Olivia
Online
Aki Jos
@Akijos
Cyber Security || Information Security Enthusiast || Student of the Game
Bharat | Chennai,Mumbai
Joined December 2009
879 Following
281 Followers
454 Posts
Pinned Tweet
My Series on "Active Directory Attacks & Detections" presented@ Null Mumbai Meet up is available
https://t.co/ryDNeeKFwh
Cc: @NullMumbai
I just released EIDVirtual v2! 🚀
Get a virtual smart card reader that uses a real USB drive for free. It automatically simulates a GIDS applet to manage your certificates—a perfect alternative to TPM-based MS Virtual Smart Cards.
Check it out here 👇 https://t.co/SDcXAbocOt
I don't have to use @SpecterOps Bloodhound too much.
But when I do, I want good queries and so, this is great:
https://t.co/j1tIqoCWEd
Who to follow
Ulf Frisk 
@UlfFrisk
IT-Security Minion | https://t.co/N1gIUL5rKc | https://t.co/XbBOnQPYoK | DMA | PCILeech | MemProcFS
Monnappa K A
@monnappa22
Security Researcher, Trainer, Author - Learning Malware Analysis, Black Hat Review Board, creator of Limon Sandbox, Winner Volatility Plugin contest 2016
m0z
@LooseSecurity
The greatest trick the devil ever pulled, was convincing the world that cyber security existed.
Wrote a set of YARA rules to detect the specific web shells dropped during the SharePoint CVE-2025-53770 exploitation.
- Cleartext and compiled variants
- Forensic artefacts in logs and on disk
Hope it helps.
Rules will be available in THOR Lite and THOR Cloud Lite shortly.
https://t.co/v27uvFhtrc
https://t.co/AaMCX5PZMD
#SharePoint #YARA #ThreatDetection #CVE202553770 #THORLite #DFIR
Credentials access via Shadow Snapshots, WMI and SMB, all done remotely.
Technique implemented inside impacket framework accompanied with detection automation utilizing ETW providers: Microsoft-Windows-WMI-Activity + Microsoft-Windows-SMBServer.
A technique developed by Peter Gabaldon (@PedroGabaldon)
https://t.co/NPfU0Ushqe
#redteam #blueteam #maldev #malwaredevelopment
@mrd0x you inspired this :P
there's an alternative scenario here too download a fake .crdownload file and then instruct them to open the file browser via downloads. but this one is fun too. I present to you all, DOWNLOADFIX
@techspence I would place a flag.txt on the desktop with random base64 strings inside the file to deflect the adversary 😂🫣
I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics.
After a year of research, here’s what we found and how we did it. 👇
https://t.co/KUnIhAmuRa
1/
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: https://t.co/nPSD841K0N
As well as the BootExecute key under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager, any of the following work to launch native applications before win32k subsystem init so we can delete EDR files.
- BootExecuteNoPnpSync
- SetupExecute
- PlatformExecute
To help analyze risk posed by Chrome extensions, I wrote this Rails app: https://t.co/mYK8GnCKFv
Point it to an extension ID and it'll pull the manifest and do some light static analysis of the CRX3 contents. It then adds some context through Anthropic's Claude 3.5 API.
You can use the Linux peekfd command to spy on shells/processes. May be useful if investigating suspicious activity, but carries risk attacker may be alerted.
peekfd -n -8 -d -c <PID> 0 1 2
Shell PID and 0,1,2 are file descriptors. This is what a reverse shell would show.
M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: https://t.co/zoN2fX6Hsc
@0gtweet Timeout.exe can be used to pause the program or slow down execution
https://t.co/MEXUocpasq next one on my blog. At the request of one of my readers
#cybersecurity #infosec #cybersec #malware #malwaredev #malwareresearch #malwareanalysis #redteam #blueteam #threathunting #threatintel #cybercrime #research #winapi #cryptography
PowerShell Web Access - Seems safe..
Who needs a web shell, when we can just enable PSWA?
Gist:
https://t.co/byDnuwZM1K
Ref: https://t.co/hulbJyQLuf
A great write-up on Linux process name stomping techniques from @haxrob
h/t @thoughtb0x
https://t.co/U1R4lHE02G
So I just learnt Windows DOES A LSA HIVES BACKUPS PERIODICALY!!!!! How is it possible I learn this after 5 years of internal assessments (french ressource https://t.co/CB94lv1dUc)
Last Seen Users on Sotwe
큐엘리디
Seen from Japan
Rawan
Seen from Egypt
captive dreamer
Seen from United States
hhaood44
Seen from United Arab Emirates
Boy Vietnam
Seen from United States
Its Leenaa
Seen from Malaysia
Medaouar Youyou
Seen from Algeria
السراب
Seen from Spain
Crypto Whale 🐋 Pumps
Seen from Poland
Valentina🏳️⚧️✨🌎
Seen from Saudi Arabia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers