Leo
@leonvqz.com
Just a random guy in the internet that does ethical hacking for a living.
You can call me Leo
Red Team Lead
Volunteer @RaicesCyberOrg
Faculty @taggartinstitute.org
whoami.leonvqz.com
You can call me Leo
Red Team Lead
Volunteer @RaicesCyberOrg
Faculty @taggartinstitute.org
whoami.leonvqz.com
On my way over to HackSpaceCon! Where I'll be speaking on how to defend ADCS, a service I often exploit in a daily basis!
Let me know if you'll be there!
Agenda: www.hackspacecon.com#/agenda?day=...
#HackSpaceCon #HSC2025 #HackSpaceCon2025
Let me know if you'll be there!
Agenda: www.hackspacecon.com#/agenda?day=...
#HackSpaceCon #HSC2025 #HackSpaceCon2025
May 12, 2025 at 9:59 AM
On my way over to HackSpaceCon! Where I'll be speaking on how to defend ADCS, a service I often exploit in a daily basis!
Let me know if you'll be there!
Agenda: www.hackspacecon.com#/agenda?day=...
#HackSpaceCon #HSC2025 #HackSpaceCon2025
Let me know if you'll be there!
Agenda: www.hackspacecon.com#/agenda?day=...
#HackSpaceCon #HSC2025 #HackSpaceCon2025
Reposted by Leo
So regarding this behavior: I've confirmed it, and there's more detail than is in the story. Let's go.
arstechnica.com/security/202...
arstechnica.com/security/202...
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
Researchers say the behavior amounts to a persistent backdoor.
arstechnica.com
May 1, 2025 at 5:03 AM
So regarding this behavior: I've confirmed it, and there's more detail than is in the story. Let's go.
arstechnica.com/security/202...
arstechnica.com/security/202...
Reposted by Leo
You feel it too, right? We're making a direct connection?
Even if you're not joining our Valentine Private Network, we've brought enough for the whole class ❤️
Even if you're not joining our Valentine Private Network, we've brought enough for the whole class ❤️
February 14, 2025 at 3:14 PM
You feel it too, right? We're making a direct connection?
Even if you're not joining our Valentine Private Network, we've brought enough for the whole class ❤️
Even if you're not joining our Valentine Private Network, we've brought enough for the whole class ❤️
Reposted by Leo
Anyone want to hire a threat analyst/security researcher? Haven't been having any luck with the places I've applied to and I'm just past the halfway point of my available unemployment.
aneilan.github.io/resume
aneilan.github.io/resume
Alan Neilan
aneilan.github.io
February 15, 2025 at 1:49 AM
Anyone want to hire a threat analyst/security researcher? Haven't been having any luck with the places I've applied to and I'm just past the halfway point of my available unemployment.
aneilan.github.io/resume
aneilan.github.io/resume
Reposted by Leo
GAHHH I'm *no* in-the-street activist ^
Bsky help fight the regime by giving us an edit button.
Bsky help fight the regime by giving us an edit button.
February 3, 2025 at 4:21 PM
GAHHH I'm *no* in-the-street activist ^
Bsky help fight the regime by giving us an edit button.
Bsky help fight the regime by giving us an edit button.
At the airport making my way to Denver!
#wildwesthackingfestdenver
#wildwesthackingfestmilehigh
@wildwesthackinfest.bsky.social
#wildwesthackingfestdenver
#wildwesthackingfestmilehigh
@wildwesthackinfest.bsky.social
February 3, 2025 at 9:44 AM
At the airport making my way to Denver!
#wildwesthackingfestdenver
#wildwesthackingfestmilehigh
@wildwesthackinfest.bsky.social
#wildwesthackingfestdenver
#wildwesthackingfestmilehigh
@wildwesthackinfest.bsky.social
Hi Friends! I accidentally took another break from Social Media 🤣
But I'm back to announce that I'm going to @wildwesthackinfest.bsky.social at Denver! Let me know if you'll be there too!
I'm looking forward to it!
@antisyphontraining.bsky.social @bhinfosecurity.bsky.social
But I'm back to announce that I'm going to @wildwesthackinfest.bsky.social at Denver! Let me know if you'll be there too!
