hackerfantastic.x @hackerfantastic
Co-Founder @myhackerhouse cyber security assurance & hacker training ~ ISBN9781119561453 ~ a book on professional hacking. Offensive Lua project. hacker.house 0.0.0.0/0 Joined January 2009-
Tweets147K
-
Followers103K
-
Following4K
-
Likes136K
I've written up an advisory describing the vulnerability in "systemd-run" / "run0" and cavaets on exploitation tradecraft when targeting privileged operations under modern Linux distributions. You can read my write-up here. github.com/hackerhouse-op…
$68M (1155WBTC) lost after victim fell for address poisoning attack. TL;DR on attack: Attacker is sending spam transactions to your address in order to catch you being inattentive. You can copy their address instead of your own from the TX history. Attackers generate addresses…
$68M (1155WBTC) lost after victim fell for address poisoning attack. TL;DR on attack: Attacker is sending spam transactions to your address in order to catch you being inattentive. You can copy their address instead of your own from the TX history. Attackers generate addresses…
Czechia and Germany reveal they were targets of a massive cyber espionage campaign by Russia-linked APT28 hacker group. The audacious attacks exploited a critical #Microsoft Outlook flaw to compromise email accounts. Learn more: thehackernews.com/2024/05/micros… #cybersecurity #hacking
A message to the person who stole my trainers and hi-vis jacket. You can run but you can’t hide.
The @UpholdInc CEO just said soon you’ll be able to earn a yield on your XRP. #XRPLasVegas2024
Florida Bans Lab-Grown Meat ift.tt/BnXfYdT
We condemn the malicious cyber activity carried out by Russia's military intelligence service targeting Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden. We join NATO and the EU in efforts to counter such activities and hold perpetrators accountable.
Russian GRU cyber actor APT28 has a history of malign cyber behavior. The US previously indicted and sanctioned actors associated with the GRU for a wide range of such activity aimed at undermining the security of allies and partners and the rules-based international order.…
Russian GRU cyber actor APT28 has a history of malign cyber behavior. The US previously indicted and sanctioned actors associated with the GRU for a wide range of such activity aimed at undermining the security of allies and partners and the rules-based international order.…
📹Police are planning to put facial recognition in CCTV cameras incl. at train stations Subjecting swathes of innocent people to biometric checks in public places is deeply dystopian. This huge incursion on our privacy must end | #StopFacialRecognition
The first code name for CIA mind control experiment projects (before MKULTRA) was Project Bluebird. Think the original Twitter logo was a coincidence?
Don’t be afraid. Just believe. - Mark 5:36
You become unstoppable when you realize that you can do it alone.
A Wi-Fi6 OFDMA AP based on FPGA Software Defined Radio is not a dream, but a reality NOW! #openwifi AP running 4 user OFDMA with 4 ESP32-C6. Come to the demo: imec ITF world booth34 (May 21-22 Antwerp), EuCNC booth11 (June 3-6 Antwerp), Wireless community event (May 7 Ostend)
There are basically three outcomes to posting on Twitter: 1) Post something thoughtful, get bummed out that it goes unnoticed, 2) Post something thoughtful, watch it go viral, deal with random people smugly incorrecting you, 3) Shitpost and come out on top either way.
@hackerfantastic @bl4sty I fully agree with your technical thoughts. Just look at the only silver lining - you will wrack up a bunch of shiny new CVEs that people will go crazy about! Just make sure to drop them fully disclosure on Fridays please!
