-
Tweets3K
-
Followers8K
-
Following392
-
Likes3K
Update on the NTLM reflection attack: ctjf discovered that SMB signing enforcement does NOT protect against the NTLM reflection attack🛡 Cross-protocol relaying is still possible, even with mitigations in place. Only patching your system fully mitigates the vulnerability! 1/4🧵
Huitième rump: "It's RPC time!" par @Rauxam_
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
A detailed description of the R&D process with its ups and downs, a great deep dive into Windows internals to try to remotely enable the Web Client service. Great work 👏
A detailed description of the R&D process with its ups and downs, a great deep dive into Windows internals to try to remotely enable the Web Client service. Great work 👏
Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. @0xthirteen breaks down the service startup mechanics, plus the protocols and technologies. ghst.ly/41QT7GW
If you want to quickly check whether the guest account is enabled, you can now do it with NetExec. This is not enabled by default you need to set the custom flag check_guest_account in your nxc.conf file. Maybe one day it will be set to true by default 🪂
gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.
You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. cymulate.com/blog/zero-clic…
Session enumeration is only possible with admin privileges? That is a problem of the past thanks to the new --reg-sessions core functionality of NetExec, made by @toffyrak🔥
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…
Added a small Quality of Life improvement to NetExec: When the target allows null authentication the host banner automatically displays this info now🚀
In this blog post I explain the fundamental building blocks, vocabulary, and principles of attack graph design for BloodHound: specterops.io/blog/2025/08/0…
hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…
It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…
To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…
Okta chained with Azure with auto MFA subscription for Okta and frame-buster bypass to perform Bitb ! Evilginx is really nice to setup custom phishing campaign whatever the environment is... Phishlet available here : github.com/OtterHacker/Ok…
SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU
Netexec users and Windows lovers here is a small tip I learned experimenting with @scam_work about windows loggedon-users and scheduled task impersonation
New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when working from a C2 agent. Way easier than before thanks to some great research by @zyn3rgy youtube.com/watch?v=e4f3h5…
🧐Le 11 juin dernier, deux chercheurs de @Synacktiv ont publié un billet de blog révélant CVE-2025-33073, une faille critique qui est pourtant passée (presque) sous le radar. 🤓On passe en revue la vuln' aujourd'hui ! youtu.be/sXdca8lfG14
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
mpgn @mpgn_x64
18K Followers 230 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Rémi GASCOU (Podalir... @podalirius_
8K Followers 663 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools 🎬 https://t.co/QaAENc4NcY
sn🥶vvcr💥sh @snovvcrash
12K Followers 490 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Mayfly @M4yFly
7K Followers 783 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
n00py @n00py1
13K Followers 962 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Swissky @pentest_swissky
20K Followers 1K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafG
an0n @an0n_r0
13K Followers 727 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
Josh @passthehashbrwn
10K Followers 334 Following Adversarial Simulation at IBM, tweets are mine etc.
Marcello @byt3bl33d3r
30K Followers 561 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @PaloAltoNtwks | Ex @spacex
DebugPrivilege @DebugPrivilege
40K Followers 2K Following Windows Nerd | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals.
Guillaume @Guuy_37
11 Followers 93 Following
Hamed faye @Hamedfaye06
1 Followers 79 Following
0xBachi @0xBachi_
3 Followers 60 Following
Uwarralx @Uwarralx243154
13 Followers 892 Following
Saab @off_saab
0 Followers 23 Following
Kane Mertz @MertzKane79350
79 Followers 4K Following
Romso_TI @Romso_TI
1 Followers 21 Following
m4ki3lf0 @m4ki3lf0
16 Followers 203 Following
P-aïmon @P_a_imon
0 Followers 54 Following
Viet Hung @viethung_eth
81 Followers 2K Following Crypto, AI, Cybersecurities lover. $BTC $ETH $LINK $BNB $SOL
quwei @quwei243831
0 Followers 260 Following
Pierrot @Pierrot1963777
0 Followers 29 Following
Mister SiD @mister_sid_
603 Followers 362 Following les oiseaux qui naissent dans des cages pensent que voler est un crime - FLK
SquareZer0 @__squarezero__
137 Followers 1K Following @protos3c team member | CTF player | Pentester
Ulysse @ulysse4sec
0 Followers 96 Following
RedTeam Pentesting @RedTeamPT
8K Followers 174 Following Official RedTeam Pentesting GmbH account -- Impressum: https://t.co/pS9oK62Lsu
kota31 @_kota31
3 Followers 169 Following
Raphaël Lacroix @Chepycou
1 Followers 98 Following 🇫🇷 French ✏️ Aspiring penetration tester (Currently looking for a Penetration Tester position in Toulouse). CTF Player 🎹 Plays piano, drums and composes
fongpei chou @clmtn88
0 Followers 126 Following aspiring financial accountant, technology and security
MetalZen0 @MetalZeno
8 Followers 215 Following My Second account since the first one got hacked and twitter was no help
squ4r00t @squ4r00t
0 Followers 13 Following
Vee @Vee0x0
1 Followers 67 Following
Danish Mehmood @danish_mehm00d
2 Followers 465 Following R3d_t3am | Security Researcher | Pentester & Technology lover
Tyjol4 @Tyjol4
4 Followers 435 Following
Ansuz Security @AnsuzSecurity
0 Followers 54 Following
zerotoxin @zerotoxin
13 Followers 643 Following
Anataar @AnataarXVI
6 Followers 119 Following
v1nc @v1__nc
7 Followers 102 Following bruteforce brother | security | pentesting | reverse engineering | privacy | opsec
PhoenixProject @__0_Phoenix_0__
6 Followers 119 Following Enthousiast AI master of projects, content maker and fond of sciences! @Grenoble_Em Graduate MRs
Racim Boussa @racim_boussa
0 Followers 458 Following
Antoine Aurand @aur40148
0 Followers 43 Following
Meg4R0M🏴☠️ ... @ToosDL
68 Followers 353 Following Consultant infra // Consultant Cybersecu // Tech Lead // Ex dev Symfony/EzPublish/EzPlatform // Formateur // Facilitateur // Validateur Technique - @neverhack
seek @seeknes
9 Followers 86 Following
Ellosys @ellosys
2 Followers 402 Following
Ronin_x86 @Ronin_x86
0 Followers 210 Following
Marshall';--🐼🍌 @MJHallenbeck
1K Followers 304 Following Don't hate me 'cause I'm beautiful. I like breaking shit. Red Teamer & Pen Tester. Cat lover. NetExec maintainer. CPTC Director & AppDev Team Lead
loiute buio @LoiuteB4155
4 Followers 416 Following
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
Florian Hansemann @CyberWarship
84K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
mpgn @mpgn_x64
18K Followers 230 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
ippsec @ippsec
120K Followers 352 Following
Rémi GASCOU (Podalir... @podalirius_
8K Followers 663 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools 🎬 https://t.co/QaAENc4NcY
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Mayfly @M4yFly
7K Followers 783 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
n00py @n00py1
13K Followers 962 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Swissky @pentest_swissky
20K Followers 1K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafG
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Synacktiv @Synacktiv
20K Followers 271 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Rauxam @Rauxam_
15 Followers 71 Following
Franso @Fransosiche
940 Followers 308 Following Pentester & Content Creator @rootme_org | Vulga Cyber | CTF enjoyer | Powerlifter https://t.co/3pgcxclBjh https://t.co/INGswbIHrv
Scaum @SScaum
30 Followers 26 Following
Quentin Roland @croco_byte
296 Followers 37 Following Pentester @Synacktiv 🤖 https://t.co/FhHN2RnPym
Simone Margaritelli @evilsocket
47K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things.
