Ben Campbell @Meatballs__
UK Joined March 2010-
Tweets953
-
Followers1K
-
Following399
-
Likes958
Just made a minor update to MFASweep to cover the other conditional access device options and also added in a concise results summary. github.com/dafthack/MFASw…
Reminder for red teams. Post slack going down is absolutely one of the best times to roll out your Slack credential phishing because all users care about is getting back to their slack messages. Fire away.
Steal Credentials & Bypass 2FA Using noVNC mrd0x.com/bypass-2fa-usi…
Finally had a moment to test Winlogon password leaking (a.k.a. notifying) on Windows 11. No big surprise. And the flow is: -user enters password -winlogon loads mpnotify.exe -mpnotify opens RPC channel -winlogon sends pass via RPC -mpnotify forwards to DLL -DLL stores it on disk
🎉We're super excited to publicly release assless-chaps, our super fast MSCHAPv2 cracking tool github.com/sensepost/assl… Our DEF CON @rfhackers Village talk with @_cablethief & me explaining it is out youtube.com/watch?v=lm7Cuk… Our new hashcat modes 27000/27100 have been merged too!
Please RT Q: Microsoft recommends disabling NTLM. Is there any guidance that provide a methodology to do this? A: Yes, for over 10 years. You can find it here: techcommunity.microsoft.com/t5/ask-the-dir… (Tx @NerdPyle)
I stumbled upon this very good slide deck 'Attack Detection Fundamentals for AWS' by @nojonesuk and @ajpc500 A great peace of work, thx for sharing it public! #AWS #cloudsecurity #infosec f-secure.com/content/dam/f-…
Also if you dont use SmartCards or Windows Hello, the mear presence of Cert* is a sign that you have a problem
🔥Threat actor sending Hermes #phishing via SMS is arrested!🚓 gmp.police.uk/news/greater-m… 🔍Note the actor was using a Hotel room to hide their geo-location These actors are clever to hide their tracks, keep this in mind when dealing with them.
▶ Microsoft #ADCS - Abusing #PKI in Active Directory environment ◀ I've been bragging about it for months, this is the result of many weeks of work on lesser known compromise paths for #pentest by using enterprise PKI. Feedback is highly appreciated! riskinsight-wavestone.com/en/2021/06/mic…
assless-chaps now returning NThashes from MSCHAPv2 challenge/responses with the Have I Been Pwned hash set in 0.0's of a second.
assless-chaps now returning NThashes from MSCHAPv2 challenge/responses with the Have I Been Pwned hash set in 0.0's of a second.
FWIW I’d imagine the FireEye DARKSIDE blog is the first time many defenders have heard of F-Secure’s C3. I thought it might be useful to resurface some material we’ve put out for detection opportunities/limitations (1/7)
A SPI on the Bus - retrieving BitLocker keys by @HenriNurmi labs.f-secure.com/blog/sniff-the…
Just merged @jakekarnes42 implementation CVE-2020-17049 (aka Kerberos Bronze Bit Attack). Great stuff and thorough explanations in the blogposts. Great research Jake! Enjoy! github.com/SecureAuthCorp…
Challenge completed! Successfully sniffed the BitLocker key from the SPI bus, and decrypted the drive.
New blog: A different way of abusing Zerologon. No more password reset needed: using the printer bug with Zerologon to relay to DRSUAPI and DCSync directly with ntlmrelayx: dirkjanm.io/a-different-wa… Code: github.com/dirkjanm/CVE-2…
We’re looking for someone to lead our red team here @GitHubSecurity boards.greenhouse.io/github/jobs/22…
So deep fakes... they are now crazy easy to produce. A team recently published a paper about a vastly improved method that requires *just one* training image. Here is one image of me being controlled by the Orange Man...