mRr3b00t @UK_Daniel_Card
93K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistNicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Florian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98Mippsec @ippsec
111K Followers 350 FollowingPentester Academy @SecurityTube
188K Followers 15K Following We help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.☣ KitPloit - Hacker.. @KitPloit
118K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!x0rz @x0rz
98K Followers 422 Following Cybersecurity & Threat Intelligence. Knowledge is power, France is bacon 🥓Grzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Greg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsMike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripDaniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory BoardSentinelOne @SentinelOne
52K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Clandestine @akaclandestine
36K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting |DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.Oliver Lyak @ly4k_
8K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KIblackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need JobVarzifar @varzifar
147 Followers 900 FollowingYop @Yopsenga
5 Followers 78 FollowingInity @Inity_F
37 Followers 260 FollowingJuuzou @Juuzuo_
2 Followers 11 FollowingPeter Šándor @petesandor
30 Followers 805 Following Software developer @IBM • @angular, @reactjs, @typescript, @nodejs • C/C++ enthusiast • cybersecurity, reverse engineering • ☁️🔑 multi-cloud key managementDreamyandDolliciousss @AquarianElisa
132 Followers 1K Followingcsiripx @csiripx
36 Followers 159 FollowingLuc Cheung @interests_test
160 Followers 5K Followingdecentricity pand0ra... @decentricity
11K Followers 5K Following expert systems dev 2008, @IBM Lab Services 2016, transhuman upload 2024. @inversebrah liason. https://t.co/fA6ulbyhd6 https://t.co/jREkTEsfTx https://t.co/aj87GXqfy3 https://t.co/dpvTE42VR6Heart Attack @Br0kenHeaven
161 Followers 352 Following Nicolas, 22 «Pour une part de pluralité» Γεννημένη μόνη και μόνη μέχρι να πέσεις, μην αφήσεις την καρδιά σου να γευτεί την παρέα που πετάει τα ρεύματα.Jonathan Missael @Missael31051998
4 Followers 381 FollowingIker Arizmendi @IkerArizOrig
37 Followers 35 FollowingLactaidEnjoyer @pwnPHOfun
1 Followers 117 FollowingXecuter2 @Xecuter2
615 Followers 3K Following 20 years in IT | Tech Enthusiast | BS Spotter | Think critically or become a statistic! | 1A + 2A | Opinions, Not Financial Advice.Eldrid Rensburg @EldridRensburg
21 Followers 1K Following In the beginning, the Universe implemented Unix (Linux) & C (C with Classes) & said: let there = vars; & saw that it was good . . ¯¯\_(ツ)_/¯¯ . . ʕつ•ᴥ•ʔつGunner Lawless @zglawless
16 Followers 496 FollowingKaputen Benādo (カ�.. @callMeBernard_
274 Followers 680 Following this account respec salt water, milk, carrot. bakunyuu supremacymoonstein @ohmymoonstein
7 Followers 16 Followingjai-the-seeker @SeekerJai
0 Followers 207 Followingxtrenk @gutrenk
3 Followers 404 Followingr00t killah @r00tkillah
2K Followers 687 Following red @ Oracle Cloud Infrastructure ☁️🐚@⚖️; hacker; opinions my own; he/himFilipe Oliveira @tfmoliveira
1K Followers 372 Following Software Engineer. TypeScript, Node.js, React & Angular.𝕭𝕽𝕲 network .. @network21380061
250 Followers 477 FollowingB Sarthi @BM_Sarthi
0 Followers 18 FollowingShadeofsaints @shadeofsaints47
17 Followers 205 FollowingRyan J. Martin @Ryan16AF
5 Followers 113 Following Private Ryan J. Martin, 16th Air Force (Air Force Cyber). Following, RTs, links ≠ endorsement.Nitro @ThatGermanDudee
76 Followers 83 Following Just a guy being a dude Professionel Men liker 🏳️🌈Bi 🇩🇪Ger He/HimAhmed Mohamed @slash10_01_neee
137 Followers 2K FollowingJohn Sanders @Sandman46615
147 Followers 1K Followingpiterd @piterd
23 Followers 1K FollowingAbhishek kumar jha @abhishekmdb
2K Followers 160 Following Infosec, SEO, Founder (@techworm_in) (@emulatorclub)Feroz Ali Abbasi @FerozAliAbbasi
9 Followers 92 Following https://t.co/Ew05NqCwFO I've made an application to the IPT. UK wants to Shamima Begum my citizenshipCarles @carlespey
64 Followers 45 FollowingDadik @Dadikk73k
12 Followers 115 FollowingCelso Jimenes Obando @CelsoJimenes
69 Followers 284 FollowingO|O @gostaware
1 Followers 54 FollowingmRr3b00t @UK_Daniel_Card
93K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistNicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Florian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |ippsec @ippsec
111K Followers 350 FollowingPentester Academy @SecurityTube
188K Followers 15K Following We help professionals acquire the skills, knowledge and certificates by teaching defense through offense to advance their careers in cybersecurity.☣ KitPloit - Hacker.. @KitPloit
118K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!x0rz @x0rz
98K Followers 422 Following Cybersecurity & Threat Intelligence. Knowledge is power, France is bacon 🥓Grzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Greg Linares (Laughin.. @Laughing_Mantis
29K Followers 2K Following 20+ yrs in Infosec. Cybergoth. Musician. Autistic. Art @MalwareArt. 4x Pwnie Nominee. Red Teamer. 𝕍𝕏. Chronic Illness Fighter. I love Smite, Gamedev & SynthsMike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripDaniel Cuthbert @dcuthbert
30K Followers 1K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & UK Government Cyber Security Advisory BoardSentinelOne @SentinelOne
52K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.Oliver Lyak @ly4k_
8K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KIMatthew Miller @StateDeptSpox
618K Followers 33 Following The official account of @StateDept’s Spokesperson serving under the leadership of the 71st Secretary of State @SecBlinken.Mathew Solnik @msolnik
3K Followers 1K Following CEO @ OffCell Research / Head of Security Engineering @ WitnessAIViasat @viasat
15K Followers 3K Following We’re connecting consumers, businesses, governments & militaries—on the ground, in air & at sea. Residential customer service? Tweet @ViasatInternet.NCI Agency @NCIAgency
9K Followers 1K Following The NATO Communications and Information Agency: #WeAreNATO’s technology and cyber experts.NCIA Acquisition @NCIAAcquisition
2K Followers 9 Following Official Twitter account of the NATO Communications and Information (NCI) Agency Acquisition Office.Eric Geller @ericgeller
84K Followers 898 Following Freelance cybersecurity reporter covering all things digital security. I also co-host @hothtakes. | Send me tips: https://t.co/j2VflOTeFSScam Sniffer | Web3 A.. @realScamSniffer
80K Followers 32 Following Building The Real-Time Web3 Anti-Scam Platform. Make Web3 secure for the next billion users. Telegram: https://t.co/oYTpJ34DoXPuter @HeyPuter
2K Followers 2 Following Open-Source Personal Cloud Computer: All your files, apps, and games in one place accessible from anywhere at any time. Code: https://t.co/4ntFRhO0H5illuminatibot @iluminatibot
1.8M Followers 1K Following The Illuminati, The NWO, The Occult, Symbolism, Truth. As an Amazon Associate I earn from qualifying purchases. Business inquiries: [email protected]Michael @the4rchangel
304 Followers 363 Following Christ above all | Husband | Father | Veteran | #hacker / #hacking | #OSINT | #Python | #infosec | #threatintel | I chase bad guysZero Day Engineering @zerodaytraining
6K Followers 1 Following Vulnerability Research & Courses • https://t.co/WDjQQrzTtRIAMERICA @EricaZelic
7K Followers 4K Following Your perception is not my reality. Posts don't represent my employer(s).Joshua J. Drake @jduck
28K Followers 2K Following A funemployed researcher living in the intersection between security and embedded Rust.DroneBlocks @DroneBlocks
5K Followers 3K Following DroneBlocks creates opportunities for students of all ages to learn Blockly, Python, and JavaScript by programming autonomous drone missions in the classroom.PX4 Autopilot @PX4Autopilot
5K Followers 574 Following Your hub for #PX4, #MAVSDK, #MAVLINK, #QGC community news and updates. Tweets by community managers @Dronecode Foundation. #opensource #drones #roboticsDronecode Foundation @Dronecode
5K Followers 414 Following The Dronecode Foundation is home to the @PX4Autopilot, MAVLink, QGC, and the MAVSDK for MAVLink. Dronecode is a US-based non-profit hosted by @linuxfoundation.UAV Bro @uavbro
4K Followers 5K Following Drones. Custom Drones. 3D Printed Drones. 3D Printing. Electrical Engineering. Robotics. Counter UAS. Beer. Co-Founder & CEO @Momentum_DronesMomentum Drones @Momentum_Drones
348 Followers 70 Following Drone Design | Manufacturing | Operations https://t.co/uUANKsuZoVDigital Art @livepixelart
171K Followers 2 Following 🌌 The ULTIMATE destination for digital, pixel, & game art 🌌Ryan Emmons @ChairNectar
128 Followers 182 Following Hello, thanks for stopping by! This profile is my own, and my tweets don't represent my employer. https://t.co/D9PuJ9Ur9mJennifer Arcuri @Jennifer_Arcuri
83K Followers 14K Following “Frank and Honest.” Resilient. Fearless w/ “more brains & drive than two or three British politicians put together.” https://t.co/mZWmhVEYFFSpiritus Systems @spiritussystems
16K Followers 194 Following TO BE, RATHER THAN TO SEEM. https://t.co/rurBQ7eMScStanding for Freedom .. @freedomcenterlu
38K Followers 1K Following Life, Liberty, & Truth are under attack. We exist to advance all three & defend Biblical principles for the next generation.Rugged Rosaries® @ruggedrosaries
11K Followers 1K Following We are the Trusted Source for Paracord Rosaries and WWI Battle Beads Combat Rosaries since 2012. #Catholic #ruggedrosaries #paracordrosaries #BattleBeads #KofC𝚛𝚢ム𝚗 🕊 @undercl0ck
491 Followers 2K Following Christian | Explorer | Chaos Coordinator | Security Engineer | Cybersecurity Instructor | I love humanity. | Life's a garden, dig it! | HλIOΣ | .108Fabian Bäumer @TrueSkrillor
234 Followers 54 Following PhD Student @ruhrunibochum | 🐢 Terrapin Attack | Interested in anything related to SSH and protocol security in generalOpen Source Security .. @oss_security
4K Followers 11 Following @Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.Marcus Brinkmann @lambdafu
837 Followers 335 Following I'm a tempura shrimp and you can't catch me! | 🐢 Terrapin Attack | 🦙 ALPACA Attack | 🦝 Raccoon Attack | 😈 DEMONS Attack | @[email protected]Jesse Lyu @jessechenglyu
30K Followers 290 Following founder and ceo @rabbit_hmi board @jugendingenieur any crypto relates to @rabbit_hmi or r1 is a scam.rabbit inc. @rabbit_hmi
85K Followers 1 Following rabbit brings the future of human-machine interface. order r1, your pocket companion, now.Cointelegraph @Cointelegraph
2.2M Followers 1K Following The leader in Bitcoin, Ethereum & blockchain news. Markets & Research: @CointelegraphMT TG: https://t.co/M6iNuH76x7Gold Telegraph ⚡ @GoldTelegraph_
321K Followers 986 Following Gold, Silver, Crypto, Commodities, News, Macro, Commentary, and The Unmasking of Economic Truths. 🌍aleha_84 @84Aleha
80K Followers 118 Following Creating cozy #pixelart scenes Support: https://t.co/0ljK1AZWR8R A W S A L E R T S @rawsalerts
971K Followers 2K Following RawsAlerts is your go-to source for fast and accurate news coverage, specializing in groundbreaking events across the USA. Follow @Rawsglobal for world newsDeXfi @dexfi_pro
3K Followers 158 Following My DeFi one-stop-shop on #XRPL. On desktop, mobile, as Xaman xApps and in Bifrost's Web3 browser.Ken Nevers @k3nundrum
1K Followers 3K Following †Christian|hubby|dad|pet papa|co-founder @hackspacecon, @HackRedCon|@RedSeerSecurity|https://t.co/jsa7dA1pkA|OSEP|OSCP|CRTO|CRTE|CRTP… ”be kind & hack the planet.”Meshtastic @TheMeshtastic
4K Followers 20 Following Your favorite open source, off-grid, encrypted mesh communication platform that runs on affordable radiosAnders Fogh @anders_fogh
