_Imm0 @_Imm0
Joined June 2016-
Tweets464
-
Followers59
-
Following311
-
Likes8K
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta. blog.xpnsec.com/identity-provi…
New release of AD Miner (github.com/Mazars-Tech/AD…) introducing better path calculation with #Bloodhound (Smartest vs. Shortest Paths). Also published an article to explain this feature : linkedin.com/pulse/graph-th…
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS). github.com/wh0amitz/Sharp… #Pentesting #ActiveDirectory #Exploit #WebSecurity #Infosec
New technique to bypassing EDRs with EDR-Preloading. Tldr: blocking EDR from loading it's DLL into a process preventing the deployment of user land hooks. malwaretech.com/2024/02/bypass…
Entra ID Connect Arbitrary Password Overwrite nullg0re.com/2024/01/entra-…
I really like github.com/zyn3rgy/LdapRe… . But I always missed that it can't scan for EPA on HTTPS. So I wrote a script based on it to do just that: github.com/Immortalem/Htt…
Finally got around to writing a blog about the Kerberos RC4-MD4 downgrade attack, how it works, and how you can exploit it. googleprojectzero.blogspot.com/2022/10/rc4-is…
Here is an RCE demo for Cobalt Strike CVE-2022-39197. Like @0x09AL said the patch is not a complete fix, be careful. Also I don't want to see any more java code for a while, holy f. Maybe at some point I will post some patch analysis 🥃 youtube.com/watch?v=cjg9FJ…
Is KrbRelay dead on fully updated systems? Inspected a bit and seems that auth breaks hence it's not possible to perform modifications (nor searches. Here I just hardcoded the target) @tiraniddo @cube0x0 Do you guys know/imagine what could be happening or if MS ninja patched?
Releasing a few things based on S4U2self+u2u, enjoy - SPN-less RBCD (based on @tiraniddo research 🔥) - Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
NTLM relay is dead and living in AAD. An interesting @BlackHatEvents talk by @rubin_mor i.blackhat.com/USA-22/Wednesd… CC: @SteveSyfuhs @gentilkiwi #BHUSA2022
In the past I have heard/read/thought/etc these are important when working: Good compensation including benefits Work-Life balance Have a say - what you say matters Can make a difference - able to change things for the better (internal/external) Can grow & shape your career
In the past I have heard/read/thought/etc these are important when working: Good compensation including benefits Work-Life balance Have a say - what you say matters Can make a difference - able to change things for the better (internal/external) Can grow & shape your career
Check out corCTF kernel writeups! FizzBuzz101's challenge shows a novel leakless + data-only technique to pwn Linux with a 6 byte overflow: willsroot.io/2022/08/revivi… D3v17's CoRJail shows a novel technique used on kctf to achieve arb free with poll_list : syst3mfailure.io/corjail
ICYMI, our free course and hands-on lab 'Introduction to Azure Penetration Testing' is available at azure.enterprisesecurity.io We already have more than 5500 (you read that right) students who took the course and attempted the labs! #Azure #Pentesting #RedTeam
Just in case you need it automagically wrapped into PowerShell: Grab @ShitSecure and my converter: raw.githubusercontent.com/LuemmelSec/Pen… . .\convert_c#_to_ps1.ps1 invoke-convert -infile .\seatbelt.exe . .\invoke-seatbelt Invoke-Seatbelt -Command "-group=all" Thx @harmj0y #happypentesting
Just in case you need it automagically wrapped into PowerShell: Grab @ShitSecure and my converter: raw.githubusercontent.com/LuemmelSec/Pen… . .\convert_c#_to_ps1.ps1 invoke-convert -infile .\seatbelt.exe . .\invoke-seatbelt Invoke-Seatbelt -Command "-group=all" Thx @harmj0y #happypentesting https://t.co/iei2M9Ahz3
🍾🪩🪅🎉🥳Giveaway time! 🥳🎉🪅🪩🍾 We are going to send a t-shirt and few goodies to one person who follows @PentesterLab and likes this tweet !! And we are going to give a 1-year voucher to someone who RT this tweet!
We found an attack vector from TRUSTING to TRUSTED domain across domain/forest trust (opposite direction of common trust attacks). Only Domain User access but might be all you need to escalate further. #activedirectory #trust #attackpath improsec.com/tech-blog/sid-…
Giveaway time! We are going to send a t-shirt and few goodies to one person who follows @PentesterLab and likes this tweet !! And we are going to give a 1-year voucher to someone who RT this tweet!
Neeshersl @NeesherslB88ux
80 Followers 3K Following
aabbc123asd @lzzbb111
3 Followers 793 Following
Brisa Casper @BrisaCaspe84432
1 Followers 169 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/2D3eOsUk4Z
Raph @RaphaelDLNG
20 Followers 346 Following
whiskeylotus @whiskeylotus1
8 Followers 202 Following Junior Ethical hacker / OSCP learning / DevSecOps
Alice @d_alice9
265 Followers 3K Following
Whimsical Wind @ottleyswebmall
18 Followers 163 Following Walking on the road of the collection world
Maya @mayaspera46
285 Followers 3K Following
abhijit_ghosh @abhijit_ghosh
0 Followers 10 Following
Pavel Andreyeu @PAndreyeu
4 Followers 30 Following
Lidia @taylorlidia5
217 Followers 3K Following
Shubham @TechLoverIndia
281 Followers 3K Following I am a Student who likes tech . I will be updating regularly on tech news . Subscribe my Channel :- https://t.co/EggYzFP0cc
Kathryn @messer_kathryn6
605 Followers 3K Following
Margret @philson58margre
297 Followers 3K Following
Susan @s_hayes42
276 Followers 3K Following
Una @una_booker_
315 Followers 3K Following
Victoria @pullen7victoria
406 Followers 3K Following
Viola @mendoza_viola9
258 Followers 3K Following
Yvonne @yvonneinnis23
245 Followers 3K Following
Beverly @beverlylocklea6
317 Followers 3K Following
Emily @c_emily53
265 Followers 3K Following
Mary @mcwhorter_mary5
293 Followers 3K Following
Joan @joan11acosta
1K Followers 3K Following
Debra @debraba48649290
1K Followers 3K Following
Joyce @castrojoyce89
325 Followers 3K Following
Carmen @carmen_zick54
244 Followers 3K Following
Red @sam_phisher
709 Followers 2K Following Pentester/red teamer. Interested in maldev, AD & Azure. Writer of shitty code.
R E A V A @reava
216 Followers 2K Following Information Security: tracking the stuff that makes it better. Or worse. \n Likes ~ bookmarks
CrowdCyber 🌐 @CrowdCyber_Com
275 Followers 1K Following The idea is to create big opportunities in Cybersecurity. Meanwhile we’re Revolutionizing and Democratizing Cybersecurity information.
FranchFrais @FranchFrais
0 Followers 270 Following
R.B.C. @G3tSyst3m
1K Followers 125 Following Security Professional and Researcher with over a decade of experience. I'm fairly low profile, but share useful info from time to time.
Manish Kishan Tanwar @IndiShell1046
2K Followers 529 Following SQL Injection fan Develop vulnerable labs and web shells in spare time https://t.co/K2kSnZjLDO
Carl Nykvist @CarlNykvist
197 Followers 1K Following
Mayfly @M4yFly
7K Followers 782 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
G M @followeragent99
78 Followers 2K Following Security enthusiast. Incident analysis. Web App Pentest. Researcher. Student. Educator. Follower of good things.
Jim Sykora @JimSycurity
2K Followers 2K Following I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän
Geiseric @Geiseric4
906 Followers 155 Following AD/Azure Enthusiast | eCPPTv2 | CRTP | CRTO | CRTE | CRTM | CARTP https://t.co/yYy84cNFPw
Cyb3rD06 @Cyb3rD06
24 Followers 42 Following
Nathan Jones @njcve_
2K Followers 2K Following Bishop Fox || GoogleVRP (UK): 5th || HackerOne UK Ambassador
Marco Morelli @jackiemorelli
907 Followers 4K Following
Craig Rowland - Agent... @CraigHRowland
11K Followers 316 Following Agentless Linux security. No endpoint agents and no drama. Linux malware, forensics, intrusion detection, and hacking. Founder @SandflySecurity.
Elliot @ElliotKillick
3K Followers 40 Following Security engineer and researcher | Elliot on Security
Chetan Nayak (Brute R... @NinjaParanoid
31K Followers 0 Following Founder Dark Vortex/Brute Ratel | Former RedTeam @CrowdStrike @Mandiant @niiconsulting
Andrew @4ndr3w6S
3K Followers 2K Following Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!
Megan @mega_spl0it
551 Followers 274 Following Purple Teamer | Probably a SIEM log | Send Memes | Putting the Tater in Administater | Security Spud @TrustedSec
Stamus Networks @StamusN
1K Followers 239 Following Enterprise Clear NDR solutions. Leader in Suricata-based network security. Creator of open-source toools GopherCAP, Suricata Language Server, Splunk app.
Chris Thompson @retBandit
7K Followers 870 Following Head of Red team @ IBM X-Force. Black Hat Review Board. Founder and co-organizer of Offensive AI Con. Co-Founder of RemoteThreat. inveni et usurpa
Joe Vest @joevest
8K Followers 891 Following Red Teamer丨Author of Red Team Development and Operations https://t.co/LTiTgnFKJq 丨Don't let perfect be the enemy of good
RedTeamVillage @RedTeamVillage_
36K Followers 2K Following Red Team Village | Join us on https://t.co/ILZhRFw4Y7 . Check our next events at: https://t.co/fJwIUSTI16
Synack Red Team @SynackRedTeam
48K Followers 622 Following The power behind the @Synack platform is an elite team of the world's top cybersecurity researchers. Our best are honored at https://t.co/6bEAyp7HWJ
PenTest-duck @PenTest_duck
1K Followers 888 Following Startups x AI x Software x Cybersecurity (Don't use X that much - hit me up on LinkedIn) https://t.co/p24Ju33aUj
Benjamin Strick @BenDoBrown
65K Followers 2K Following Investigations Director @Cen4infoRes. Past BBC & @Bellingcat. Tutorials: https://t.co/jwll4Af0ax. OSINT/GEOINT. Views = own.
Кириакос Эк... @kyREcon
3K Followers 749 Following @ShellterProject. R&D. Exploit Dev. Malware RE. AV/EDR Evasion. The greatest trick the devil ever pulled was convincing the world stupid questions didn't exist.
Gabrielle 💻🗝 @Gabrielle_BGB
3K Followers 1K Following Ethical Hacker 🏳 | Top IFSEC Global 2022 | Woman Hacker 2022 | Board Member | Artemis SRT (Synack)| Speaker | Mentor🏳️🌈 | Opinions are my own
Justin Seitz @jms_dot_py
18K Followers 5K Following Bullshit Hunter @bullshithunting. Author of a couple of @nostarch hacking books. Formerly @Hunchly. ADHD. He/Him. @justinseitz on Bluesky.
(╯°□°)╯︵ S�... @cybersecstu
29K Followers 4K Following Hi I'm Stu from '42 | ❤️OSINT |✍️ CTI & Analytics book ~2025, Tracelabs Black badge x3 | Ex- @themanyhatsclub | #cyber Views my own not employers
🌃Zerophage🌌 @Zerophage1337
4K Followers 339 Following Independent researcher focusing on threat intelligence and exploit kits. 😉
Robert Lipovsky @Robert_Lipovsky
2K Followers 98 Following Principal Threat Intelligence Researcher at @ESET | Conference speaker | ɘƨɿɘvɘЯ Engineer
Chris Wysopal @WeldPond
55K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
__veronica__ @verovaleros
9K Followers 810 Following Woman. Hacker. Artist. Researcher. Teacher. Trainer. Master student of Intelligence and Security Studies at LJMU. Project leader at @StratosphereIPS.
RootkitCN @rootkitcn
1K Followers 497 Following Focus on mobile&PC security, exploit, malware, webhack etc.
[email protected]... @christogrozev
544K Followers 1K Following Investigative journalist (Spiegel, The Insider, ex-Bellingcat), film maker and hobby coder. https://t.co/3kUwYLHXoL
Tib3rius @0xTib3rius
68K Followers 586 Following High Queen of the Cybers | Educator | Content Creator | UwU-Anointed Wapp King | Ex-Brit | https://t.co/04RRExvxXj (he/him) 🇺🇸 I run gameshows at DEF CON.
Tony @TJ_Null
23K Followers 490 Following Blue Teamer in Disguise. Blog at https://t.co/spa33ybIVL. SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining
Ramin Nafisi @MalwareRE
5K Followers 2K Following Director of MSTIC Malware Intelligence, Research, and Analysis (MSTIC-MIRAGE) team.
☩MalwareMustDie @malwaremustdie
6K Followers 144 Following Official account of MalwareMustDie, NPO. Info: https://t.co/131r5UW4bF Blog: https://t.co/lUnpKnXOqV
Project Owl @projectowlosint
36K Followers 424 Following Project Owl: The OSINT community hub. Foreign policy, geopolitical events, military, and government focused. RT/Like/Follow ≠ Endorsement.
Richard Ackroyd @rfackroyd
824 Followers 804 Following Cyber Security | Staff Security Engineer @Ripple (fintech/crypto) | Specialised in Detection & Response 🦈 Ex @PwC
SOS Intelligence @SOSIntel
19K Followers 2K Following The Dark Web Monitoring platform for business and enterprise. Managed Threat Intelligence services to detect darkweb & OSINT data-breach and theft. #NAFO Intel
Help Net Security @helpnetsecurity
60K Followers 27 Following Independent cybersecurity news since 1998. Discover what matters in the world of information security today.
VR|XD Community @zerodaylinks
2K Followers 50 Following Low-level Hacking, Vulnerability & Exploit Research • Expert commentary: @alisaesage • Courses: @zerodaytraining • https://t.co/ASQmvN9Jz4
𝙽𝙴𝚃𝚁𝙴�... @netresec
9K Followers 815 Following Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, #PacketCache, #PolarProxy and #RawCap.
ECHO Cybersecurity @ECHOcybersec
1K Followers 633 Following To strengthen proactive cyber defence of the European Union in 48 months, 30 partners, 15 EU countries+Ukraine #multisectoral #academy #research #industry
Spider Suite @spider_suite
87 Followers 4 Following Advance, cross platform web security crawler/spider.
Cannibal 🎃 @Cannibal
9K Followers 816 Following Ex medical infosec. Red team. Threat hunter. Patient safety. Locksport. Metal work. Rapid prototyping. 3D Printing. I break things.
hackplayers @hackplayers
55K Followers 1K Following Hacking ético e in-seguridad informática: it's time to play!
THConvention @ToulouseHacking
1K Followers 126 Following Conferences & CTF April 10-11, 2025 at Université Paul Sabatier, Toulouse
ZeroDayLab @ZeroDayLab
5K Followers 265 Following Passionate about Total Security Management offering the very best in Ethical Hacking, Education & Training, Governance, Risk, & Compliance, and Managed Services
Zero Day Con @zerodaycon
1K Followers 458 Following @smarttech247’s Global Cybersecurity Conference. March 11, 2025
ZeroDays CTF @ZeroDaysCTF
2K Followers 1K Following ZeroDays Capture-The-Flag, the largest on-site, one-day CTF in the world. We also organise CTF training for organisations. https://t.co/jn9nTPicwC
HP Wolf Security @hpsecurity
22K Followers 786 Following Insights, research, and analysis from the HP threat analyst team.
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Rémi GASCOU (Podalir... @podalirius_
8K Followers 652 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools 🎬 https://t.co/QaAENc4NcY
CERT.at @CERT_at
5K Followers 498 Following https://t.co/gzNtW4vnrt is the Austrian national CERT. RFC 2350: https://t.co/MFBOwz716E… RT ≠ endorsement @[email protected] (Fediverse) #IOCXTrends for United States
You might like