Fancy reading about how we SWIFTly stole half a million £ by cutting the Message Queue? labs.f-secure.com/blog/forging-s…
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better place
SwiftOnSecurity @SwiftOnSecurity
404K Followers 9K Following computer security person. former helpdesk.
b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Rad @rad9800
6K Followers 841 Following labs @praetorianlabs opinions are my own and not of my employer
Dominic Chell 👻 @domchell
16K Followers 532 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Marcello @byt3bl33d3r
29K Followers 532 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @ProtectAICorp | Ex @spacex
n00py @n00py1
13K Followers 957 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research. [email protected] on Mastodoge
🥝🏳️🌈 Be.. @gentilkiwi
62K Followers 278 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Rob Fuller @mubix
81K Followers 26K Following Dad / Husband / Marine / Student / Teacher / IAM, Red Team, CTI Director / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary
hackerfantastic.x @hackerfantastic
103K Followers 4K Following Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.
Daniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory Board
scriptjunkie (Matt) @scriptjunkie1
7K Followers 1K Following Documentation is lies. Source is an abstraction. Assembly is the truth. Also at https://t.co/AtRIesTXWS
Amelia-grace Balonek @ABalonek22168
93 Followers 5K Following
Tonette Bodison @TonettBodiso
96 Followers 5K Following
Gertha Littlewood @GerthaLitt48030
56 Followers 5K Following
Delores Heskett @DeloresHes76660
76 Followers 5K Following
Hedy Pineau @HedyPine
82 Followers 5K Following
Steffen van Loon RCX @SteffenvanLoon
471 Followers 954 Following IT Security Consultant. Tech, Privacy&Ethics enthusiast, System&Networking expert, supporting Open Standards/Software/Security. Open minded, most of the time :)
xxxxxx @junmoxiaoheheda
0 Followers 787 Following
Abdullah Atef @0xAbdalla
2 Followers 22 Following
Ivy-rose Florence @FlorenceRo64490
74 Followers 5K Following
[email protected] @captBlackb3ard
86 Followers 577 Following "Logic will get you from A to B. Imagination will take you everywhere." - Albert Einstein
Nitya @art_peace1
11 Followers 665 Following
raakesht | ராக�.. @raakesht
195 Followers 249 Following Security Researcher, Photography enthusiast, Traveler, Foodie, Music lover and A Country Dreamer.
CV @cvvamsi
67 Followers 171 Following
BrîmSt0ne @BrimstoneDN
19 Followers 144 Following
Fatih Kırbıyık @fatih_krbyk
77 Followers 336 Following
SPURTI JAVALI @JavaliSpurti
21 Followers 213 Following
Craig McLean @lowteq
100 Followers 786 Following I have the same problem as William Gibson, absolutely everything is increasingly interesting to me.
Guy Gandelman @GandelmanGuy
40 Followers 115 Following
KoDDoS @KoddosNET
8K Followers 9K Following #KoDDoS specializes in entreprise-grade ddos protection and anti-ddos solutions since 2009. Get help & support : @KoddosSupport #ddosprotection #antiddos
Chris Silver @silver3parre
93 Followers 353 Following All tweets represent my personal opinion and does not reflect or relate to my current employment.
set @setconf
11 Followers 99 Following
Holly Cooper @HollyCoope93774
139 Followers 3K Following
Miłosz Gaczkowski @cyberMilosz
104 Followers 155 Following Security consultant at WithSecure™, educator, amateur balcony gardener, professional rambler. Opinions shared here are those of your employer.
Dominic White 👾 @singe
12K Followers 541 Following Hacker @sensepost Socials || https://t.co/j4QzFmubF1 || @singe.bsky.social || 51ng3 on https://t.co/Qc039zjTKq
WaterBucket @DharaniSanjaiy
96 Followers 251 Following Wannabe redteamer. CTFs with @tamilctf https://t.co/w5jxd1l4RW
Acid @Base1Acid
4 Followers 16 Following
SinSinology @SinSinology
5K Followers 502 Following Pwn2Own 20{22,23,24}, i look for 0-Days but i find N-Days & i chase oranges 🍊
olle@WithSecure @olle_withsecure
2K Followers 529 Following Mostly security related and in English. Alla talar svenska @sakerhetssnack.