3K Followers 555 Following Don't for get the Jacobian. Opinions are mine. Interested in improving IT-Security. Intel employee. This is a personal account, opinions are mine.Yurii Crimson @YuriiCrimson
129 Followers 6 FollowingThreatMon @MonThreat
8K Followers 1 Following ThreatMon Cyber Threat Intelligence Platform | for IOC and C2 data: https://t.co/2ADZRdutwNFruition Productions @Fruition_Films
6K Followers 241 Following Fruition productions focuses on producing documentaries and video games highlighting stories of emerging technologies.Avalanche 🔺 @avax
1.0M Followers 611 Following #Avalanche is the future-proof blockchain built to scale. Build any thing you want, any way you want on the most developer-friendly Layer 1. RT ≠ endorsements.Anthony Weems @amlweems
3K Followers 244 Following Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.$68M (1155WBTC) lost after victim fell for address poisoning attack. TL;DR on attack: Attacker is sending spam transactions to your address in order to catch you being inattentive. You can copy their address instead of your own from the TX history. Attackers generate addresses…
🚨ALERT🚨Are we mistaken, or has someone truly lost $68M worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1155 $WBTC. 😢 Victim: etherscan.io/address/0x1e22… Address poisoner: etherscan.io/address/0xd9a1… Poison transaction:…
@hackerfantastic @windsheep_ @GreggHoush The irony with that attitude is, that systemd to this date still carries the whole legacy of ConsoleKit within logind with its concepts of seats, which is all about providing infrastructure to manage a multi-user environment. Of course it never worked properly.
Where does this remind you of?
@GordonMessmer @hackerfantastic @MortenLinderud Yeah that's exactly what I was thinking. I think it's gonna be a long time before we get rid of sudo, and perhaps in the meantime there ought to be a tool to validate your polkit+sudoers configs are in sync
@hackerfantastic @GordonMessmer @MortenLinderud I'm trying to understand better, it's that polkit has a separate configuration from sudoers, and if you forget to lock down both, the other will remain open for attack, right? So this issue has been around since the dawn of polkit then
@GordonMessmer @hackerfantastic @MortenLinderud That's what I mean by "misconfiguration", though I realize now I wasn't super clear. The "misconf" being to not lock down both in the same way
@hackerfantastic It's always the systemd guys. In February the xz exploit worked because of systemd
@hackerfantastic What does sniff do? I mean what is inside it?
GNU/Linux (or rather, Linux/Systemd) is decidedly getting worse over time, resulting in the mess of an ecosystem it is now, it will only get worse as the wheel reinventing continues and more formerly free software becomes dependent on systemd and friends. Thank you Red Hat (IBM)
Lennart Poettering intends to replace "sudo" with systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.
@hackerfantastic who decided we need to replace sudo?
Lmfaooooooo. Stop. Fucking. With. Sudo. Jeeeeeeeesus 😂
Another example of why systemd-run (sudo replacement) is insecure. The slave end of the pty which the root process is attached to, whilst it isn't designed to attach two programs, is not locked to the root user and as such another process in the same user context can sniff it.
Do not be afraid. I am with you. Do not be terrified. I am your God. I will make you strong and help you. I will hold you safe in my hands. I always do what is right. - Isaiah 41:10
@hackerfantastic @windsheep_ I really feel like the tech world should shun and isolate all of this unserious nonsense to a single distro called "Just Poettering Around" and move on with real solutions. Interesting that the most common containers images are Alpine which doesn't use systemd.
@hackerfantastic "I will accept nothing less than an apology and a CVE." Has to be the best line I've heard for a while man!! Good work as always dude