michael @michaelweimer_
security professional, researcher, penetration test lead @teamhoplite | co-founder, CTO @shieldcyberio michaelweimer.com Indianapolis, IN Joined December 2019-
Tweets68
-
Followers33
-
Following369
-
Likes579
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️ Read Here - akamai.com/blog/security-…
The key to securing Active Directory is being proactive about hardening policy, remediating underlying weaknesses and applying the principle of least privilege to the environment before a cyberattack. By reducing the paths from standard non-privileged users to privileged users,…
Stay ahead of Active Directory targeting. We teamed with @ASDGovAu and others to provide recommended strategies to prevent and detect malicious actors attempting to access the keys to your network. Read our joint guidance: nsa.gov/Press-Room/Pre…
Understanding EVERY Token in Entra ID 🔎 Not all tokens are equal. There are many different types with different uses and benefits. In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain. Full blog…
Microsoft has long downplayed its role in the 2020 "SolarWinds" attack -- one of the largest cyberattacks in US history -- but a new ProPublica investigation reveals that the tech giant ignored warnings that could have stemmed the damage... 🧵
CVE-2024-4577, our rapid analysis of a vuln found by @orange_8361 labs.watchtowr.com/no-way-php-str…
stay sharp on checkpoint CVE-2024-24919 (and likely subsequent checkpoint CVEs). seeing in-the-wild exploitation in @GreyNoiseIO now. viz.greynoise.io/tags/check-poi…
An Ascension St. Vincent spokesperson confirmed some of its technology network systems have been interrupted today. wthr.com/article/news/h…
Ops teams and cyber/infosec teams take note. Patching and vulnerability management are important, but there is SO much more right under our noises. Start investing time in learning how your systems work and how to identify misconfigurations. This is where the action happens!
Ops teams and cyber/infosec teams take note. Patching and vulnerability management are important, but there is SO much more right under our noises. Start investing time in learning how your systems work and how to identify misconfigurations. This is where the action happens!
The vulnerability scan has 400+ findings. I exploit the domain with nothing on it. When is this madness going to change? LOL
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious! securityintelligence.com/posts/critical…
Reposting this because some of you might find it useful. It's common proxy/url categorization sites for most vendors. A lot of which let you submit a re cat with no account and the validation is often fully automated. pastebin.com/2yu4Rsj1
If you're interested by an alternative way to dump domain users' NT hashes and TGT without touching LSASS, take a look at the new Masky tool :) Everything is explained in this article: z4ksec.github.io/posts/masky-re… Thanks @harmj0y, @tifkin_ and @ly4k_ for their amazing work on ADCS!
Teddy Guzek founded Hoplite, a company that specializes in finding technical cybersecurity gaps for its clients then providing ways to mitigate risk, when he returned to Indianapolis from Chicago, where he got his first job out of college. #IBJ20s
New blog post! 📃 It will give a primer on how you can implement security boundaries in your infrastructure to prevent compromise of critical assets based on tiered administration posts.specterops.io/establish-secu…
Products are not the solution to every information security problem. But a great product might be the best solution to a particular problem. Whether you make FOSS or commercial products, I want to share with you a great tool for developing better product features: 🧵
Introducing KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). All credits go to @tiraniddo @cube0x0 @harmj0y, most of the code was taken from their tools. github.com/Dec0ne/KrbRela…
😶🌫️While working on @nikhil_mitt outstanding Azure Red Team course I've developed a handy powershell toolkit combining various Azure Red Team tactics. Sharing it now, maybe someone will find it useful✨ github.com/mgeeky/AzureRT
I have seen this on several of our Client’s networks. The severity of this was greatly overshadowed by #log4j but should not be overlooked. Patch your DC’s (!!!) and adjust your default MachineAccountQuota
I have seen this on several of our Client’s networks. The severity of this was greatly overshadowed by #log4j but should not be overlooked. Patch your DC’s (!!!) and adjust your default MachineAccountQuota
New blog: Relaying Kerberos over DNS using krbrelayx and mitm6. New method of gaining RCE on AD hosts in the same VLAN without credentials or needing NTLM, by abusing Kerberos, DNS and Active Directory Certificate Services. Blog: dirkjanm.io/relaying-kerbe…
Gary Lin @garymlin
5K Followers 5K Following currently @tryexplo || formerly @palantirtech @columbia
Darren Webb ☠🕷 @spyd3r
1K Followers 7K Following Computational demonologist. The following tweets are classified SECRET GOLD JULY BOOJUM. 101 824 5150
Fabian Bader @fabian_bader
9K Followers 813 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]
Rose William @willia15291
208 Followers 7K Following
MarianDillon @okMZ2RUQj8Y4rmF
80 Followers 1K Following
PaulinaErañaCB @Paulinafrom_CB
314 Followers 7K Following MY MAIN GOAL: Make my clients' life easier and more enjoyable while offering the perfect solutions to their needs together with great communication.
