Eric Capuano
@eric.zip
- Dad of two <3
- Co-founder Recon InfoSec
- SANS DFIR Instructor
- BlackHat Trainer
- IANS Faculty
- Trainer @digitaldefenseinstitute.com
- Blog: https://blog.ecapuano.com
- ⬑ ODESZA, Lane 8, Kasbo π§
- β€ @whit.zip
- Co-founder Recon InfoSec
- SANS DFIR Instructor
- BlackHat Trainer
- IANS Faculty
- Trainer @digitaldefenseinstitute.com
- Blog: https://blog.ecapuano.com
- ⬑ ODESZA, Lane 8, Kasbo π§
- β€ @whit.zip
This is why you always AirTag your luggage.
January 12, 2026 at 8:54 PM
This is why you always AirTag your luggage.
Reposted by Eric Capuano
the countdown was spectacular β¨
January 5, 2026 at 2:53 AM
the countdown was spectacular β¨
β€οΈππ
spent one of the best new years eve's to date in colorado πͺ©π«Άπ€
i love this man
i love this man
January 5, 2026 at 3:22 AM
β€οΈππ
Literally about to go to bed while 2 coding agents duke it out on a massive refactor.
It's either going to be perfect in the AM, or a disaster Β―\_(γ)_/Β―
It's either going to be perfect in the AM, or a disaster Β―\_(γ)_/Β―
a man in a suit and tie is standing in front of a bookshelf and says " yolo , man " .
ALT: a man in a suit and tie is standing in front of a bookshelf and says " yolo , man " .
media.tenor.com
December 30, 2025 at 8:34 AM
Literally about to go to bed while 2 coding agents duke it out on a massive refactor.
It's either going to be perfect in the AM, or a disaster Β―\_(γ)_/Β―
It's either going to be perfect in the AM, or a disaster Β―\_(γ)_/Β―
finally started using ralph-wiggum loops in claude code and I just unlocked the next level of GSD...
1. Do massive refactor
2. Have Codex review your work
3. Validate/Fix all findings
4. Have Codex validate fixes then find 10 new issues
5. Fix all findings
6. Repeat til Codex is happy
7. Goodnightπ
1. Do massive refactor
2. Have Codex review your work
3. Validate/Fix all findings
4. Have Codex validate fixes then find 10 new issues
5. Fix all findings
6. Repeat til Codex is happy
7. Goodnightπ
December 30, 2025 at 8:34 AM
finally started using ralph-wiggum loops in claude code and I just unlocked the next level of GSD...
1. Do massive refactor
2. Have Codex review your work
3. Validate/Fix all findings
4. Have Codex validate fixes then find 10 new issues
5. Fix all findings
6. Repeat til Codex is happy
7. Goodnightπ
1. Do massive refactor
2. Have Codex review your work
3. Validate/Fix all findings
4. Have Codex validate fixes then find 10 new issues
5. Fix all findings
6. Repeat til Codex is happy
7. Goodnightπ
What I saw in my head as I read that
three men are laughing in a car with movieclips.com written on the bottom right
ALT: three men are laughing in a car with movieclips.com written on the bottom right
media.tenor.com
December 30, 2025 at 3:49 AM
What I saw in my head as I read that
shhhh, don't say it too loudly or they'll get DOGE'd for DEI'ing too hard or something.
December 30, 2025 at 2:58 AM
shhhh, don't say it too loudly or they'll get DOGE'd for DEI'ing too hard or something.
that's a slippery slope to full-blown geocities
a screenshot of a website called dpgraph dynamic photorealistic 3d graphing software
ALT: a screenshot of a website called dpgraph dynamic photorealistic 3d graphing software
media.tenor.com
December 29, 2025 at 4:36 AM
that's a slippery slope to full-blown geocities
The first website ever published: info.cern.ch/hypertext/WW...
See it the way it was originally accessed (line-mode browser simulator): line-mode.cern.ch/www/hypertex...
See it the way it was originally accessed (line-mode browser simulator): line-mode.cern.ch/www/hypertex...
The World Wide Web project
info.cern.ch
December 29, 2025 at 4:27 AM
The first website ever published: info.cern.ch/hypertext/WW...
See it the way it was originally accessed (line-mode browser simulator): line-mode.cern.ch/www/hypertex...
See it the way it was originally accessed (line-mode browser simulator): line-mode.cern.ch/www/hypertex...
Reposted by Eric Capuano
Recommend patching MongoDB as soon as ye back in the office tomorrow as I know of two large orgs now with big incidents caused by this.
There's a ransomware/extortion group spraying the internet with mongobleed.py, to dump secrets.
There's a ransomware/extortion group spraying the internet with mongobleed.py, to dump secrets.
December 28, 2025 at 7:32 PM
Recommend patching MongoDB as soon as ye back in the office tomorrow as I know of two large orgs now with big incidents caused by this.
There's a ransomware/extortion group spraying the internet with mongobleed.py, to dump secrets.
There's a ransomware/extortion group spraying the internet with mongobleed.py, to dump secrets.