I'm looking forward to it!
@antisyphontraining.bsky.social @bhinfosecurity.bsky.social
a black and white drawing of a person 's head with a blurred face and eyes .
ALT: a black and white drawing of a person 's head with a blurred face and eyes .
media.tenor.com
February 2, 2025 at 12:22 AM
Hi Friends! I accidentally took another break from Social Media 🤣
But I'm back to announce that I'm going to @wildwesthackinfest.bsky.social at Denver! Let me know if you'll be there too!
I'm looking forward to it!
@antisyphontraining.bsky.social @bhinfosecurity.bsky.social
But I'm back to announce that I'm going to @wildwesthackinfest.bsky.social at Denver! Let me know if you'll be there too!
I'm looking forward to it!
@antisyphontraining.bsky.social @bhinfosecurity.bsky.social
Reposted by Leo
i want to spend a stupid amount of money on cute/cool things. drop yr favorite small businesses/artists pls 🙏🏼🌱
January 28, 2025 at 1:52 AM
i want to spend a stupid amount of money on cute/cool things. drop yr favorite small businesses/artists pls 🙏🏼🌱
Reposted by Leo
The entire tech industry right now
January 25, 2025 at 4:30 PM
The entire tech industry right now
Not exactly a flower, but this is a picture I took in 2017 with a Moto G Play and it turned out so good that I still have this photo.
Hope you're proud of the 2017 leo @hardwaterhacker.bsky.social
Hope you're proud of the 2017 leo @hardwaterhacker.bsky.social
January 26, 2025 at 12:59 PM
Not exactly a flower, but this is a picture I took in 2017 with a Moto G Play and it turned out so good that I still have this photo.
Hope you're proud of the 2017 leo @hardwaterhacker.bsky.social
Hope you're proud of the 2017 leo @hardwaterhacker.bsky.social
Reposted by Leo
Reposted by Leo
Red Teamers: do NOT neglect SNMP like sysadmins usually do! SO many networks have granted me very quick wins through SNMP enumeration, which can be done with Metasploit, snmpwalk, and onesixtyone:
Enum Windows accounts (spray?):
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25
#hacking #redteam
Enum Windows accounts (spray?):
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25
#hacking #redteam
January 24, 2025 at 5:33 PM
Reposted by Leo
Want to help Tailscale build the future of networking? We're hiring on multiple teams right now.
Careers at Tailscale · Tailscale
When the Internet began, people thought connecting everyone together, sharing information freely, and injecting a healthy dose of anarchism would lead to a strong, healthy society. Not really how it…
tailscale.com
January 24, 2025 at 6:00 PM
Want to help Tailscale build the future of networking? We're hiring on multiple teams right now.
Reposted by Leo
SOON 🥹
and there's still time to register if you're interested 🤓🦖👇
and there's still time to register if you're interested 🤓🦖👇
Ready to take your threat hunting & IR game to the next level? Join us this February at WWHF Mile High for Threat Hunting & Incident Response with Velociraptor!
🖥️ Hands-on labs with cloud VMs
👨🏫 Expert-led by @eric.zip & @whit.zip
🎯 Real-world hunting skills
🖥️ Hands-on labs with cloud VMs
👨🏫 Expert-led by @eric.zip & @whit.zip
🎯 Real-world hunting skills
Threat Hunting & Incident Response with Velociraptor with Eric Capuano & Whitney Champion - Antisyphon Training
This in-depth, hands-on course is designed to unlock the full potential of Velociraptor, transforming it from a useful tool into an indispensable part of your cybersecurity arsenal.
buff.ly
January 22, 2025 at 6:57 PM
SOON 🥹
and there's still time to register if you're interested 🤓🦖👇
and there's still time to register if you're interested 🤓🦖👇
Reposted by Leo
Seriously, watch this - it is hilarious.
January 23, 2025 at 2:31 PM
Seriously, watch this - it is hilarious.
Reposted by Leo
Idle thought upon reflecting on the week's tragedy.
A community can only claim that title if its members join together in both celebration and tragedy. A true community lightens burdens and amplifies joy. It feeds and heals each other.
I feel like the term has been diluted from that meaning.