Volker @volker_carstein
573 Followers 615 Following Hacker 💻 speaker 📣 Jack of All Trades 🃏 Social Engineering, OSINT, AD, TTRPG Pentester / Red Team Operator @ Bsecure / Parabellum Services
Mounir Laggoune @moonlaggoune
40K Followers 656 Following CEO @finaryhq - Rejoignez 550.000 investisseurs, suivez votre patrimoine, gérez votre budget et investissez. Mon livre pour investir👇
wrongbaud @wrongbaud
5K Followers 1K Following Cars, Bikes, Coffee and Embedded Systems Security | Founder @voidstarsec Training and Consulting https://t.co/0ib8fK31Ib https://t.co/YzN9K2LaST
T. @trendytofu
866 Followers 636 Following something something Cyber, something something security something.
OtterHacker @OtterHacker
7K Followers 77 Following Professional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI
Finary @finaryhq
21K Followers 12 Following Prenez votre patrimoine en main 📱 Contruisez votre empire 👑 Envie de vous former à l’investissement & co-construire Finary : https://t.co/LAMNw4PMUN
k1nd0ne @k1nd0ne
607 Followers 212 Following Digital Forensic & Cyber Threat Intelligence. https://t.co/Qw6hzaf348
RandoriSec @RandoriSec
2K Followers 154 Following Cybersecurity company founded by security experts providing the following services: Security audits, Vulnerability research, SecOps, SecArch and Trainings
Fahad @Pwn3dx
2K Followers 403 Following Adversary Emulation | #OSEP | #CRTL | #eCPTXv2 | #CRTE | #CRTO | #CRTP | #eCPPTv2 | #eWPT | #APTLabs | #ZEPHYR
No Context French �... @nocontextfra
215K Followers 1 Following
Jim Sykora @JimSycurity
2K Followers 2K Following I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän
Nathan Blondel @slowerzs
809 Followers 121 Following
Akamai Security Intel... @akamai_research
26K Followers 108 Following All security research, all the time. Bringing you the latest insights from @Akamai’s research teams across the globe.
Aurélien Chalot @Defte_
4K Followers 460 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥
Gateway @intogateway
2K Followers 6 Following The Web3 Security University, incubated by @guardianaudits
Jason Lang @curi0usJack
16K Followers 201 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
d1rkmtr @d1rkmtr
8K Followers 466 Following
Daniel Avinoam @daniel_avinoam
109 Followers 62 Following
wwwGeneral @wwwGeneralFR
25 Followers 135 Following Pentester @Holiseum Part-Time Teacher @ESIEEParis Staff @HackDayfr CTF Player Active Directory breaker Blog : https://t.co/tzZUgyKrpa
DEFCON GROUP Paris @dcgparis
2K Followers 10 Following A reboot of the DEFCON GROUP Paris group. Free bimonthly meetups. If you would like to give a talk, contact us here: [email protected]
Vincent Yiu @vysecurity
29K Followers 254 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Snowball @snowball
5K Followers 0 Following 👨🏫 Apprends les rouages de l'éco, de la finance et des cryptos en toute simplicité. pas de « get rich quick » ici.
Caroline Jurado @CarolineJurado
2K Followers 543 Following Vulgarisatrice crypto, Autrice, Conférencière. Je rends les cryptos simples. Ma newsletter crypto n°1 en 🇫🇷 ⎥Rejoins-nous !
Trackflaw @trackflaw
178 Followers 1 Following Trackflaw is a french startup specialized in offensive security and specifically in penetration testing.
AlexOnCrypto @mis4nthr0pic
2K Followers 762 Following Business Growth @zokyo_io DevRel at @opensensepw. Bitcoin. Ethereum. Solana.
Cyfrin CodeHawks @CodeHawks
10K Followers 4 Following Helping companies secure smart contracts and auditors get paid. More than $2M+ rewarded to auditors. Powered by @cyfrinAudits
Thomas Seigneuret @_zblurx
3K Followers 392 Following Red Teamer & Security researcher Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo bsky: https://t.co/zISpgvDSWc
Review @TheGreatReview_
130K Followers 226 Following Youtube : https://t.co/D73xhMdtvq / Twitch : https://t.co/dlqgKqDMi0 / Patreon : https://t.co/0FSS4nMjou [email protected]
Aitor Zaldua @azdraft_
222 Followers 88 Following Co-Founder & Head of Security at @Bubblefi_xyz | Web3 & Web2 Security | Smart Contract Auditing | ISO, EU & US regulatory compliance expert.
Kristian Apostolov @KrisApost1
3K Followers 267 Following Blockchain Security Researcher | Bounty Hunter @immunefiTrends for United States
You might like