Alex Souza @azuosxela
271 Followers 5K Following
root morocco🇲🇦 @BLACKFF51092867
135 Followers 2K Following
Andrei R @ar3diu
21 Followers 1K Following
Arthur_HMSouza @AHmsouza
295 Followers 5K Following
Lu Jason @LuJason20
49 Followers 1K Following
RF_ReadOnly @ReadonlyRf
35 Followers 549 Following
KT @J3lly____
424 Followers 651 Following Security Consultant @WithSecure 🦓 ASM all the things, BioHacking 🩺 DC31 Speaker ☠️ Tweets are my own
jigar @monarch0519
73 Followers 280 Following
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better place
Dirk-jan @_dirkjan
25K Followers 175 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
SwiftOnSecurity @SwiftOnSecurity
404K Followers 9K Following computer security person. former helpdesk.
b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dominic Chell 👻 @domchell
16K Followers 532 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Vincent Yiu @vysecurity
27K Followers 202 Following Follow me for Cybersecurity #Thought #Leadership. Director Red Team. Help organizations safeguard their businesses from the bad guys.
James Forshaw @tiraniddo
48K Followers 365 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
Marcello @byt3bl33d3r
29K Followers 532 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @ProtectAICorp | Ex @spacex
🥝🏳️🌈 Be.. @gentilkiwi
62K Followers 278 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Rob Fuller @mubix
81K Followers 26K Following Dad / Husband / Marine / Student / Teacher / IAM, Red Team, CTI Director / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary
hackerfantastic.x @hackerfantastic
103K Followers 4K Following Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project.
EvilMog @Evil_Mog
15K Followers 2K Following X-Force, Team Hashcat, Bishop of the Church of Wifi, Uber Badge Collector. Views != Employers. Not a Ph.D, Recycled Memes. Multi User Dungeon Shenanigator.
Steve Syfuhs @SteveSyfuhs
17K Followers 2K Following Windows and Authentication at Microsoft. Developer. Mostly dog pictures. Might actually be two dogs in a trench coat. 🇺🇸 / 🇨🇦 @syfuhs.net on blue sky
Greg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & Synths
Daniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory Board
scriptjunkie (Matt) @scriptjunkie1
7K Followers 1K Following Documentation is lies. Source is an abstraction. Assembly is the truth. Also at https://t.co/AtRIesTXWS
Troy Hunt @troyhunt
228K Followers 1K Following Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Hannah Ritchie @_HannahRitchie
85K Followers 1K Following Deputy Editor @OurWorldinData / Researcher at @UniofOxford / Honorary Fellow at @EdinburghUni @EdCentreCC / Not the End of the World: https://t.co/FoINhggvoR
Octopus Agile Predict.. @agilepredict
5K Followers 12 Following Not affiliated with Octopus Energy Account run by a human 100% accuracy predicting very low and negative rates over 4 hours before published by Octopus.
trystan @TrystanLea
2K Followers 529 Following Open source energy monitoring and life in the mountains of Snowdonia, I also post on @openenergymon and https://t.co/8BdODkdMbB
Glyn Hudson @glynhudson
6K Followers 1K Following Co-founder of @openenergymon, passionate about energy transition and low carbon travel. Love rock climbing, cycling & outdoor adventures, 8yrs #FlightFree
OpenEnergyMonitor @Openenergymon
6K Followers 337 Following Open-source tools for energy monitoring and analysis. Tweets by @glynhudson & @trystanlea
Sarah Go Green💚 @sarah_go_green
4K Followers 275 Following Plant eater 🌾 Veg gardener🌱Womble litter picker🏖🐳💚nature🐝🌳🦔EV driver🚗🚦🏭🙋♀️ co-op 💨wind farm member☀️solar🔋🏠💚https://t.co/yw4EaNEota👩🏼💻
Gigaclear @gigaclear
5K Followers 310 Following Empowering communities with brilliant broadband. Our digital advisors are here to help with any comments and messages from 9am-5pm Monday-Friday. 😊
Greg Jackson @g__j
35K Followers 2K Following Founder https://t.co/AnSgt1hkyV Customer issues: email greg at https://t.co/AnSgt1hkyV for best response Blog at https://t.co/SQplcngLfz
BSides CAMBRIDGE @BsidesCambridge
6 Followers 1 Following BSides Cambridge (UK) will be hosting a in-person and online events for everyone who loves technology, security, computers and the Internet.
