jstnkndy's Avatar

jstnkndy

@jstnkndy

Infosec professional, beverage snob, and fantasy book consumer. Vice President @ Atredis Partners. Forever terrified of Kithicor.

2,000
Followers 416
Following 282
Posts 04.10.2023
Joined
Posts Following

Latest posts by jstnkndy @jstnkndy

I feel the same way about coffee (one of the reasons I have beverage snob in my bio). I'll usually scout out good coffee places when I'm booking travel and if I'm going somewhere I absolutely know won't have good coffee around, I have a hand grinder, beans, and an aeropress that I can travel with.

27.02.2026 18:28 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
proof-of-concept/cve-2025-36632 at main Β· atredispartners/proof-of-concept Proof of concepts and other snippets. Contribute to atredispartners/proof-of-concept development by creating an account on GitHub.

On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here github.com/atredispartn...

26.02.2026 18:43 πŸ‘ 3 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0

add in some protein powder and readjust some of the quantities there, and it sounds like my protein shake I make for lunch every day!

23.02.2026 15:26 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Another day, another audit of a vibe coded app with almost no security controls. πŸ«—

15.02.2026 20:23 πŸ‘ 8 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Gotta ask, where did he score that hoodie? I've been looking for some tailscale swag!

15.02.2026 03:44 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

😬

10.02.2026 17:45 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Atredis identified a vulnerability in the way Rapid7's Nexpose was generating passwords to protect its Java KeyStore which is used to encrypt saved credentials. This vulnerability was reported to Rapid7 and a patch is being rolled out today! Check out the details here: github.com/atredispartn...

09.02.2026 19:27 πŸ‘ 0 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

Oh hell yea

07.02.2026 16:05 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

That's dope! How comfortable is it?

07.02.2026 15:42 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Tanium is great enterprise c2.

28.01.2026 20:41 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
General Graboids: Worms and Remote Code Execution in Command & Conquer β€” Atredis Partners [this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We…

Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @districtcon.bsky.social Junkyard submission here:
www.atredis.com/blog/2026/1/...
By @droner.bsky.social and @jordan9001.bsky.social

#Security #modding #rce

28.01.2026 15:42 πŸ‘ 9 πŸ” 7 πŸ’¬ 0 πŸ“Œ 2

[RSS] When NAS Vendors Forget How TLS Works


www.interruptlabs.co.uk ->

#QNAP #Synology #Pwn2Own #NoCVE


Original->

28.01.2026 13:30 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

[RSS] Districton 1 Slides - Control the Variables and You Control the Code: Language-Level Vulnerabilities in Adobe ColdFusion


www.hoyahaxa.com ->


Original->

27.01.2026 08:10 πŸ‘ 0 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

Thank you @districtcon.bsky.social, it was a wonderful conference, and we're looking forward to next year! ❀️

26.01.2026 06:48 πŸ‘ 6 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...

23.01.2026 12:28 πŸ‘ 7 πŸ” 9 πŸ’¬ 0 πŸ“Œ 1

If it's helpful for anyone reading replies in this thread. I just got off the phone with the hotel, they are currently fully booked on Sunday night, though that is subject to change based on cancellations. If you're scheduled to checkout on Sunday and a flight gets cancelled, be prepared.

22.01.2026 19:22 πŸ‘ 5 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

DISTRICTCON IS STILL A GO! We are excited to see you all on Saturday, January 24 as we are still going through our normal programming!

While we are unable to process refunds, we are adding virtual components to Saturday AND Sunday including a livestream for public sessions for ticket holders.

22.01.2026 18:37 πŸ‘ 16 πŸ” 8 πŸ’¬ 2 πŸ“Œ 2

This weekends weather forecast is a good reminder:

Fuck ice

22.01.2026 16:35 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Him or Jackson, maaayybeeee Nix.

18.01.2026 00:13 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Can't Josh Allen just pass the ball to himself?

18.01.2026 00:09 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

love this as well

12.01.2026 20:41 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Blackhoodie at DistrictCon 2026 Why, hello! BlackHoodie is super excited to be partnering with DistrictCon in 2026, bringing a day of vulnerability hunting in binaries toWashington DC! Come join us for an exciting day of reverse eng...

We still have seats open for @blackhoodie.bsky.social at @districtcon.bsky.social on January 23rd in Washington DC! The class will be reverse engineering their way through an integer overflow bug in libpng πŸ€“
blackhoodie.re/DistrictCon2...

05.01.2026 17:15 πŸ‘ 7 πŸ” 8 πŸ’¬ 0 πŸ“Œ 0

πŸ«‚πŸ˜‚

09.01.2026 11:39 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

It's so sad that he thinks we don't have eyes and haven't seen the videos ourselves. She was not "trying to ram the officer."

Fun fact: when you are trying to ram an officer, you turn the wheels towards them, not away from them.

Extra fun fact: shooting someone trying to ram you doesn't stop them.

08.01.2026 19:02 πŸ‘ 23 πŸ” 3 πŸ’¬ 3 πŸ“Œ 0

Fuck ICE.

07.01.2026 22:59 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Any recommendations for exploit dev focused #CTF with an archive of challenges?

I'm looking for samples and interested in code comprehension, less interested in obfuscation/VMs.


Original->

07.01.2026 11:57 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

We have 2 student sweepstake tickets up for grabs to attend RE//verse 2026! These cover conference admission and meals. Travel and hotel are not included, so you must be able to travel to Florida. Ticket is non-transferrable. Email scholarship@re-verse.io by Jan 16th with the following:

06.01.2026 21:00 πŸ‘ 0 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Preview
Blind trust: what is hidden behind the process of creating your PDF file? Every day, thousands of web services generate PDF (Portable Document Format) filesβ€”bills, contracts, reports. This step is often treated as a technical routine, β€œjust convert the HTML,” but in practic...

Blind trust: what is hidden behind the process of creating your PDF file?

swarm.ptsecurity.com/blind-trust-...

#vulnerability #cve #exploitation #infosec

30.12.2025 02:22 πŸ‘ 8 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0

I had my worst season this year despite having the number one overall pick in the draft. I just barely made the playoffs but got knocked out in the first round. Best of luck to you!

28.12.2025 18:14 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

When the codebase you've been auditing for the past month is mature and secure by default.

17.12.2025 17:26 πŸ‘ 6 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0