We're very happy and excited to announce that we've closed the extra last-minute CFP for the #OffensiveOps Offensive Security Village, which Bourbon Offensive Security Services has sponsored and turned into reality! The village is accompanied by a #Lockpicking village - see more details below.

This TAKES PLACE on June 18th from 14.00-18.00 on top of the June 19th full day agenda!!

Talks:
1 - Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome - by Arnaud Perrot (aka "petitoto")

2 - Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities - by Simon Petitjean

3 - Targeting pentesters - by Charlie Bromberg (aka "Shutdown") & Mathieu Calemard du Gardin

4 - Unpacking Azure Initial Access Attack Techniques - by François-Jérôme Daniel & Patrick Mkhael

In parallel we host the “Physical Intrusion & hashtag
hashtag#Lockpicking Village” in the Atrium to permits to practice, learn and more ! by Nicolas Aunay (Joker2a)) and Nicolas B.!!

The village will be live during both days of the event

Get your ticket here: https://lnkd.in/edXc3ytn

If you’re into #pentesting, #redteam, #adversaryemulation, #physicalintrusion or you're a student, passionate, or just curious to explore why offense is mandatory for defense — you’ll feel right at home.

Let’s build something meaningful for the offensive security community in Luxembourg.

#BSidesLuxembourg2025
#OffensiveOps
#OffSec
#Cybersecurity
#infosec
#communitydriven

Review: Metasploit, 2nd Edition https://www.helpnetsecurity.com/2025/06/02/review-metasploit-2nd-edition/ #BinaryDefense #Metasploit #TrustedSec #Don'tmiss #Reviews #OffSec #Rapid7 #review #News #book

Microsoft Copilot for SharePoint just made recon a whole lot easier.   Read it here: www.pentestpartners.com/security-blo... #RedTeam #OffSec #AIsecurity #Microsoft365 #SharePoint #MicrosoftCopilot #InfoSec #CloudSecurity

Microsoft Copilot for SharePoint just made recon a whole lot easier.
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

Are you learning about #pentesting and #offsec ?
Join me on my #vlog where I document everything on this channel https://youtu.be/WsLn4_0C0a0?si=woPcXjJe3y6WANS_

You'll probably also learn something useful. Pentesting can be a lot of fun and a great career.

Feedback is welcome.

The #Offsec #OSCP song Try #Harder

https://youtu.be/t-bgRQfeW64

Cool research by my coworkers at IOActive: https://www.wired.com/story/digital-license-plate-jailbreak-hack/

Really happy with what I accomplished this year. Tackled the OSCP, OSWP, and finished my first HackTheBox Pro Lab Dante. Looking forward to what I accomplish in 2025. #ethicalhacking #HackTheBox #CyberSecurity #OffSec

Current status: Building a #FreeBSD 14-STABLE VM on the #Framework laptop specifically for offensive security research and development.

Hoping to finish work on a C2 framework that operates over the ptrace boundary.

What are some interesting files/directories to overwrite in an AWS Lambda execution environment?

I found an unsafe tarball extraction vulnerability in a customer's code, but I'm not the most familiar with AWS.

One example why to use strong #passwords for users who use file sharing over #SMB even when the file transfers are #encrypted.
If the SMB traffic is captured/eavesdropped, then the attacker can try to crack the user password.
The attacker is able to extract challenge/response values from the Session Setup and then use #passwordcracking tools such as #hashcat

If the attack is successful, the attacker will gain not only the access to the user account, but it is also possible to decrypt the captured SMB file transfers. There is lack of perfect forward secrecy in this encryption.

For more details and practical examples, see this blog post:

https://malwarelab.eu/posts/tryhackme-smb-decryption/

I'm doing a security code review of a service that uses Smithy ( https://smithy.io/2.0/quickstart.html ).

This is the first time I've come across Smithy. Does anyone know of any security issues of Smithy models/code that I should be aware of?

Overview of Linux persistence techniques

"The Art Of Linux Persistence"
https://hadess.io/the-art-of-linux-persistence/

Credits Amir Gholizadeh, Surya Dev Singh, Adhokshaj Mishra

The #Offsec #OSCP song Try #Harder

https://www.youtube.com/watch?v=t-bgRQfeW64

so, #offsec friends: i’m looking at an active credential harvesting website found from phishing emails and i wanna make sure i’m not missing anything. any suggestions on directory discovery tools that are possibly not too noisy? what are people’s thoughts on dirhunt?

Injecting a shared object anonymously over the ptrace boundary on #FreeBSD via libhijack now works!

https://github.com/SoldierX/libhijack/commit/18b4ad92c0e41e4b0711484b725646c3f04b51ba

First #BSDCan paper submitted. Working on some code to submit a second presentation.

I'm a bit skeptical that I'll have the code ready in time for the second one. But if I do, it will be something you won't want to miss. :-)

I'm not well-versed in the many intricacies of production memory controller hardware devices. For those memory controllers that support ECC RAM, do they usually provide a query interface granular enough to peek at cell parity data?

If so, would it at all make sense to use cell parity data as a communications side channel or out-of-band ephemeral storage?