Olivia
Online
James Y
@5cript1diot
Red Team Consultant
Hong Kong
Joined October 2016
198 Following
70 Followers
281 Posts
Tools like Snaffler are great, but crawling SMB shares creates a telemetry nightmare. You instantly light up the SIEM with :
- 5140 / 5145 (Network Share Access)
- 4656 / 4663 (Object & File Access)
So I built Invoke-WindowsSearch to query the native Windows Search DB (OLE DB) directly via WinRM/RPC, It extracts the targets without touching the actual files, completely bypassing the 4663 and 5145 detection footprint.
Trade-offs: Requires the WSearch service (disabled by default on Server OS) and lacks complex regex capabilities. Know your environment before execution.
#RedTeam #ActiveDirectory #OPSEC #ThreatHunting #PowerShell
Bring Your Own Trusted Binary (BYOTB).
Tools, tunnels and trusts, a post by David Kennedy (@JUMPSEC)
Source: https://t.co/DsCEO7HQbW
#redteam #blueteam #maldev #malwaredevelopment
That is a new #ClickFix method for me.
1. Open page
2. Spawn fake captcha
3. On click .zip stage1 payload is downloaded
4. Windows + R
4. Payload points to file from downloads folder
Built an evasive CS RL with Crystal Palace that bypasses Elastic EDR.
The evasion lives inside the blob. Not in how it got there.
Blog: https://t.co/hQanJonW09 Source: https://t.co/UJa6OAc8XE
Who to follow
Shawn
@anthemtotheego
CTO & Co-Founder @RemoteThreat | Ex Head of Capability R&D Adversary Sim X-Force | Offensive AI | Malware | Work In Progress | https://t.co/eNspx7jLvm
Furkan Göksel
@R0h1rr1m
Staff Red Team Engineer @PicusSecurity
Igor Korkin
@IgorKorkin
PhD | OS & Hypervisor Security Researcher | Speaker | Author of “Kernel Protection of Operating Systems Under Countermeasures” (https://t.co/7Ms2j4H7My)
Dynamic EDR Evasion.
A dive into auto-detecting EDR hooks and generating dynamic stager that compiles evasion-tailored payloads per target (with SHAPESHIFTER).
A great post by Matt Hand (@matterpreter).
Source: https://t.co/TdrXH3lhA2
#redteam #blueteam #maldev #evasion #malwaredevelopment
ADCSDevilCOM 📍
A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
By: @AnonArtist8
https://t.co/w7ujih35co
Step-by-Step Malware Analysis Using x64dbg.
A tutorial on how a popular debugger can be used to unpack Emotet malware.
Please consider supporting Duncan (@mrexodia) with his development of this incredible tool (a link to support below).
A solid guide by Neil Fox (@varonis)
Support x64dbg: https://t.co/olwZ7cqC8P
Post: https://t.co/D5Dv45O1JG
#malware #reverseengineering #redteam #blueteam
Today, I am releasing the COM-Fuzzer. Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data.
https://t.co/RBVXP01UK4
The most 1337 AMSI bypass for the CLR ever.
Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access?
https://t.co/EerQ3lFxlA
400 lines Powershell - easy peasy ❤️🔥
阿里的 Wan2.2 有点东西!使用方法见评论👇
一段你在说话的视频,一张相同分辨率的其他人物的图片,就能让你不露脸出镜,i 人主播福音!
理论上直接开直播问题不大,再把音色换一换,死肥宅摇身一变性感美女,也可以去收割其他死肥宅了🤪
New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance
TLDR; It starts with (SVG) that hides code to redirect to a fake site. checks your email, solve CAPTCHA to do (anti-debugging measures) , grabs login details etc..
https://t.co/D58vdH1yH2
Thanks to everyone who joined my DEFCON33 talk!🎉
For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube:
https://t.co/MoPQiKgesd
Silly EDR Bypasses and Where To Find Them
https://t.co/4qWVI275Ch
Best Citrix Breakout ever. You can only download .ica files that provide access to certain local applications but breakout out of these applications is not possible? Just modify the .ica file before starting it and remove The InitialProgram= value -> Full Citrix Session! 🤓
I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it!
- https://t.co/Hh089SaVOS
- https://t.co/geO0HXTykf
Added a new tool to:
https://t.co/v4FnSVbaDD
⚠️Please Use Responsibly⚠️
You can use this to instantly generate an obfuscated reverse shell in powershell that i have personally used to beat EVERY single EDR out there right now.
I've added some pretty cool stuff to my website but this is one of my favorite additions.
🛑 Disclaimer: This tool is for educational and authorized security testing only. Misuse could be illegal. Don’t be dumb.
Shoutout to the only ones that were actually able to stop it, using something called "ring fencing" @ThreatLocker
This is not a sponsored post, just a fan of them
#Edr_Is_Not_Enough
Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrwn).
The custom implementation allows to allocate and load assemblies from memory and invoke Load_2() method instead of typical call to Load_3(). This prevents mapping amsi.dll into the process memory, and thus AMSI inspection.
The post includes a link to the COM interface implementation in C.
Well done, Josh!
Blog: https://t.co/TXZ0v2Qv5a
Source: https://t.co/bBrJ9jaJ5U
#redteam #maldev #malwaredevelopment
Malware Reverse Engineering for Beginners – Part 1: From 0x0
https://t.co/bQFRzKyWbx
Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257....
https://t.co/p8v99cD5LG
Last Seen Users on Sotwe
saya
Seen from Indonesia
Usermx
Seen from Indonesia
โก๋แก่ มันทุกงาน
Seen from Singapore
Mr. S.T.A.R. 
Seen from United Kingdom
话梅味的草莓🍓
Seen from United States
sudyod_art2
Seen from Indonesia
EyaWeGew 𓅪
Seen from United Kingdom
Mia Khalifa Updates
Seen from Netherlands
Altinayminchevonlyfans
Seen from Saudi Arabia
😘💦 i reply on onlyfans 🍑🤪
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers