Reigning Shells @ReigningShells
Red Team Operator / Penetration Tester blog.reigningshells.com Well Traveled Joined August 2015-
Tweets1K
-
Followers222
-
Following1K
-
Likes1K
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
Contrary to inaccurate reporting, CISA’s Red Teams are defending our critical infrastructure without interruption. Our Red Team is among the best in the world & remain laser focused helping identify & mitigate significant vulnerabilities & weaknesses. go.dhs.gov/wcB
A few weeks ago I gave a talk at @a41con on how to phish for PRTs and phishing resistant authentication methods 👀. The slides, plus a demo video on how to do this with credential phishing are now on my blog: dirkjanm.io/talks
Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder. tiraniddo.dev/2024/06/workin…
Quick preview of my ETW write-up that I did on the 'Microsoft-Windows-DotNETRuntime' Provider. Here I'm showing how certain EDR vendors are using this telemetry to build detections when .NET assemblies are reflective loaded from byte arrays.
Modern implant design: position independent malware development. A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing. 5pider.net/blog/2024/01/2… Repo: github.com/Cracked5pider/…
I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made) I’ll pick the winners in 72 hours
CIA Vault7 describes Stinger as a "UAC bypass that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as administrator". Here is my implementation that runs a command with SYSTEM privileges from a UAC restricted process github.com/hackerhouse-op…
My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now: youtube.com/watch?v=XAvAVK… 🔥🙂
Did you know that when you disable "Real-time protection" on defender, its true that you won't receive events on the Defender Event log anymore (related to that feature). But if you actually subscribe to the AMSI ETW {2A576B87-09A7-520E-C21A-4942F0271D67} provider you'd still…
Have you ever wanted to write a better reflective loader? What about a perfect one? Learn how to do exactly that in our latest blog post from @mcbroom_evan: ghst.ly/3Q6HMgu
How to disable some parts of EDR’s telemetry on Windows 10? Just ask nicely! See riskinsight-wavestone.com/en/2023/10/a-u… for more info about an interesting logic bug we found on Win10 that affects all EDRs 😉
Another new twist on the .zip TLD. Fascinating.
Another new twist on the .zip TLD. Fascinating.
Last week I ported TinyNuke HVNC to a Cobalt Strike BOF: github.com/WKL-Sec/Hidden…
An amazing talk was given by @rad9800 in his OnlyMalware (discord.gg/onlymalware) discord server. check it out. youtube.com/watch?v=L9SI-P…
detecting EDR services remotely without admin privs. indicators: - installed services: [MS-LSAT] LsarLookupNames() - running processes: named pipes (there are some characteristic to EDRs) needs some more testing and cleanup before release, but looks like promising.
Found this pretty useful cheatsheet/deep-dive that explains firewalls by referencing the ufw wrapper for iptables. Figured I'd share since it brought me some value. blog.kanbach.org/post/firewalls…
On an AWS pentest, I found cleartext passwords in CloudFormation Stack Outputs. Here's an easy way to check: for region in {"us-east-1","us-east-2"}; do aws --region $region cloudformation describe-stacks --query 'Stacks[*].[StackName, Description, Parameters, Outputs]'; done
For those hyped at some of the AI chat stuff and want to pull this into tooling, might be worth looking again at Github Copilot.. it already offers some neat stuff and AFAIK is built on OpenAI tech. Below is a simple C shellcode stub translated into C# and explained pretty well.
Want to create great phishing links using an open-redirect on google.com? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! gist.github.com/ustayready/3ba… Follow the 🧵for how it works..
Vouuxou @vouuxou60907
2 Followers 163 Following
Altered Security @AlteredSecurity
7K Followers 2K Following Global leader in hands-on learning for enterprise and cloud security education. Join 40000+ infosec professionals from 130+ countries
Juquil @Juquil077987
83 Followers 3K Following
Ch3rry04 @Ch3rry2504
3 Followers 164 Following Red Team & Offensive Security Enthusiast | Associate @ Cognizant
Tewshot @Tewshotaef4Mi
76 Followers 3K Following
Janet Catherine @janet_cath81671
5 Followers 173 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/e4AxEQv1vH
James Ibrahim @JamesIb54140322
67 Followers 3K Following
Hussein Sherafat @Hussein_Sherafa
218 Followers 6K Following
Thrilla the Gorilla @ThrillaRilla369
322K Followers 105K Following 🎮GameStop🎮. This ENTIRE account is 100% fiction except for the parts that aren't. Don't take anything I say seriously.
RAJASEKHAR P @rajasekharp235
37 Followers 953 Following
Jerry Davis @JerryDavis37496
87 Followers 2K Following
Paul Brandau @paulbrandau
342 Followers 425 Following Husband, Father - Chief, Red Team @ CISA. My views are my own and not those of my employer.
Hacker Stickers @HackerStick3rs
2K Followers 4K Following We're just here to spread neat hacking and cybersecurity related stickers.
Tarrersl @TarrerslDcsT
42 Followers 5K Following
A @appsecmonitor
2 Followers 484 Following
Lev Salinas @levsalinas
330 Followers 8K Following
tonghuaroot @tonghuaroot
452 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
Joseph M @cedoxX
9K Followers 4K Following Keynote Spkr • Best Selling Author • DarkWeb Trainer. Builder of Secure AI DC & Agents/GPT/AI/Qbit +28yr Defcon/BlackHat & Darkweb +22yr Securing ICS/SCADA/BMS
PacketSniper @HackToProtect
10K Followers 10K Following 🇺🇸 God and Country 🇺🇸 Proud Patriot 🇺🇸 All Things Hacking CyberSecurity Crypto. Forever Learning - Forever Protecting
︎ ︎ @0xocdsec
4K Followers 7K Following ︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🏴☠️ ︎︎ ︎︎ ︎︎ ︎︎ ︎🌹︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎ ︎︎🏴☠️︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎💚︎︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🇺🇦 ︎︎ ︎︎ ︎︎ ︎︎ ︎︎|︎ ︎︎ ︎︎ ︎︎ ︎︎603,628 km² ︎ ︎︎
Kenway @tobiishiju7514
74 Followers 7K Following
Teresa @tonasatoko15588
75 Followers 7K Following
hell-00 @he1100_1100
666 Followers 7K Following
𝐸𝓍𝟥𝓅𝓉�... @Ex3ptionaL34
197 Followers 3K Following CyberSecurity Researcher | Exploit Developer | Vulnerability Analyst | Red Team Operator | https://t.co/md39gARCyK
Balkrishna Jadhav @hacker3j
813 Followers 8K Following AVP - Threat Hunting @ Kotak Mahindra Bank| Senior Threat Intelligence|Forensicator|MindHunter| Innovator|Malwarologist|Espionage||Inventor
Serag Adeen Fouzi @AdeenFouzi
254 Followers 3K Following
[email protected]... @KyanHexagon
433 Followers 3K Following Honest but earnest. Doing my best and trying to do good recklessly. A slow burner. Computers?! ペネトレーションテストエンジニア
Naman Devnani @naman_devnani
420 Followers 7K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE | COL
. @0x75f_
413 Followers 5K Following
🛸Mayank Sharma🏴... @ping_mayank
484 Followers 5K Following TISO | AI Platform Security Engineer/Architect @DeutscheBank 💶 | Crew @Cloudvillage_dc 🌩️| Hack Ship Hack☁️ 🐳📦 Cloud Cotainers
JackBerserk @BerserkJack
37 Followers 333 Following Apprentice CTI Analyst breaking into the field one level at a time.
Hakam Soufiane @soufiane_hakam
192 Followers 4K Following
dddabtc🛸(三低人... @dddabtc
204 Followers 1K Following
Pratik Lagaskar @warlordsam077
604 Followers 6K Following Security Researcher | On-Chain Sleuth | OSINT | Rekt Analysis
Maina Mathenge @Geshma
463 Followers 4K Following IT enthusiast, passionate about RF, cyber security, Cryptocurrency and AI
brtollo @brtollo
31 Followers 600 Following
Stoopid Sec @StoopidSec
1 Followers 149 Following
Altered Security @AlteredSecurity
7K Followers 2K Following Global leader in hands-on learning for enterprise and cloud security education. Join 40000+ infosec professionals from 130+ countries
Alberto @__ar0d__
455 Followers 2K Following Infosec | Tech | Entrepreneur 👋. https://t.co/NipeaWw1t2 | https://t.co/7MkpQbduIo
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 823 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
Alh4zr3d @Alh4zr3d
24K Followers 276 Following Legal Criminal | Twitch cult leader | InfosecPrep founder | Lovecraft scholar | Soros mercenary | Spiritual cargo shorts wearer | Cthulhu fhtagn
c7m @0xc7m
1K Followers 1K Following #ThreatHunting | #DFIR | #BlueTeam | #CTF Player | OSCP, OSCE, GPEN, GXPN | Opinions are my own
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Jean @Jean_Maes_1994
12K Followers 1K Following @sansoffensive Certified instructor/SEC565 author/SEC699 co author
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
sn🥶vvcr💥sh @snovvcrash
12K Followers 490 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
Matt Eidelberg @Tyl0us
6K Followers 273 Following Red Teamer @BHinfoSecurity. Implant Dev is my passion. Part-time Comic Book Nerd.
mr.d0x @mrd0x
45K Followers 297 Following Security researcher | Co-founder https://t.co/QxBlzp9A8w | https://t.co/zqMXQRZjQN | https://t.co/Fq7WSqTBva | https://t.co/eKezFcO6nd
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Chris Au @netero_1010
1K Followers 580 Following Red teamer, my tools for red teaming: https://t.co/j6Z018m09L, my blog to share offensive security stuff: https://t.co/MKvSTjpWoi
Kevin Owens @Kevin_ICS
4K Followers 4K Following IT Cybersecurity. Cybersecurity for Industrial Control Systems (ICS). Securing critical infrastructure is my passion! I always follow back!
Chris Hanlon @ChrisHanlonCA
17K Followers 18K Following Security Engineer Google Security Hall of Fame Presenter & Workshop host at #BSidesLV and #DEFCON
Peter Winter-Smith @peterwintrsmith
6K Followers 3K Following Security researcher & implant developer @mdseclabs; developing SAST @wsastsupport; malware, code analysis, appsec, cryptography. Trying to follow Christ.
SecurityTrails, A Rec... @securitytrails
13K Followers 1K Following Security Trails was acquired by Recorded Future. To see what's new, visit @RecordedFuture.
sinusoid @the_bit_diddler
2K Followers 2K Following
Bureau of Cyberspace ... @StateCDP
25K Followers 248 Following We lead @StateDept's work on cyberspace and digital technology diplomacy.
Cybersecurity @ NIST @NISTcyber
90K Followers 522 Following Official handle covering all things cybersecurity at NIST
The Cyber Security Hu... @TheCyberSecHub
189K Followers 388 Following World's Premier Cyber Security Portal™ #cybersecurity #infosec #hacking #tech 📧 [email protected]
NSA Cyber @NSACyber
150K Followers 12 Following We protect our nation’s most sensitive systems against cyber threats. Likes, retweets, and follows ≠ endorsement.
ARCHIVED: Jen Easterl... @CISAJen
63K Followers 49 Following Archived: Director, CISA—America’s Cyber Defense Agency. Combat Veteran. Proud Mom. Rubik’s Cuber. Aspiring Electric 🎸. ❤️/RT ≠ endorsement
Tom Segura AKA Mr. La... @tomsegura
967K Followers 1K Following I have 4 specials on Netflix. podcast here: https://t.co/4uUwz2QOkf You can Merch up here: https://t.co/KaSVm44S8A
bert kreischer @bertkreischer
1.1M Followers 4K Following I am the Machine LUCKY streaming now on @netflix. Permission to Party on sale now #MakeFriends with @porososvodka
The Innocent Lives Fo... @InnocentOrg
9K Followers 86 Following 501(c)3. Our mission is to identify anonymous child predators and help bring them to justice.
Paul Brandau @paulbrandau
342 Followers 425 Following Husband, Father - Chief, Red Team @ CISA. My views are my own and not those of my employer.
Vincent | Hack the Fu... @avasdream_
2K Followers 119 Following Your inspiration for ITsec | Code | AI | technical knowledge required | Certificates: OSCP, CRTO, cISsP
hackaday.io @hackadayio
51K Followers 2K Following ❤️ World's largest hardware + software community Home of @hackaday community, weekly #HackChats & #HackadayU
Joe Grand @joegrand
28K Followers 600 Following Hardware hacker, computer engineer, former L0pht member and juvenile delinquent, sometimes known as Kingpin.
Mudge @dotMudge
63K Followers 336 Following Make a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}
hackaday @hackaday
267K Followers 2K Following 🔥 Read: https://t.co/KG4TpCzO7H ☠️ Contribute: tips at hackaday dot com 👉 Projects: @hackadayio #Fediverse: @[email protected] 📒 Learn: https://t.co/p1jaCktSDt
Raspberry Pi @Raspberry_Pi
609K Followers 1K Following We make very small computers which you can buy from just $4. We are also the literal coolest. Be excellent to each other. Tech support: https://t.co/ZEBSfmuErK
SixGen @SixGenInc
284 Followers 268 Following We offer full-spectrum cybersecurity services to Government and Industry. CYBER OPERATIONS | TOOL DEVELOPMENT | SOFTWARE DEVELOPMENT | SPACE MISSIONS | TRAINING
SEKTOR7 Institute @SEKTOR7net
15K Followers 346 Following Homo Aptus. Vincit qui se vincit - Publilius Syrus. Consulting, Training, Technology, Cyber domain, and more... @x33fcon founder.
Paul Muad’Dib L. @am0nsec
6K Followers 274 Following Senior Security Consultant @ Mandiant (part of Google Cloud). Tweets attributable to me — not current or former employers. Honneur de vous rendre compte.
Trends for United States
You might like
