↑↑↓↓←→←→BA @5ynth3t1c
Joined June 2009-
Tweets1K
-
Followers148
-
Following2K
-
Likes2K
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
How @Mandiant's groundbreaking APT 1 report, which exposed China's PLA hackers, came to be. I spoke with the architect of the 2013 report, @invisig0th, about the backstory behind the report, how they chose what to expose and the gov's surprising response zetter-zeroday.com/how-the-infamo…
𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗘𝘅𝗽𝗼𝘀𝗲𝗱 𝗠𝗖𝗣 𝗦𝗲𝗿𝘃𝗲𝗿 🤖 🚨 Trend Micro found 492 MCP servers exposed online—no auth, no encryption. These act as backdoors to sensitive data like cloud resources, customer info & internal tools. 🔓 90% allow direct read access via natural…
Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? @Icemoonhsv breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication. ghst.ly/45h2Zw3
EDR vendors secure their sales pipelines but neglect monitoring GitHub for exposed installer tokens -leaving customers vulnerable to abuse and over-licensing. Adversaries likely exploit these tokens to build sandboxes for payload testing. Here are search patterns to help…
Zero-Click Agentic AI Exfiltration. I’m glad I can finally share some of the work our team has done. straiker.ai/blog/the-silen…
Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls github.com/MatheuZSecurit…
hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…
New blog! Here's our case study on using LLMs for accelerating offensive R&D. Our post details how we used Large Language Models to identify and exploit trapped COM objects. Next week at BlackHat we'll drop even hotter stuff on offensive AI research. 🔥 outflank.nl/blog/2025/07/2…
From Zero to 0-day. Introduction to Fuzzing blog.78researchlab.com/23adb461-3e5b-…
As promised, our #SharePoint adventure with CVE-2025-53770 and CVE-2025-53771, including payloads and vulnerability checker! blog.leakix.net/2025/07/using-…
Made some changes to SoaPy to allow ADWS recon to be ingested into @Tw1sm 's BOFHound offline for upload to BloodHound. A blog detailing an operational perspective of ADWS collection from Linux with BloodHound is coming soon. For now, the changes are here: github.com/logangoins/Soa…
That is actually the real exploit. I went through all the decoding and stuff. It finally is the payload that creates spinstall0.aspx which then gets you the machine keys that allow you to craft your own Viewstates.
That is actually the real exploit. I went through all the decoding and stuff. It finally is the payload that creates spinstall0.aspx which then gets you the machine keys that allow you to craft your own Viewstates. https://t.co/9SjaPAlurx
My latest blog post just dropped! This time it's about Entra 🆔 "High-Profile Cloud Privesc" revisits an old PowerShell trick to pivot from cloud to endpoint - or how to elevate to Global Admin from 'OneDrive Admin'-equivalent permissions labs.reversec.com/posts/2025/07/…
SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU
If you want to know how to bring your own IDP in Entra, and abuse OIDC protocols for persistence, my x33fcon talk is now on YouTube 😀
If you want to know how to bring your own IDP in Entra, and abuse OIDC protocols for persistence, my x33fcon talk is now on YouTube 😀
🚨 Hackers can hijack your car over Bluetooth. New “PerfektBlue” flaws let attackers run remote code on Mercedes, VW & Skoda—just by pairing. They can track location, record audio, and even reach engine controls. Full story → thehackernews.com/2025/07/perfek…
VEH² technique to bypass ETW-based detection. Hardware breakpoints abuse can be detected with Microsoft-Windows-Kernel-Audit-API-Calls provider by looking into NtSetContextThread() calls. VEH² uses two vector exception handlers to change the thread's context without calling…
Pretty cool! If you use the tool with a public client and scope from entrascopes.com you can add this to roadtx interactiveauth with the -url parameter to catch the resulting token 😀
Pretty cool! If you use the tool with a public client and scope from entrascopes.com you can add this to roadtx interactiveauth with the -url parameter to catch the resulting token 😀
Initial Access Attack in Azure - Understanding and Executing the Illicit Consent Grant Attack in 2025 alteredsecurity.com/post/initial-a…
ECk3HEd9jUn @Ck3Un71379
0 Followers 117 Following
Searteter @SearteterVzA
131 Followers 2K Following
Titoonaysh @titoonaysh92275
9 Followers 932 Following Follow me, maybe it's the beginning of our fate, we can talk
werdhaihai @werdhaihai
522 Followers 484 Following Adversary Simulation Consultant @SpecterOps https://t.co/pztdK7udq3
HCLSoftware @HCLSoftware
39K Followers 16K Following We develop, market, sell, and support software for AI and Automation, Data, Analytics and Insights, Digital Transformation, and Enterprise Security.
Steve Ragan ⚠️ @SteveD3
15K Followers 3K Following Father. Grandpa. Geek. Hacker. Former journalist. Security researcher. CMO @BSidesLV. Member: @CuratedIntel | BOD @CircleCityCon (RIP). | Tweets are my own.
Blue Team News @blueteamsec1
53K Followers 9K Following The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
Valander Cybersecurit... @ValanderC
29 Followers 155 Following Veteran-owned consortium, Cybersecurity, IT Together let's build a culture of security
Raul • 𝖙𝖍𝖊... @theg3ntl3m4n
1K Followers 652 Following Lead Red Team @beyondtrust | Ex-Red Team @mandiant @crowdstrike
SkyNet Tools @SkyNetTools
7K Followers 5K Following Providing the Latest #Infosec #News, #Tools, and #Exploits #BugBounty
Alyssa (she/her) @ramen0x3f
3K Followers 573 Following @ramen0x3f.bsky.social Senior Threat Researcher and Pun Aficionado @Microsoft Former research+red team+hand drawn memes @Mandiant
writh @_writh
1K Followers 2K Following opsec brute squad 🏴Manducamus libenter illos qui nos dominent.
Sajad Parra 🇵🇸 @ParraSajad
958 Followers 803 Following
Lex One & Third World... @IAmWizardSleeve
105K Followers 120K Following The duo formerly known as Wizard Sleeve(@lexonegtps & @thirdworlddon) back at it with both solo and group music.
Pawel Rzepa @Rzepsky
1K Followers 683 Following Yet another sec guy, particularly interested in cloud security 🌩️ AWS Authorized Instructor at @awscloud Lead Ethical Hacker at @SoftServeInc
Pat McCoy @therealpatmccoy
55 Followers 258 Following Husband, Infosec Professional, Breaker of Things, Sci-fi addict, Traveler, Fisherman
L4mer @L4merS3C
115 Followers 329 Following Im so L4me, but you are lamer. Christian, Metal Music Lover, Computer Security G33k and BJJ lover
Rey Bango 🇺🇦�... @reybango
23K Followers 6K Following Advocate for AI & Security | I hack into things sometimes. Opinions are mine. Fortis fortuna adiuvat. It's a good time to cause a little chaos.
Binary Defense @Binary_Defense
13K Followers 493 Following We're determined to make the world a safer place through our-industry recognized managed security services. Founded by @HackingDave|Sister company @TrustedSec
David das Neves @david_das_neves
7K Followers 3K Following CEO @shiftavenue 👔 82k 👨👩👧👦 topics: 💻🛡️🌩️
Dillon Townsel @DilTown
18K Followers 16K Following Dad (and soccer coach) of twin 7 yr old boys, @Army vet, techie, talker.
BlackBerry Cybersecur... @BlackBerrySpark
22K Followers 7K Following AI-Driven Cybersecurity that Works Smarter, Not Harder
1337LIT @1337LIT
2 Followers 151 Following
BenderSec @BenderSec
213 Followers 729 Following @_aaronsdad IRL. Saving you from my baseball and football rants. USMC vet. GCIH. Tweets/views = my own. #blueteam
Jim Nitterauer 🇺�... @JNitterauer
9K Followers 9K Following Husband, Dad, Director of Information Security @graylog2. InfoSec enthusiast. CISSP, CISM, Speaker. Ethical Hacker. @BSidesLV Staff @ITENWired Guitarist
James Hooker @g0blinResearch
6K Followers 2K Following Developer, turned security advocate - OSCP, BRDY, GNGR. Co-founder of @hackthebox_eu. My thoughts are my own.![[ C|EH - Penetration Testing - Developer - Tools - Metasploit - WiFi - web application - Linux ]#تكنولوجيا #اختبار_اختراق #Metasploitable #نصائح_تقنية #PenTesti](https://pbs.twimg.com/profile_images/768868544406839296/mYXrbC_G.jpg)
أمن المعلوم... @AlmasterKsa
40K Followers 13K Following [ C|EH - Penetration Testing - Developer - Tools - Metasploit - WiFi - web application - Linux ]#تكنولوجيا #اختبار_اختراق #Metasploitable #نصائح_تقنية #PenTesti
Cyberweiser @cyberweiser
226 Followers 2K Following Because @infosecweiser sounds dumb. Don't hate on my use of the word cyber. #CISO #infosec #blueteam
ᴇʟ ᴇxᴄᴏʀᴄ... @hax0rcist
519 Followers 5K Following bad security is (not) a joke. nothing is unhackable. retweets infosec shitposts for therapeutic purposes only. opinions belongs to exterminated demons. ☠️
Jet Stream @Jet_Stream_On
271 Followers 2K Following JetStream is a digital commerce automation technology that powers the needs of brands and retailers across multiple global sales channels.
mattrix @mattrix_
3K Followers 3K Following DJ, Defcon SOC Goon, Toorcon Sr. Staff, Information Security Pro by trade. (Hacker, Fine Dining, Travel, Adventurer and INTJ) Disclaimer: Twitter Posts my own.
Stefan Friedli @stfn42
6K Followers 670 Following Running the Red Team at @Google, PTES author, Area41 organizer. Opinions are my own. Tweets auto-expire. (He/Him)
Kate Brew @securitybrew
28K Followers 16K Following Mom, Moderate common sense engineer #owasp #lasconatx @GeorgiaTech alum. Funemployed. No one knows what I’m up to.
SECUR1TY.com @SECUR1TYcom
920 Followers 2K Following Hire Top Security and IT Experts On-Demand. Join thousands of companies already using our expert network.
Robert Allsopp @robert76131
277 Followers 2K Following New entrepreneur looking to make my way in the world whilst helping others to succeed in their goals.
john pearce #cyber & ... @techpearce3
13K Followers 13K Following #cyber & #technology #news @techpearce @techpearce2 @techpearce4 @JohnNews2u @johnpearcenews5 #cybersecurity & #privacy #updates
TW-Mastering.Mixing @TWMastering
44K Followers 46K Following Trackwriterz Studio #Mixing #Mastering 4 Album, Mixtape,EP, Vocals, Beats, Hooks/Full Writing.10+ Yr. Engineers Major Label Sound! 678-318-1911
Fair IT @FairIT_
93 Followers 608 Following Fair IT are a leading IT Support and services provider based in #Essex. https://t.co/PvfW7AUPmE
Tnice @t3b0g025
229 Followers 5K Following
OCD Tech @TheOCDTech
420 Followers 817 Following Helping our clients with IT Security Advisory & Assurance services. (SOC2, pen testing, regulatory compliance, etc)
Aurélien Chalot @Defte_
4K Followers 460 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥
Marat Nigmatullin @_mnigma_
97 Followers 129 Following Hacking & Researching @falconforceteam | Ex-Unit 42
BSidesNoVA @BSides_NoVA
5K Followers 2K Following Official TwitterX site of BSides NoVA - Northern Virginia's premier cybersecurity conference in the @securitybsides tradition. October 10-11, 2025. TIX SEP 5!
Coffin @coffinxp7
25K Followers 206 Following 🕵🏻♂️| ꜱᴇᴄᴜʀɪᴛʏ ʀᴇꜱᴇᴀʀᴄʜᴇʀ | ᴄᴏɴᴛᴇɴᴛ ᴄʀᴇᴀᴛᴏʀ | ᴡʀɪᴛᴇᴜᴘꜱ: https://t.co/xRCKfLzQG7 |ᴡᴇʙꜱɪᴛᴇ: https://t.co/pjFfqTxbZO | ᴄᴏᴍᴍᴜɴɪᴛʏ: https://t.co/5p05U7h0BM
The DFIR Report @TheDFIRReport
62K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2w
Unit 42 @Unit42_Intel
64K Followers 82 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Leo Tsaousis @LAripping
564 Followers 654 Following Senior Security Consultant @ Reversec (fka @withconsulting). Talks mostly about security. As Rino put it, sometimes maybe good sometimes maybe shit
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Gi7w0rm @Gi7w0rm
18K Followers 801 Following Threat Intelligence Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Smukx.E @5mukx
16K Followers 227 Following Malware Researcher & Red Teamer | 0..=n Day 🔬 at 🌒 | 0x15 Y/o
klez @KlezVirus
8K Followers 708 Following Independent Cyber Security Researcher - Opinions are my own
Ashcon Mohseninia (RA... @rndashm
5K Followers 120 Following 🇮🇷/🇬🇧 Car hacker | Rust Programmer | Youtuber https://t.co/IJ9x35NcJq
Matt Creel @Tw1sm
1K Followers 238 Following Adversary Simulation @ SpecterOps | OSCP | CRTO | https://t.co/LfiIqD4M4l
Le Castle Vania @LeCastleVania
22K Followers 916 Following Electronic music producer and composer for films and games. Credits: John Wick film series, Firewall Zero Hour, Payday 2, Solaris Offworld Combat.
Graham Helton (too mu... @GrahamHelton3
11K Followers 601 Following senior red team engineer @snowflake | former grocery store bagger He/him :wq!
Orange Cyberdefense's... @sensepost
9K Followers 321 Following Work like hell, Share all you know, Abide by your handshake, Have fun. - Dan Geer
OtterHacker @OtterHacker
7K Followers 77 Following Professional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI
LuemmelSec @theluemmel
8K Followers 565 Following I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBn
SinSinology @SinSinology
12K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
LaurieWired @lauriewired
106K Followers 285 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Darknet Diaries @DarknetDiaries
124K Followers 1 Following True stories from the dark side of the Internet. Host @jackrhysider. New episodes released on the first Tuesday of each month. Discord: https://t.co/bZZRR8C59R
Hunter @HunterMapping
23K Followers 184 Following Internet search engine for security researchers Contact Us: [email protected]
Synacktiv @Synacktiv
20K Followers 271 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
Nick Powers @zyn3rgy
2K Followers 228 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
watchTowr @watchtowrcyber
9K Followers 14 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Jacob Paullus @psycep_
101 Followers 48 Following @Mandiant Red Teamer / Something something views are my own
freefirex @freefirex2
2K Followers 152 Following Research Practice Lead @Trustedsec gamer and nature enthusiast
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Dark Web Informer @DarkWebInformer
132K Followers 57 Following Providing intel from the Dark Web & Clearnet: Breaches, Ransomware, Darknet Markets, Threats & more. Follow the X Bot: @DarkWebIntelBot. https://t.co/Fi7VW9lg94
8kSec @8kSec
2K Followers 525 Following Offensive Security Trainings and Services. OnDemand Mobile Security Courses - https://t.co/B8Q31o3o8q Follow us on Linkedin https://t.co/Td3Ww1uMgt
werdhaihai @werdhaihai
522 Followers 484 Following Adversary Simulation Consultant @SpecterOps https://t.co/pztdK7udq3
Chris Thompson @_Mayyhem
3K Followers 469 Following Senior Security Researcher @SpecterOps https://t.co/Sz5fRYkX6u
eversinc33 🤍🔪�... @eversinc33
6K Followers 1K Following computers be computin | https://t.co/Eiur8iOJQ4
0xor0ne @0xor0ne
82K Followers 514 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |
PortSwigger Research @PortSwiggerRes
112K Followers 7 Following Web security research from the team at @PortSwigger
Daily OSINT @DailyOsint
41K Followers 111 Following Daily Open Source Intelligence Powered by @SOCRadar XTI® #OSINT #XTI #ThreatIntelligence
Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Josh @passthehashbrwn
10K Followers 334 Following Adversarial Simulation at IBM, tweets are mine etc.
Trends for United States
You might like
