Olivia
Online
Almond OffSec
@AlmondOffSec
Offensive Security team at Almond - Follow us also on
Joined September 2016
1 Following
957 Followers
63 Posts
A private @Burp_Suite Collaborator instance is an essential for pentesting sensitive environments, but managing TLS for it can be a pain. Today we release a Certbot plugin that automates Let’s Encrypt wildcard certificate renewals for private instances.
https://t.co/UTr8aFlDFd
Are one-way trusts really one way? @lowercase_drm sums up how the TDO password lets you turn a one-way AD forest trust into bidirectional access, and releases a new tool to remotely extract these secrets.
https://t.co/jh9MRAeHk9
Team member @sigabrt9 was able to bypass Apache FOP Postscript escaping to reach GhostScript engine.
https://t.co/NW441pszsS
Team member @myst404_ identified a privilege escalation in WAPT caused by a DLL hijacking issue, which was promptly fixed by the vendor. Patched in version 2.6.1.
Changelog: https://t.co/H4mApCKfMV
Who to follow
Thomas Seigneuret
@_zblurx
Red Teamer & Security researcher
Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo
bsky: https://t.co/zISpgvDSWc
drm
@lowercase_drm
@AlmondOffSec but mostly shilling for #pywerview
Hunter 
@HunterMapping
Internet search engine for security researchers
Contact Us: [email protected]
Publishing https://t.co/QlL5L05Ps6!
It's a generalisation of LibTPLoadLib to proxy APIs with an arbitrary number of args.
Provided as a Crystal Palace shared library. API made compatible with @_RastaMouse 's LibTP.
Hooks are provided to show off the newest Crystal Palace features
Callstacks are largely used by the Elastic EDR to detect malicious activity. @SAERXCIT details a technique to evade a callstack-based detection and allow shellcode to load a network module without getting detected.
Post: https://t.co/hckL3n8it5
PoC: https://t.co/0dqBDQeKWm
The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution in the context of an active session? 😎 Here you go:
https://t.co/FkljGCquGF
Following @ShitSecure's TROOPERS talk and release of BitlockMove, we're releasing our internal DCOMRunAs PoC made by @SAERXCIT last year.
It uses a similar technique with a few differences, such as DLL hijacking to avoid registry modification.
https://t.co/yq80EAtSEo
Did you know deleting a file in Wire doesn’t remove it from servers?
Team member @myst404_ took a closer look at Wire's asset handling and identified 5 cases where behaviors may diverge from user expectations.
https://t.co/jYyZJ3on8b
Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post https://t.co/eF5nhHfPuS
To escape a locked-down Citrix environnement, team member @saerxcit wrote a basic shellcode loader in OpenEdge ABL, a 40 years old english-like programming language. We're sharing it in the off chance someone else might one day need it:
https://t.co/elT14mb8Ss
This issue was assigned CVE-2024-52531. While the CVE description states that the vulnerability cannot be reached from the network, it seems, in fact, possible (check the blogpost for details).
Team member @sigabrt9 describes a fuzzing methodology he used to find a heap overflow in a public @yeswehack bug bounty program for Gnome: https://t.co/BFibCnOTaF
You can now also follow us on Mastodon : https://t.co/tQt8SiWEFU
You can now also follow us on Bluesky:
https://t.co/4ZGiTzbRRB
📢 Hunter Alert! Here's an excellent write-up by @sigabrt9 - who recently uncovered a bug in @gnome’s #BugBounty program. Perfect to expand your knowledge about finding bugs in open-source programs 👉 https://t.co/QQOnmdWRvw
Thank you @sigabrt9 for this valuable contribution!
Team member @sigabrt9 describes a fuzzing methodology he used to find a heap overflow in a public @yeswehack bug bounty program for Gnome: https://t.co/BFibCnOTaF
New article on F5! A write-up on CVE-2024-45844, a privilege escalation vulnerability in BIG-IP by team member @myst404_
https://t.co/44CishyuHT
If you are lucky enough to have a Windows Server Datacenter with Hyper-V, you can automatically activate @M4yFly 's GOAD VMs, so rebuilding the lab every 180 days is no longer needed. We POCed a Vagrant-style script here:
https://t.co/9Jk3cutl85
How does F5's Secure Vault, its "super-secure SSL-encrypted storage system" work? Response in this article by team member @myst404_
https://t.co/RRfcA3sJY6
Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @lowercase_drm and @myst404_
https://t.co/5YD46wKCMC
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers