banner
LightNews
atomicchonk.bsky.social
Max Andreacchi
@atomicchonk.bsky.social
220 followers 360 following 39 posts
AdSim Consultant @ SpecterOps 👻 Corgi dad 🐶 Cat servant 🐱 Tattoo collector 🖼️ Runner 🏃🏻
Posts Media Videos Starter Packs
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · Sep 5
Spoiler alert: Your AI safety measures might have a blind spot. 👀

When attackers use conversation context to bypass LLM safeguards, single-prompt evals just don't cut it anymore.

Dive into @atomicchonk.bsky.social's latest blog on multi-prompt attack detection. ghst.ly/47qJhzn
This One Weird Trick: Multi-Prompt LLM Jailbreaks (Safeguards Hate It!) - SpecterOps
Using multiple prompts within the context of a conversation with an LLM can lead to safeguard bypasses. Learn about safeguards evaluations at scale.
ghst.ly
1 4
Reposted by Max Andreacchi
realjfairclough.bsky.social
I Post Animal Vids... 😊 @realjfairclough.bsky.social · Jul 14
WHAT YOU MEAN THROW HIM A DONUT?? DON'T YOU SEE HOW POLITE HE IS??!
540 3.4K 19K
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · Jun 20
Potato exploits have been a cornerstone of local priv esc on Windows for years, but how & why do the inner starchy workings of the potatoes function?

Join @atomicchonk.bsky.social next week to understand Windows access tokens & their use in the Windows environment. ghst.ly/june-web-bsky
2 4
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · Jun 5
Sorry, Italian four cheese and cheddar jack supreme. My mind was still recovering from the abomination
1
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · Jun 5
Idk if it’s the Cheez It crust itself for me, or if it’s the fact that someone thought a Cheez It crust and an Italian Supreme flavor were a good mix
1
Reposted by Max Andreacchi
xpnsec.com
XPN @xpnsec.com · Jun 3
New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06...
Tokenization Confusion - SpecterOps
Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.
specterops.io
1 5
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 29
You’re a real one, thank you 🙏🏼
1 1
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · May 29
It's potato harvest season! 🥔

Join our upcoming webinar w/ @atomicchonk.bsky.social as he breaks down the starchy workings of potato exploits — from Windows access tokens to technical walkthroughs of Rotten, Juicy, and Rogue potatoes.

Register at ghst.ly/june-web-bsky
1 5
Reposted by Max Andreacchi
jimsycurity.adminsdholder.com
Jim Sykora @jimsycurity.adminsdholder.com · May 27
Just wrapped up a blog post on understanding BadSuccesor from a DACL abuse aspect and mitigating it from a DACL abuse perspective.

Also added some PowerShell on my GitHub to create and remove the mitigations.
specterops.io
SpecterOps @specterops.io · May 27
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.

Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Understanding & Mitigating BadSuccessor - SpecterOps
Understanding the impact of the BadSuccessor AD attack primitive and mitigating the abuse via targeted Deny ACEs on Organizational Units.
ghst.ly
1 2 14
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · May 27
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.

Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Understanding & Mitigating BadSuccessor - SpecterOps
Understanding the impact of the BadSuccessor AD attack primitive and mitigating the abuse via targeted Deny ACEs on Organizational Units.
ghst.ly
9 16
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 24
If you haven’t read the BadSuccessor blog post, woo boy: www.akamai.com/blog/securit...
www.akamai.com
2
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 22
Ok I’ve been enlightened further; they don’t collide if you tweak the command just slightly :pain:
1
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 22
I’m convinced most learning happens when you’re doing what I call “smacking into something;” failing repeatedly, figuring out why it failed, and proceeding to the next step where you rinse and repeat until you achieve your ultimate objective. TIL: docker and podman dependencies collide.
a rainbow and a star with the words " make you know " on it
ALT: a rainbow and a star with the words " make you know " on it
media.tenor.com
1 1
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 21
Congratulations!
1
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 20
Beyond hyped to be presenting with @anam0x.bsky.social and the rest of my team at Arsenal at BHUSA 2025! app.ingo.me/q/0x9xn
Black Hat USA 2025
app.ingo.me
6
Reposted by Max Andreacchi
forensicitguy.bsky.social
Tony Lambert @forensicitguy.bsky.social · May 19
Do you miss "@cobaltstrikebot"? If so, here's a blog post showing how you can pull Cobalt Strike SpawnTo and watermark info with @shodanhq.bsky.social and some PowerShell: forensicitguy.github.io/squeezing-co...
Squeezing Cobalt Strike Threat Intelligence from Shodan
One of my favorite Twitter accounts from the last several years was @cobaltstrikebot, mainly because it was an awesome source of threat intelligence for Cobalt Strike beacons in the wild. The account ...
forensicitguy.github.io
6 11
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 18
It was an absolute pleasure to speak at @cackalackycon.bsky.social today and share my love of potatoes. Thank you to @specterops.io for fueling me to always go a layer deeper in learning and motivating me to chase my passions 🥔
1 2 7
Reposted by Max Andreacchi
cackalackycon.bsky.social
cackalackycon @cackalackycon.bsky.social · May 17
What do potatoes have to do with privilege escalation on Windows? Come find out at Max Andreacchi’s session, “Tater Tokens: Introduction to Windows Access Tokens and Their Role in PrivEsc” on May 18th!
1 2
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · May 12
Why do potato exploits work & how can we stop them?

Join @atomicchonk.bsky.social at @cackalackycon.bsky.social this weekend for a walkthrough of Windows access token manipulation and get the answer. ghst.ly/4jzjlnI
2 5
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 11
Immaculate Rick Roll placement
1 2
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 6
Great work getting it done!
1
atomicchonk.bsky.social
Max Andreacchi @atomicchonk.bsky.social · May 2
Always enjoy the views in Seattle! Spent excellent quality time with teammates and received amazing training. Now for a weekend of running and resting back home before new travels next week ✈️
1
Reposted by Max Andreacchi
specterops.io
SpecterOps @specterops.io · Apr 28
Don't let threat actors mash your Windows security! @atomicchonk.bsky.social’s @cackalackycon.bsky.social talk breaks down potato exploits from token mechanics to defensive implementations.

Learn more ➡️ ghst.ly/4jzjlnI
2 4
Reposted by Max Andreacchi
nccourage.com
North Carolina Courage @nccourage.com · Apr 27
NC BABYYY 💙
Fulltime Win Graphic: NC Courage 3-2 KC Current.
1 16 68