Ulva @05NMLctxERpQelH
75 Followers 7K Following
Tondet @Tondet285180
85 Followers 7K Following A strong woman is one who is determined to do what others are determined not to do.
IT CPE Academy @itcpecredit
285 Followers 4K Following Self-Study CPE Programs to help professionals acquire the skills, knowledge and certificates in IT and cybersecurity
BostonHacker @0xM4rk7homas
613 Followers 2K Following
McThodea @McThodeaHM2
48 Followers 5K Following
SystemTek - Technolog... @SystemTek_UK
2K Followers 5K Following Welcome to SystemTek - Est 1999, find the latest tech news and information at https://t.co/I9t1QXbRbr
Tudysairt @Tudysairtpc9nW
54 Followers 5K Following
Emily @SlinawckeyHCC
30 Followers 3K Following
Emma Dumont @47ghV54KcV3D8
18 Followers 2K Following
Mcckimccki @mcckimccki
0 Followers 30 Following
Grover @shimodaira41985
93 Followers 7K Following
Shield Cyber @shieldcyberio
2 Followers 11 Following Shield Cyber is a proactive cybersecurity company, who have created the Shield Platform, which a continuous threat and exposure management platform.
Lina @d0rkph0enix
37K Followers 10K Following Infosec dork, boxer, poker player, dog owner/operator, spiller of things. Cars, vidya games, and cooking are my jam. #ChiefsKingdom and Royals fanatic. #SecKC
Ellen @chewning_ellen9
261 Followers 3K Following
Shine @Shine1850710
14 Followers 162 Following Studied crypto I'm in https://t.co/X5Y37jUUJw last year, earned over $2M, achieved financial freedom, This has enabled me to kick-start my global travel plan!
Carl Nykvist @CarlNykvist
197 Followers 1K Following
BSides Bloomington @BSidesBTown_IN
185 Followers 491 Following Follow our official X account: @bsidesbloom
Jack @goosesmitty
124 Followers 247 Following
Thinkst Canary @ThinkstCanary
13K Followers 10K Following Most companies only realise they are breached when informed by a 3rd party. This is a stupid problem! Thinkst Canary. Know. When it Matters.
Wajih @Wajih72980642
8 Followers 786 Following
Jack black @Jackbla26703205
4 Followers 34 Following
Ranjan @ninesports
763 Followers 1K Following
Cyber Startup Observa... @CyberSecOb
14K Followers 10K Following The largest global Cyber Security Research & Innovation Platform. On a mission to foster Innovation, share high-quality Insight and promote Leadership.
St0pp3r @_st0pp3r_
223 Followers 261 Following Detection Engineering · Threat Hunting · Incident Response
Mehmet Ergene @Cyb3rMonk
13K Followers 437 Following https://t.co/uAlYlXIpyV Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR @BluRavenSec | Microsoft Security MVP | #DataScience
Cody Burkard @CodyBurkard
169 Followers 48 Following Security researcher specializing in Entra, Azure and application security
Mark @MarkHunterOrr
494 Followers 1K Following Aubrey’s Daddy 💕 | Microsoft Architect 💻 | MBA - IT 🎓 | Avid Sports Fan 🏀🏈⚾️ | Tech + Family + Game Day
Sandfly Security @SandflySecurity
3K Followers 1 Following Agentless Linux security. Protect Linux with no agents and no drama. Works almost everywhere with safety and speed.
Dave W Plummer @davepl1968
88K Followers 75 Following Hi! I'm Dave Plummer. You might remember me from such Windows components as Task Manager, Windows Pinball, Calc, ZIPFolders, Product Activation, etc. Cheers!
Roberto Rodriguez �... @Cyb3rWard0g
26K Followers 628 Following AI Security Researcher @nvidia | Prev: @Microsoft | Founder of the @OTR_Community
Craig Rowland - Agent... @CraigHRowland
11K Followers 317 Following Agentless Linux security. No endpoint agents and no drama. Linux malware, forensics, intrusion detection, and hacking. Founder @SandflySecurity.
Igor Babuschkin @ibab
103K Followers 851 Following Maybe the real ASI was the friends we made along the way. Co-founder @xAI, Research & Engineering
xAI @xai
1.8M Followers 38 Following
Tim MalcomVetter @malcomvetter
12K Followers 488 Following Co-Founder/CEO at ⚡️ @Wirespeed_ Prev: @NetSPI @CYDERES @FishtechGroup @Walmart Red Team @Sp4rkCon @Optiv @fishnetsecurity. PhD Dropout. BJJ 🟪⬛️⬛️🟪🟪 ⳩
Active Directory Thin... @ADAllTheTime
3K Followers 718 Following Microsoft Certified Master (MCM): Active Directory. Previously AD field engineer at Microsoft. Notes from the field & the lab (@duff22b)
Maciej Walkowiak 🍃 @maciejwalkowiak
41K Followers 959 Following Freelance Java Consultant - Java, Spring Boot, AWS 👉 https://t.co/5hDONs8nrh 📺 https://t.co/xtk152k8qm
Dave Farley @davefarley77
35K Followers 146 Following Software Engineer, Consultant & Author. Latest YouTube Video: https://t.co/NlxdMvWN3j Support Me On Patreon: https://t.co/7VzLHbRT4A
Mario Fusco @mariofusco
48K Followers 332 Following Java Champion ~ Open source advocate ~ Frequent speaker ~ @jugmilano coordinator ~ @QuarkusIO and @langchain4j committer at @IBM ~ Pragmatic dreamer ~ Europeist
Vlad Mihalcea @vlad_mihalcea
88K Followers 135 Following @Java Champion, author of High-Performance Java Persistence and @Hypersistence Optimizer. Blogging at https://t.co/GWdHta4mMO
Allen Holub. https://... @allenholub
76K Followers 609 Following I'm done with Musk and his Nazis, so I've moved to BlueSky (@allenholub.bsky.social) and LinkedIn (https://t.co/EBnkZ8qUC8). LinkedIn is more lively.
