You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report https://www.securitum.com/public-reports/medical-company-en.pdf (point 002, page 15).

There is even more: for example, as a bonus, in point 001 there’s an interesting analysis concerning the incorrect configuration of PCR banks of the disk encryption process using LUKS.

[1] https://en.wikipedia.org/wiki/Cold_boot_attack

Mini Pen Test Diaries story, happened in the last couple of years. The debrief meeting went like this:

“In your report you said you we’re able to crack the domain admin account instantly because the password was stored using the LM hash?”

“That’s right, yes.”

“But we’ve had LM hashing disabled for like 15 years, that can’t be possible?!”

“When was the last time that password was changed?”

“Well it’s been the same since I got here, 20 years ago.”

“And what hashing mechanism do you think was used back then?”

“Oh no."

For more, less mini stories like this, check out https://infosecdiaries.com.

Arch is down (again). AskUbuntu is hotter than OnlyFans. Kali’s fresh ISO comes with 500 updates pre-installed. BlackArch is a museum of broken clones. BackBox vanished like a ghost.

Meanwhile, the few who actually know what they’re doing quietly grab BashCoreTX.

No drama, just domination.

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“DIY Azure Security Assessment" - with Teri Radichel
https://twp.ai/4ipUKe

A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom

https://github.com/praetorian-inc/turnt

CORSO "ACTIVE DIRECTORY PENETRATION TEST". APERTE LE PRE ISCRIZIONI E AVVIATA LA PROMO

OFFERTA ESCLUSIVA entro il 31 AGOSTO! -15% sul prezzo già scontato del corso (in quanto è la prima live class su questo argomento) a chi effettua la pre-iscrizione entro l 31 di Agosto!

Informazioni di dettagli del corso: Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765 https://www.redhotcyber.com/servizi/academy/live-class-active-directory-ethical-hacking/

Per info e iscrizioni scrivi a formazione@redhotcyber.com oppure su WhatsApp al 393791638765

Diventa un ethical hacker professionista ora! Non perdere tempo!

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“DIY Azure Security Assessment" - with Teri Radichel
https://twp.ai/4iodU5

Here's a new-to-me password spray tool that looks a hell of a lot more functional that Burp Intruder.

https://github.com/blacklanternsecurity/TREVORspray

A friend is looking for an ICS pentesting gig in the UK. He has lots of experience in maritime, power, water, gas OT & SCADA.

He's also excellent on internal inf / red team especially when there's an OT element to the org and you need a safe pair of hands.

If you have any leads please message me and I'll hook you up.

ParrotOS 6.4 is out now!

This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements

Upgrade via sudo parrot-upgrade or grab a fresh install from the official site

Click the link down below and read more on the changelog

https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes