOps
TL;DR When operating out of a ceded access or phishing payload with no credential material, you can use low-privilege HTTP authentication from the current user context to perform a proxied relay to LD...
specterops.io
August 26, 2025 at 6:58 AM
Good resource on Android apps interacting with SIM
stackoverflow.com/questions/30...
Send APDU commands to USIM/SIM card in android
I was already worked with smart cards and I am familiar with APDU commands (that are defined in ISO/IEC 7816 and Global Platform specifications). Now I want to know if there is any way to send an...
stackoverflow.com
August 22, 2025 at 11:48 AM
github.com/mnemonic-no/...
GitHub - mnemonic-no/ScapySMS: Complete SMS packet manipulation
Complete SMS packet manipulation. Contribute to mnemonic-no/ScapySMS development by creating an account on GitHub.
github.com
August 22, 2025 at 10:44 AM
RPC tutorial
clearbluejar.github.io/posts/from-n...
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overco...
clearbluejar.github.io
August 21, 2025 at 11:22 PM
github.com/Sleepw4lker/...
GitHub - Sleepw4lker/TameMyCerts: Policy Module for Microsoft Active Directory Certificate Services
Policy Module for Microsoft Active Directory Certificate Services - Sleepw4lker/TameMyCerts
github.com
August 19, 2025 at 8:44 AM
cicada-8.medium.com/impacket-dev...
Impacket Developer Guide. Part 1. RPC
Learn the basics of RPC, develop a client and server using C++
cicada-8.medium.com
August 19, 2025 at 8:40 AM
Good stuff!
campuscodi.risky.biz Catalin Cimpanu @campuscodi.risky.biz · Aug 18
-Academics pull off novel 5G downgrade attack
-Ransomware hits car recyclers across North America
-VPN apps share the same hardcoded password
-Bangladesh spent $190 million on surveillance tools
-Workday discloses breach

Podcast: risky.biz/RBNEWS466/
Newsletter: news.risky.biz/risky-bullet...
August 18, 2025 at 10:31 AM
So cool
www.midnightblue.nl/research/2te...
2 TETRA 2 BURST
Three device vulnerabilities in Gen 3 Sepura devices (such as the SC20 series) ranging from code execution to key exfil, requiring only brief physical access.
www.midnightblue.nl
August 12, 2025 at 10:33 AM
New baseband vulns
www.linkedin.com/posts/yongda...
* USING LLFUZZ TO EXPOSE CRITICAL VULNERABILITIES IN BASEBAND LOWER LAYERS * | Yongdae Kim
* USING LLFUZZ TO EXPOSE CRITICAL VULNERABILITIES IN BASEBAND LOWER LAYERS * - One malformed packet is enough to crash a smartphone -- To be presented at USENIX Security 2025 Baseband modems handle a...
www.linkedin.com
July 31, 2025 at 3:31 AM
Rehost your firmware
github.com/rehosting/pe...
GitHub - rehosting/penguin: PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehost...
PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehosting process - rehosting/p...
github.com
July 29, 2025 at 9:24 AM
This NTLM relay article node has edges to plenty of great article nodes
specterops.io/blog/2025/07...
Escaping the Confines of Port 445 - SpecterOps
NTLM relay attacks targeting SMB restrict lateral movement options to those that solely require port 445/TCP. Learn at least one method of overcoming this restriction to enable additional lateral move...
specterops.io
July 29, 2025 at 8:26 AM
New LPE
github.com/rtecCyberSec...
GitHub - rtecCyberSec/RAITrigger: Local SYSTEM auth trigger for relaying
Local SYSTEM auth trigger for relaying. Contribute to rtecCyberSec/RAITrigger development by creating an account on GitHub.
github.com
July 21, 2025 at 6:20 AM
specterops.io/blog/2025/07...
I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays - SpecterOps
Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by relaying a remote management point site system to the site database server.
specterops.io
July 19, 2025 at 8:42 AM
This is such a great upgrade, thx @specterops.io
specterops.io/blog/2025/07...
LudusHound: Raising BloodHound Attack Paths to Life - SpecterOps
LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing.
specterops.io
July 15, 2025 at 7:50 PM
Agree
laforge.gnumonks.org/blog/2025070...
Security Issues regarding GSMA eSIMs / eUICCs + Javacard
The independent security researcher Adam Gowdiak has published an extensive report on flaws he found in some eUICCs (the chips used to store eSIM profiles within the GSMA eSIM architecture). While th
laforge.gnumonks.org
July 14, 2025 at 9:06 AM