Miłosz Gaczkowski @cyberMilosz
104 Followers 155 Following Security consultant at WithSecure™, educator, amateur balcony gardener, professional rambler. Opinions shared here are those of your employer.
olle@WithSecure @olle_withsecure
2K Followers 529 Following Mostly security related and in English. Alla talar svenska @sakerhetssnack.
Octopus Energy @OctopusEnergy
105K Followers 647 Following We believe energy should be better. A better experience for customers, better for the planet, and better value for money.
East Northants Police @EN_Policing
2K Followers 548 Following Your Neighbourhood Policing Team covering all towns & villages in East Northamptonshire. To report a crime call us on 101 or in an emergency 999.
James Cleverley-Pranc.. @jpts_
384 Followers 965 Following Hacker, Security Person | Cloud Security @wiz_io ✦ | #Kubernaughties #CloudNativeSecurity | Opinions my own | @[email protected]
Simon Evans @DrSimEvans
87K Followers 4K Following Press Gazette energy & environment journalist of the year 2022 Deputy Editor + Senior Policy Editor @CarbonBrief DMs open [email protected]
Roxana @RoxanaKovaci
527 Followers 257 Following Red Team @Nettitude_Labs | Former Red Team + DFIR @Mandiant @GoogleCloud
The Hook Up @TheHookUp1
12K Followers 68 Following Home Automation Enthusiast, Tech YouTuber, and Science Teacher.
Cats__Unicorns @Cats__Unicorns
7 Followers 18 Following
Christo Grozev @christogrozev
566K Followers 1K Following Investigative journalist (Spiegel, The Insider, ex-Bellingcat), radio investor and hobby coder. Immediate blocks for whataboutism.
Eliot Higgins @EliotHiggins
310K Followers 3K Following Founder and creative director of @Bellingcat and director of Bellingcat Productions BV. Author of We Are Bellingcat. Tonal Whiplash Zone.
SteelCon @Steel_Con
7K Followers 3K Following SteelCon is a family friendly hacker conference in Sheffield. Next event is July 19-21 2024. @hacknotcrime Advocate
watchTowr @watchtowrcyber
2K Followers 9 Following Your very own APT group, in an Attack Surface Management solution.
nami @nami_sh
274 Followers 562 Following Ethereum Developer @OpenZeppelin. Formerly Security Consultant @FSecure • views are my own
Ken Gannon @Yogehi
595 Followers 210 Following 95% random tweets, 5% security related tweets, Pwn2Own 2023, Principal Security Consultant @NCCsecurityUS
Interrupt Labs @InterruptLabs
2K Followers 78 Following We’re here to provide world-leading vulnerability research and research capabilities. From browsers, mobile, automotive and everything in between.
Paul Hibbert (THIS IS.. @hibberthometech
12K Followers 272 Following Smart home & tech enthusiast and the next Amazon CEO. Automating the world one YouTube tutorial at a time. Also the author of best selling book: Troll Slayer
Emanuele Sparisi @EmanueleSparisi
14 Followers 32 Following
I'm @Ketanjoshi.co on.. @KetanJ0
66K Followers 9K Following on bluesky - @ketanjoshi.co Sometimes check DMs here
Vic: UK Edition @VicHarkness
2K Followers 750 Following I like birds, photography, and cool tech. @BSidesBSK organiser, @DefConScavHunt judge. Occasional 🇺🇦 supply runner. Mainly shitposts. She/her
Classical Studies Mem.. @CSMFHT
498K Followers 1K Following We post memes from a variety of sources, related to Classics and the ancient world. Stick around and you might learn a thing or two! We ❤️ 🏳️🌈🏳️⚧️🤜🤛🏿🌍
Abhay Bhargav @abhaybhargav
6K Followers 659 Following AppSec Expert with over 15 yrs of experience | Author of 2 books and Black Hat Trainer | Building the world's best Security Training Platform, @AppSecEngineer
William Jardine @WilliamKJardine
632 Followers 2K Following Cyber security guy. I mainly tweet about films & The Simpsons. So be prepared to be firmly underwhelmed. Also do shit film reviews on Letterboxd!