Gunnar Morling 🌍 @gunnarmorling
64K Followers 290 Following Technologist @Confluentinc · Ex-lead of Debezium · Spec lead of Bean Validation 2.0 · Creator of JfrUnit, kcctl and MapStruct · Java Champion · 🚴
Tim Ottinger @tottinge
32K Followers 727 Following Technically adept, practical, a good communicator, ethical, and committed to team development and personal growth. @IndustrialLogic & @ModernAgile.
Josh Long @starbuxman
83K Followers 4K Following Spring Developer Advocate (@Java_Champions & @Kotlin @GoogleDevExpert) @VMwareTanzu 🍃🐲 📽️ https://t.co/A2wBUe0b0A
David Fowler @davidfowl
140K Followers 1K Following Distinguished Engineer at Microsoft on .NET, Creator of NuGet, SignalR, https://t.co/PiydKAsC8g Core, Aspire and Barbadian 🇧🇧, Tennis Player, Father, other half @symonefowler
Martin Fowler @martinfowler
353K Followers 183 Following Author on Software Development. Works for Thoughtworks. Also hikes, watches theater, and plays modern board games. He/him.
Maya Kaczorowski @MayaKaczorowski
10K Followers 805 Following I love puzzles almost as much as ice cream. she/her @[email protected]
Zach Wasserman @thezachw
867 Followers 677 Following CTO @fleetctl. @osquery Technical Steering Committee member. Bringing open-source security tools to leaders of the tech industry. (he/him)
Mayfly @M4yFly
7K Followers 782 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
Cyber Advisors Inc. @cyberadvisors
396 Followers 588 Following Cyber Advisors is a Minnesota based Cyber Security focused Managed Service Provider with 24x7x365 Support, Remote Operations Center, Offensive Security, and SOC
spencer @techspence
12K Followers 2K Following 🛡️Empowering defenders & dismantling threats | Ethical Threat | pentester @securit360 | host @cyberthreatpov | SWAG https://t.co/AFJtZQcti7
The Register @TheRegister
101K Followers 46 Following Enterprise technology news and views, on the web since 1998. Part of the @SitPub family. Send news tips via https://t.co/UTSGHfn6hq
Simone Margaritelli @evilsocket
47K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things.
Petri Paavola | MVP @petripaavola
1K Followers 108 Following Intune, Autopilot, Powershell, Graph API, Windows10&11, Deployment, Management - Consultant & Trainer. Microsoft MVP - Windows and Intune Yodamiitti Oy
straightblast @straight_blast
1K Followers 54 Following
Michael Bargury @mbrg0
8K Followers 484 Following Breaking AI. Hacked Copilot, hijacked ChatGPT. Building @zenitysec.
David O'Brien (he/him... @david_obrien
6K Followers 2K Following Founder of @ARGOS_Cloud , Azure, Entra ID & M365 cloud security assessments for consultants and security professionals. MS Azure MVP (2013-2023), pilot, dad.
Yehuda Smirnov @yudasm_
761 Followers 531 Following Security Researcher @Microsoft, opinions are my own.
Sanne @sannemaasakkers
7K Followers 573 Following Researching and analyzing digital threats @Mandiant (@Google) | Only here for the malware samples 👾
Chris Thompson @_Mayyhem
3K Followers 467 Following Senior Security Researcher @SpecterOps https://t.co/Sz5fRYkX6u
Marc Andreessen 🇺�... @pmarca
1.9M Followers 27K Following Yes, I can see some risk that your threat to jail Internet company executives for not censorsing aggressively enough could backfire.
Rado RC1 @RabbitPro
5K Followers 659 Following Exploitation, hardware, embedded, reverse engineering, automotive security. Pwn2Own Master of Pwn Flashback team (@FlashbackPwn).
Nick Powers @zyn3rgy
2K Followers 225 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
Marc Smeets @MarcOverIP
5K Followers 435 Following Does a thing or two with red teaming @OutflankNL | part time race and drift car instructor
Tavis Ormandy @taviso
130K Followers 631 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]
Biohacking Village �... @DC_BHV
7K Followers 2K Following Bringing biology to the world's largest hacker conference! 🩻🧑🏾🔬🧪🧬⚗️ https://t.co/yrESJC0PpE…Trends for United States
You might like