When the DOJ accidentally releases too many Epstein Files and used Adobe to redact
December 28, 2025 at 8:16 PM
When the DOJ accidentally releases too many Epstein Files and used Adobe to redact
December 28, 2025 at 8:10 PM
Reposted by Eric Capuano
patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Merry Christmas Day! Have a MongoDB security incident.
Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day.
doublepulsar.com
December 26, 2025 at 10:57 PM
patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Hunting MongoBleed (CVE-2025-14847)
Detecting CVE-2025-14847 Exploitation with Velociraptor
blog.ecapuano.com
December 27, 2025 at 3:42 AM
PR'ing some new KAPE Targets for my Windows friends shortly.
December 27, 2025 at 1:52 AM
PR'ing some new KAPE Targets for my Windows friends shortly.
Velociraptor is uniquely qualified for this since, from what I can tell, this attack pattern can only be gleaned from the MongoDB server logs that I am certain _nobody_ is shipping to their SIEM.
December 27, 2025 at 1:52 AM
Velociraptor is uniquely qualified for this since, from what I can tell, this attack pattern can only be gleaned from the MongoDB server logs that I am certain _nobody_ is shipping to their SIEM.
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025β14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Create Linux.Detection.CVE202514847.MongoBleed.yaml by ecapuano Β· Pull Request #1161 Β· Velocidex/velociraptor-docs
Add Linux.Detection.CVE202514847.MongoBleed Artifact
Summary
This artifact detects evidence of CVE-2025-14847 (MongoBleed) exploitation on MongoDB servers by analyzing connection patterns in MongoD...
github.com
December 27, 2025 at 1:52 AM
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025β14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Welp, couldn't just let this go unresolved.
Gifts incoming shortly for all my Velociraptor friends out there. #CVE-2025β14847
Gifts incoming shortly for all my Velociraptor friends out there. #CVE-2025β14847
December 27, 2025 at 1:15 AM
Welp, couldn't just let this go unresolved.
Gifts incoming shortly for all my Velociraptor friends out there. #CVE-2025β14847
Gifts incoming shortly for all my Velociraptor friends out there. #CVE-2025β14847
I especially love this part:
"Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day."
...followed by...
"The exploit author has provided no details on how to detect exploitation in logs via products like.. Elastic."
Love that for us.
"Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day."
...followed by...
"The exploit author has provided no details on how to detect exploitation in logs via products like.. Elastic."
Love that for us.
December 26, 2025 at 7:04 PM
I especially love this part:
"Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day."
...followed by...
"The exploit author has provided no details on how to detect exploitation in logs via products like.. Elastic."
Love that for us.
"Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day."
...followed by...
"The exploit author has provided no details on how to detect exploitation in logs via products like.. Elastic."
Love that for us.
Solid content (per usual) from @doublepulsar.com
Defenders might want to put eyes on this and scope for affected systems.
doublepulsar.com/merry-christ...
Defenders might want to put eyes on this and scope for affected systems.
doublepulsar.com/merry-christ...
Merry Christmas Day! Have a MongoDB security incident.
Somebody from Elastic Security decided to post an exploit for CVE-2025β14847 on Christmas Day.
doublepulsar.com
December 26, 2025 at 7:04 PM
Solid content (per usual) from @doublepulsar.com
Defenders might want to put eyes on this and scope for affected systems.
doublepulsar.com/merry-christ...
Defenders might want to put eyes on this and scope for affected systems.
doublepulsar.com/merry-christ...
9yo watching stranger things hears the word βpissedβ
She says, βThat word means two different things, like the dog pissed on the floor and dad is pissedβ
I had a giggle. Yes, kid, multiple meanings indeed.
She says, βThat word means two different things, like the dog pissed on the floor and dad is pissedβ
I had a giggle. Yes, kid, multiple meanings indeed.
December 26, 2025 at 1:31 AM
9yo watching stranger things hears the word βpissedβ
She says, βThat word means two different things, like the dog pissed on the floor and dad is pissedβ
I had a giggle. Yes, kid, multiple meanings indeed.
She says, βThat word means two different things, like the dog pissed on the floor and dad is pissedβ
I had a giggle. Yes, kid, multiple meanings indeed.
This year on Bluesky I wrote 165 posts and 138 replies.
Apparently I talk to @whit.zip from time to time
www.madebyolof.com/bluesky-wrap...
Apparently I talk to @whit.zip from time to time
www.madebyolof.com/bluesky-wrap...
www.madebyolof.com
December 24, 2025 at 9:45 PM
This year on Bluesky I wrote 165 posts and 138 replies.
Apparently I talk to @whit.zip from time to time
www.madebyolof.com/bluesky-wrap...
Apparently I talk to @whit.zip from time to time
www.madebyolof.com/bluesky-wrap...
Unrelated note: Never hack a bank across state lines and never torrent from your home IP address
(not an endorsement of piracy)
(not an endorsement of piracy)
December 23, 2025 at 6:00 PM
Unrelated note: Never hack a bank across state lines and never torrent from your home IP address
(not an endorsement of piracy)
(not an endorsement of piracy)