IEFBR14 @Jabellz2
319 Followers 71 Following
Jean Marsault @iansus
1K Followers 377 Following Red-Team & DFIR @WavestoneFR YoloSw4g CTF Opinions are my own
tado° @tado
17K Followers 1K Following tado° is THE expert in smart heating and energy management for your home, designed and developed in Germany. Contact support on https://t.co/e4wLyiGVFD
Porchetta Industries @porchetta_ind
6K Followers 3 Following A centralized platform for organizations to support the developers of Open Source Infosec/Hacking tools.
Calum Hall @_calumhall
910 Followers 330 Following Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Josh Gideon @Josh_Gideon
269 Followers 955 Following Cyber Security defence/blue team, hacker, former SOC lead.
Leo Tsaousis @LAripping
282 Followers 443 Following Senior Security Consultant @WithSecure. Talks mostly about security. As Rino put it, sometimes maybe good sometimes maybe shit
Alfie Champion @ajpc500
2K Followers 515 Following Adversary Emulation Manager | Formerly MWR / @FSecure_Consult | Tweets my own
Luke Roberts @rookuu_
760 Followers 468 Following Red Team. Ex-@mwrlabs Ex-@FSecure_Consult Programmer | Hacker | MathComp Grad @ UCL
@CarabineLongue Or they could use a postal vote I guess
@robsmallshire If an open API, then I'll trigger it using @home_assistant at cheapest period for electricity. Otherwise zero use.
@dasgrog @ErrataRob @k8em0 Internet endpoint with https can be a single point of failure with an expired cert, stolen domain name. Physically protecting code signing keys is a lot easier and allow for diverse scalable distributionmethods, caches, USB keys, asset repos etc.
A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:…
New lab 🏰 for the GOAD project 🥳: SCCM You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware. More information here: mayfly277.github.io/posts/SCCM-LAB… Repository here : github.com/Orange-Cyberde… Thx again @KenjiEndo15 for your help to building this !
RE: APEX / ALGS / EAC Remote Code Execution 👋 I wrote undectable cheats for online games for challenge and sport for many, many years. I know enough to know that no one has the answers, but I'd like to call out some things you may have glazed over, and put them in context. 🧵
@ctjlewis @dallin_stagg I'm guessing you've never spent much time learning about innumeracy rates. A huge percentage of people (even in the developed world) don't understand that.
Science fiction writers: The legal case for robot personhood will be made when a robot goes on trial for murder. Reality: The legal case for robot personhood will be made when an airline wants to get out of paying a refund.
Air Canada must honor refund policy invented by airline’s chatbot trib.al/s84FkPu
@nojonesuk @__invictus_ @assume_breach Special is a term I've often used to describe @__invictus_ too
MachineAccountQuota = 0, preventing you from grabbing NAA creds remotely? DPAPI to the rescue! Ported over NAA Extraction via DPAPI to sccmhunter. h/t: @agsolino & @clavoillotte for SystemDPAPI.py
@evmanuk Put a complaint in, The Sun is doing this to multiple YouTube videos ipso.co.uk/complain/compl…
@AbigailDombey @EVAEOfficial No doubt it’s frustrating, but EV driving isn’t a cosy clique any more, it is anyone’s prerogative to charge fully & if a system intended for widespread public use, requires selflessness of users to be satisfactory, the flaw lies in the system.
Current status, waiting for persistence to call home. Contemplating the decision to decouple initial access with persistence
@g__j @AlokSharma_RDG @OctopusEnergy Don’t get sucked in by that twat Greg. He’s as corrupt as the whole #ConservativeParty and you’ll be pulling the knives out your back for years!!
That awkward thing where you bang on about "true" costs & "honest debate" but the climate-sceptic hack you paid to churn out the numbers doesn't know the difference between MW and MWh (they can't say they weren't warned, I emailed the author on Tuesday) x.com/drsimevans/sta…
Guessing app's PIN using Flipper Zero as #BadUSB This "App Locker" app protects access to user selected apps - in this case, Instagram - using PIN code. It is possible to guess it with unlimited attempts, because the app developers haven't implemented brute-force protection and…
The default ACH used in heat loss calculations for a property of this age (1980's), is 1 to 1.5 ACH, reducing this to 0.35 ACH reduced the calculated heat loss from 8.5kW to 4.9kW
An opportunity was missed. Maybe next defcon...
Trends for United States
You might like
