José M. Aparicio @_apanonimo
Red Team @BlackArrowSec (@Tarlogic) Santiago - Sevilla Joined March 2012-
Tweets314
-
Followers226
-
Following249
-
Likes134
AvePoint has fixed a vulnerability in DocAve, Perimeter and Compliance Guardian discovered by our researchers @m1ntko and @Calvaruga. This vulnerability can be used to achieve Remote Code Execution (RCE) in affected systems. ➡️ Advisory: avepoint.com/company/docave…
Old Red Team Story: @_apanonimo created something similar but as APK uploaded to the Android PlayStore spoofing the target company. It read the 2FA from SMS and autofilled it to login in the intranet, but also gave us access. It stayed alive for months 😂
Old Red Team Story: @_apanonimo created something similar but as APK uploaded to the Android PlayStore spoofing the target company. It read the 2FA from SMS and autofilled it to login in the intranet, but also gave us access. It stayed alive for months 😂
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…
As someone involved in the AWS offsec space, I want to share why I strongly do NOT recommend the HackTricks AWS Red Team Expert course. The author of it is a plagiarist, stealing content from other creators and is directly profiting off of it through sponsorships. A 🧵
Our colleague @IagoAbad has weaponized the leaked token handles technique for MSSQL. Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain. github.com/blackarrowsec/…
My 2cents: before using something random you saw on twitter/Github, think twice how it works and if it is worth or just crap. And, please, don't reuse infra in your attacks 🤣
First video of "Understanding a Payload's Life" uploaded. As soon as I have some spare time I'll be recording more. Enjoy! youtube.com/watch?v=AIAr2-…
Watchguard has fixed 4 vulnerabilities in Watchguard EPDR discovered by our researchers @antuache and @Calvaruga. These vulnerabilities can be used to turn-off the defensive capabilities of the product and achieve privilege escalation. ➡️ Advisories: watchguard.com/es/wgrd-psirt/…
Finally I figured it out how to remove your username and other undesired absolute path strings from Rust binaries. It's pretty simple, but I've added it to the tips and tricks repository in case anyone has been struggling with this issue as well. github.com/Kudaes/rust_ti…
In our latest post, @xassiz introduces a new technique to obtain cleartext passwords from MSSQL by abusing linked servers through the ADSI provider. ➡️ Read more: tarlogic.com/blog/linked-se…
New process injection technique through entry points hijacking. - Threadless or threaded, at will. - No hooking. - No RWX memory permissions. - No new threads with start address pointing to the injected shellcode. github.com/Kudaes/EPI
I've found that fibers may be something to look at when it comes to execute local in-memory code. This is a simple PoC of how you can leverage fibers to execute in-memory code without spawning threads and hiding suspicious thread stacks among others. github.com/Kudaes/Fiber
Have you ever tried exploiting a Spring Boot Actuators RCE but the restart endpoint was disabled? ⬇️ Abuse this behaviour using this #TrickOrThreat by @antuache
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_ ➡️ github.com/blackarrowsec/…
SCCM takeover by abusing automatic client push installation has less requirements than I thought. Check this post out for a detailed walkthrough and recommendations. Install KB15599094 and disable NTLM for client push installation to prevent this attack. posts.specterops.io/sccm-site-take…
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others. ➡️ Our research: tarlogic.com/blog/ad-cs-man… 🧵 A summary thread:
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others. ➡️ Our research: tarlogic.com/blog/ad-cs-man… 🧵 A summary thread:
💥One shell to HANDLE them all New approach to escalate privileges from a web shell by abusing open token handles. #RedTeam /cc @_Kudaes_ ➡ tarlogic.com/blog/token-han…
We've extended @nopfor\ntlm_challenger with MSSQL support! This is useful when network segmentation prevents from reaching the SMB port ➡️ github.com/nopfor/ntlm_ch…
H(owl)y day! A small post briefing our thoughts about NoVNC vs reverse proxies for phishing campaigns by @TheXC3LL adepts.of0x.cc/novnc-phishing/
Btw. I'm going to talk about this & more in my talk at @EuskalHack this summer
Btw. I'm going to talk about this & more in my talk at @EuskalHack this summer
hamaccount @hamaccount
16 Followers 2K Following
︎ ︎ @0xocdsec
4K Followers 7K Following ︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🏴☠️ ︎︎ ︎︎ ︎︎ ︎︎ ︎🌹︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎ ︎︎🏴☠️︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎💚︎︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🇺🇦 ︎︎ ︎︎ ︎︎ ︎︎ ︎︎|︎ ︎︎ ︎︎ ︎︎ ︎︎603,628 km² ︎ ︎︎
0xHacker @0xhackerr
18 Followers 513 Following
mgl @mglangley
15 Followers 794 Following
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer.
Juan Antonio @sikumy
1K Followers 1K Following 23 | Creator of @DeepHackingBlog | Pentester at @TelefonicaTech
eversinc33 🤍🔪�... @eversinc33
6K Followers 1K Following computers be computin | https://t.co/Eiur8iOJQ4
Yuki @Yukii180
82 Followers 129 Following Me creo programador Hice la web de https://t.co/F2p745UCre
Itwihu @Itwihu193
38 Followers 2K Following
Alex @alextoystory
0 Followers 589 Following From a hopeless crush on a captivating stranger, a bitter curse emerged, transforming their once innocent love into a twisted obsession. To MsPsychology1
Cheshire Cat @cheshireca7
85 Followers 358 Following Advanced script kiddie who digs on true hacking methodologies. I also like cats with evaporation power. Bsky: https://t.co/tRA05htE7Q
Иormallik Ölümdür... @zero0day0
830 Followers 4K Following o kadar özgür ol ki seni sınıflandıramasınlar.
Amine Rais @syboff
0 Followers 51 Following
Cristian Cantos @kriwarez
1K Followers 3K Following AI Prompter @kriwareAI. Security Analyst at @layakk. Staff at @rootedcon YouTube: https://t.co/u8DirnFlCh
Troupe Master Grimm @Ericdamehueco
183 Followers 502 Following Sic parvis magna | Born of God and Void | Un corazón de Acero
gibdeon @gibdeon
776 Followers 684 Following Apasionado de la informática y de la seguridad de la misma, adicto a los CTF y los chuletones
d1rkmtr @d1rkmtr
8K Followers 466 Following
https://mastodon.soci... @antonvblanco
208 Followers 568 Following
Alpine Security @alpine_sec
32 Followers 28 Following
Iván Santos Malpica @Iv4nS4n
105 Followers 177 Following Pentester, bug bounty hunter and mathematician.
James W. @cyberbiz4
164 Followers 4K Following looking for a cyber position in blue team. Metro Vancouver, Canada. Defender, GIAC x 3, AWS, M365, Splunk, Azure
ATTL4S @DaniLJ94
3K Followers 649 Following I like spending time understanding things | FSAS @NCCGroupInfosec
xD10 @v3l4r10
76 Followers 916 Following
Tzaoh @Tzaoh_
15 Followers 337 Following
mintko @m1ntko
27 Followers 369 Following
Chung Isaac @isaac78819
3 Followers 106 Following
Jerry-王近平薄 @wangjinpingbao1
115 Followers 1K Following 哈哈哈哈人心和太阳一样不可直视,没有阳光自己便是阳光! C目前来说是政治为大,没有背景,家族……不要参与政治,老老实实研究赚钱就行了
nkx @nek0x_
247 Followers 1K Following “𝘈𝘯𝘺 𝘧𝘰𝘰𝘭 𝘤𝘢𝘯 𝘮𝘢𝘬𝘦 𝘴𝘰𝘮𝘦𝘵𝘩𝘪𝘯𝘨 𝘤𝘰𝘮𝘱𝘭𝘪𝘤𝘢𝘵𝘦𝘥. 𝘐𝘵 𝘵𝘢𝘬𝘦𝘴 𝘢 𝘨𝘦𝘯𝘪𝘶𝘴 𝘵𝘰 𝘮𝘢𝘬𝘦 𝘪𝘵 𝘴𝘪𝘮𝘱𝘭𝘦.”
BlackArrow @BlackArrowSec
1K Followers 13 Following BlackArrow - offensive driven defense #redteam #threathunting by @Tarlogic
Jennifer Torres @xtormin
699 Followers 857 Following Hacking as a lifestyle 🖤🕵️♀️👩🏼💻 #infosec #pentester «Cybersecurity Consultant at @Tarlogic»
lancharro @lancharro
231 Followers 332 Following
Jesús 🍟 @HackingPatatas
1K Followers 440 Following la patata deluxe que se cuela siempre en el paquete de las normales
Vortex @VortexS3C
28 Followers 158 Following
Trusted Token @TrustedToken
127 Followers 5K Following
coder0x02 @coder0x02
11 Followers 289 Following
☠ Román Medina-Hei... @roman_soft
8K Followers 687 Following CyberSecurity junkie since 1993. Manager, strategist/advisor and engineer. CTF player (#int3pids). Occasional researcher. Ex-Founder #RootedCon. Always learning
Secu @secu_x11
1K Followers 427 Following Offensive Security at @TelefonicaTech | Author of Kraken | Co-author of Mística
Mercedes Muñoz (M) @mikiminoru
1K Followers 1K Following Guitar Goalkeeper Gryffindor Geek Girl. Curious cat. Hacking & OSINT & Infosec. Always Padawan. @securiters team
Purple boost @purple_boost_
466 Followers 88 Following Asociación de fans de @MovistarKOI inscrita en el registro nacional de asociaciones 💜 ⚡ 💜 Discord https://t.co/sPd38e6mi6 Únete en 👇
Yuki @Yukii180
82 Followers 129 Following Me creo programador Hice la web de https://t.co/F2p745UCre
Sergio Ferra Salcedo @SergioFFerra
94K Followers 989 Following Freelance | Poaching Director at @MovistarKOI | Narrador de @LaLiga | @TwitchEs Partner | Contacto: [email protected]
Bishop Fox @bishopfox
26K Followers 4K Following A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking VC @forgepointcap @carrickcapital @WestCap8
sn🥶vvcr💥sh @snovvcrash
12K Followers 488 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of the Pentester’s Promiscuous Notebook :: He/him :: Tweets’re my pwn 🐣
Tijme Gommers @tijme
2K Followers 594 Following Offensive Security at @ABNAMRO 🐙. Forensics at @HuntedNL. Cyber Cyber Cyber ⚡. Bluesky: https://t.co/536oE2DGUw
Community Notes @CommunityNotes
1.2M Followers 0 Following Empowering users to create a better-informed world. We're open source and data is publicly available: https://t.co/Te3IjR10Ix Q? Reply/DM
Dr J. Azúa MD PhD IF... @doctorazua
10K Followers 3K Following «A la ausencia no hay quien se acostumbre. Otro sol no es tu sol aunque te alumbre». M. Benedetti #puravidamario🕊️💔 FUNDACIÓN MARIO AZÚA
Alpine Security @alpine_sec
32 Followers 28 Following
mnemonic @mnemonic_sec
359 Followers 5 Following mnemonic is a leader in 24x7 Managed Detection and Response (MDR) services, incident response, threat intelligence and risk management.
Marcos Díaz @Calvaruga
142 Followers 2K Following
Navaja Negra Conferen... @NavajaNegra_AB
10K Followers 122 Following Congreso de Ciberseguridad 🛡️☠️ Cybersecurity Conference #NN2025 🖤💛
Tzaoh @Tzaoh_
15 Followers 337 Following
Kurosh Dabbagh @_Kudaes_
1K Followers 194 Following nt authority\kurosh https://t.co/MCEI38ndVE https://t.co/w6aiUt7YlZ
Daniel Ricciardo @danielricciardo
3.4M Followers 194 Following Formula 1 driver from Australia. https://t.co/k9Mg3OJ8qh
an0n @an0n_r0
13K Followers 726 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺
komanche 🇸🇻 @Komanch
2.3M Followers 2 Following me estoy pasando 100 juegos en menos de un año en twitch! ven a verme! negocios: [email protected]
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Negacionistas Out of ... @EstoyAvisando
197K Followers 2 Following Autor de 'La gran conspiración, cómo las redes sociales controlan tu vida' 📝 Cuenta oficial de ELLOS. Organización organizada. Cuenta CNI de manual.
Oliver Lyak @ly4k_
9K Followers 265 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
Lab401 @Lab_401
6K Followers 495 Following Europe's leading pentesting hardware supplier : #FlipperZero #Hak5 #Proxmark #iCopyX #USBKill #infosec #pentesting Your trusted partner for pentesting.
Flipper Zero @flipper_zero
101K Followers 145 Following A portable multi-tool device in a toy-like body for pentesters and hardware geeks. Buy worldwide here ➡️ https://t.co/n09EKVnqri
Secu @secu_x11
1K Followers 427 Following Offensive Security at @TelefonicaTech | Author of Kraken | Co-author of Mística
ATTL4S @DaniLJ94
3K Followers 649 Following I like spending time understanding things | FSAS @NCCGroupInfosec
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Jorge @jorge_ctf
2K Followers 464 Following offline - ex @github @water_paddler @ripp3rsctf | OSWE | DC30 CTF finalist
Charlie Bromberg « ... @_nwodtuhs
15K Followers 653 Following Trying to hack the way we hack things 🏴☠️
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
hackliza @hackliza
183 Followers 17 Following Unha comunidade galega sobre seguridade informática e outros temas. A galician community about computer security and other stuff.
Clément Labro @itm4n
7K Followers 166 Following Pentest & Windows security research (I stopped using this account in December 2022) ➡ Mastodon: @[email protected]
Bernardo Quintero @bquintero
23K Followers 265 Following Founder of @virustotal 📖 INFECTED: https://t.co/RRguFlNWKR 📖 INFECTADO: https://t.co/WZ5C2U5ymR
Pentester Academy @SecurityTube
195K Followers 14K Following We help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.
Pavel Yosifovich @zodiacon
14K Followers 916 Following Windows Internals expert, author, and trainer. Teaching system programming & debugging at TrainSec. Check out my books & courses! 🚀 #WindowsInternals #TrainSec
Jari @_Laox
412 Followers 498 Following RedTeam Leader @TelefonicaTech | evil-winrm dev | @AdeptsOf0xCC
Adepts of 0xCC @AdeptsOf0xCC
2K Followers 6 Following A brotherhood of owls praying to the debugger God. Press F7 to step into our prayers!Trends for United States
You might like