A community can only claim that title if its members join together in both celebration and tragedy. A true community lightens burdens and amplifies joy. It feeds and heals each other.
I feel like the term has been diluted from that meaning.
January 18, 2025 at 5:01 AM
Idle thought upon reflecting on the week's tragedy.
A community can only claim that title if its members join together in both celebration and tragedy. A true community lightens burdens and amplifies joy. It feeds and heals each other.
I feel like the term has been diluted from that meaning.
A community can only claim that title if its members join together in both celebration and tragedy. A true community lightens burdens and amplifies joy. It feeds and heals each other.
I feel like the term has been diluted from that meaning.
Reposted by Leo
Tell you a secret about red team #cybersecurity work:
Almost everyone wants to pretend to be a red teamer; almost nobody had the willingness to put in the real work to become one.
Almost everyone wants to pretend to be a red teamer; almost nobody had the willingness to put in the real work to become one.
December 7, 2024 at 7:56 PM
Tell you a secret about red team #cybersecurity work:
Almost everyone wants to pretend to be a red teamer; almost nobody had the willingness to put in the real work to become one.
Almost everyone wants to pretend to be a red teamer; almost nobody had the willingness to put in the real work to become one.
Reposted by Leo
In 2025 (less than 30 days away), PayPal will start selling your transaction history for targeted advertising.
I very highly recommend logging into your account and going to Settings > Data & Privacy > Personalized Shopping.
If you're reading this, turn that off RIGHT NOW before you forget.
I very highly recommend logging into your account and going to Settings > Data & Privacy > Personalized Shopping.
If you're reading this, turn that off RIGHT NOW before you forget.
December 5, 2024 at 9:12 PM
In 2025 (less than 30 days away), PayPal will start selling your transaction history for targeted advertising.
I very highly recommend logging into your account and going to Settings > Data & Privacy > Personalized Shopping.
If you're reading this, turn that off RIGHT NOW before you forget.
I very highly recommend logging into your account and going to Settings > Data & Privacy > Personalized Shopping.
If you're reading this, turn that off RIGHT NOW before you forget.
Reposted by Leo
My team is #hiring again! Looking for a Senior Security Engineer, someone who can help build and expand our cybersecurity infrastructure. Remote US position with preference given to Mountain or Pacific timezones.
Requisition: R0029705 #infosecjobs
epiqsystems.wd5.myworkdayjobs.com/en-US/Epiq_C...
Requisition: R0029705 #infosecjobs
epiqsystems.wd5.myworkdayjobs.com/en-US/Epiq_C...
Sr. Cyber Security Engineer
It's fun to work at a company where people truly believe in what they are doing! Job Description: POSITION SUMMARY This position contributes to Epiq’s success through the design, development, deployme...
epiqsystems.wd5.myworkdayjobs.com
December 6, 2024 at 6:39 PM
My team is #hiring again! Looking for a Senior Security Engineer, someone who can help build and expand our cybersecurity infrastructure. Remote US position with preference given to Mountain or Pacific timezones.
Requisition: R0029705 #infosecjobs
epiqsystems.wd5.myworkdayjobs.com/en-US/Epiq_C...
Requisition: R0029705 #infosecjobs
epiqsystems.wd5.myworkdayjobs.com/en-US/Epiq_C...
Another day, another problem solutioned by @tailscale.com
its great how you can auto-tag machines if they use a specific auth-key.
its great how you can auto-tag machines if they use a specific auth-key.
December 5, 2024 at 8:36 PM
Another day, another problem solutioned by @tailscale.com
its great how you can auto-tag machines if they use a specific auth-key.
its great how you can auto-tag machines if they use a specific auth-key.
Reposted by Leo
I was preparing to pitch an op-ed on the nationwide protests calling for President Yoon's resignation, aiming to provide global context amid the limited international coverage.
Given the urgency, I’m sharing it now. I didn’t expect events to escalate this quickly. #SouthKorea #Democracy
Given the urgency, I’m sharing it now. I didn’t expect events to escalate this quickly. #SouthKorea #Democracy
South Korea Is Fighting for Democracy Again—And the World Needs to Know
Last updated December 3, 10:09 AM South Korea Is Fighting for Democracy Again—And the World Needs to Know Heesoo Jang Assistant Professor of Media Law and Ethics Journalism Department, University of...
docs.google.com
December 3, 2024 at 3:11 PM
I was preparing to pitch an op-ed on the nationwide protests calling for President Yoon's resignation, aiming to provide global context amid the limited international coverage.
Given the urgency, I’m sharing it now. I didn’t expect events to escalate this quickly. #SouthKorea #Democracy
Given the urgency, I’m sharing it now. I didn’t expect events to escalate this quickly. #SouthKorea #Democracy
Reposted by Leo
There's always been a lot of disagreement over whether the OSCP exam is "entry level" for pentesting specifically.
If you fall on the "it's not entry level" side, I'm interested in which parts of the exam you would *not* expect a junior pentester to be capable of doing.
If you fall on the "it's not entry level" side, I'm interested in which parts of the exam you would *not* expect a junior pentester to be capable of doing.
December 3, 2024 at 4:30 AM
There's always been a lot of disagreement over whether the OSCP exam is "entry level" for pentesting specifically.
If you fall on the "it's not entry level" side, I'm interested in which parts of the exam you would *not* expect a junior pentester to be capable of doing.
If you fall on the "it's not entry level" side, I'm interested in which parts of the exam you would *not* expect a junior pentester to be capable of doing.
tailscale.com/blog/infra-t...
Awesome article by @tailscale.com team. It shows the good stuff that can happen if you take product design security and scalability from the get go. Kudos to the team, and I think at this point I should call myself a fanboy xD
I didn't know about setec. That's awesome
Awesome article by @tailscale.com team. It shows the good stuff that can happen if you take product design security and scalability from the get go. Kudos to the team, and I think at this point I should call myself a fanboy xD
I didn't know about setec. That's awesome
How Tailscale's infrastructure team stays small
Tailscale’s secure, simplified networking solution helps DevOps teams eliminate infrastructure headaches. Learn how our infra team of just three engineers uses Tailscale to handle networking, secrets,...
tailscale.com
December 2, 2024 at 1:07 PM
tailscale.com/blog/infra-t...
Awesome article by @tailscale.com team. It shows the good stuff that can happen if you take product design security and scalability from the get go. Kudos to the team, and I think at this point I should call myself a fanboy xD
I didn't know about setec. That's awesome
Awesome article by @tailscale.com team. It shows the good stuff that can happen if you take product design security and scalability from the get go. Kudos to the team, and I think at this point I should call myself a fanboy xD
I didn't know about setec. That's awesome
Reposted by Leo
Still going on! $10 for a comprehensive guide to getting your lab up and running.
Thinking about some new server hardware? Get it up and running with the best homelab guide around! "The Homelab Almanac" is 50% off through Cyber Monday with code HOLIDAYHOMELAB.
taggartinstitute.org/p/the-homela...
taggartinstitute.org/p/the-homela...
The Taggart Institute: Master Your Craft
The Taggart Institute exists to provide low-cost, high-quality technology training to everyone in a welcoming, supportive community.
taggartinstitute.org
November 30, 2024 at 4:57 PM
Still going on! $10 for a comprehensive guide to getting your lab up and running.
Reposted by Leo
There’s a popular Linux privilege escalation script (linpeas) that’s had a copycat create nefarious linpeas[.]sh.
Linpeas (a great tool) has 0 association with linpeas[.]sh (bad)
To all pentesters and cybersecurity folks who run tools and scripts as part of their job, be careful
Know your tools!
Linpeas (a great tool) has 0 association with linpeas[.]sh (bad)
To all pentesters and cybersecurity folks who run tools and scripts as part of their job, be careful
Know your tools!
November 28, 2024 at 2:42 PM
There’s a popular Linux privilege escalation script (linpeas) that’s had a copycat create nefarious linpeas[.]sh.
Linpeas (a great tool) has 0 association with linpeas[.]sh (bad)
To all pentesters and cybersecurity folks who run tools and scripts as part of their job, be careful
Know your tools!
Linpeas (a great tool) has 0 association with linpeas[.]sh (bad)
To all pentesters and cybersecurity folks who run tools and scripts as part of their job, be careful
Know your tools!