Olivia
Online
Attack Security
@AttkSec
Are you ready for an Attack? We are security professionals specializing in penetration testing, cybersecurity assessments, and social engineering training.
USA
Joined July 2022
50 Following
1 Followers
71 Posts
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix https://t.co/16QmKjbFHH
Useful to have in the toolkit.
Offensive security toolkit for Claude Code covering red team, exploit dev, AD attacks, EDR bypass, mobile pentest https://t.co/BkwoSBEFew
Just noticed this change in the @MITREattack Enterprise Matrix V19. Defense Evasion has been split into the tactics Stealth and Defense Impairment.
https://t.co/o47n7dy6er
Gaining Initial Access and Outsmarting SmartScreen
.zip email attachment that includes a VHDX (Hard Disk Image File) + Mark of the Web and SmartScreen bypass using Trusted Executable Reputation and DLL Sideloading
https://t.co/xuqCpxjWkA
#dfir #blueteam #redteam #pentesting #ThreatHunting
If you’re doing #cloud #security penetration testing and Azure is in scope, AZexec should already be in your toolkit!
AZexec brings a NetExec-style workflow to Azure & Entra ID, finally giving cloud pentesters the same speed, clarity, and offensive ergonomics we’re used to on-prem.
What makes it a must-have:
- Unauthenticated & guest-based enumeration (yes, the Azure “null session” problem is very real)
- Two-phase password spraying using Microsoft’s own APIs (stealthy, lockout-safe, MFA-aware)
- Deep Entra ID & ARM reconnaissance: users, roles, apps, Key Vaults, storage, networks, VMs
- Remote command execution across Azure VMs, Arc, MDE, and Intune
- Credential extraction & token abuse tailored for cloud-native environments
- NetExec-style output + reporting (CSV / JSON / HTML) for clean ops and clean reports
If you know CrackMapExec / NetExec, AZexec will feel instantly familiar, just adapted for how Azure actually works.
Cloud attacks deserve cloud-native tooling.
🔗 GitHub: https://t.co/pn75EvMlKO
#CloudSecurity #Azure #EntraID #Pentesting #RedTeam #OffensiveSecurity #AzureAD #NetExec #AZexec #Logisek
Excited to disclose my research allowing RCE in Kubernetes
It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout.
Unfortunately, this will NOT be patched.
Impressive work from team at @burpsuite
Burp AI 👉 SQLmap… all in seconds.
We found an SQL injection vulnerability. Instead of rebuilding the request, Burp AI generated the exact SQLmap command with every header included. 🤯
Watch!
3 words 👉 Reduce false positives. 😌
Burp AI can automatically audit broken access control vulnerabilities to reduce false positives.
24 million websites compromised. 🧵
PortSwigger's Director of Research, James Kettle (@albinowax), & AppSec expert John Hammond (@_JohnHammond) reveal the fatal flaws in HTTP/1.1 that attackers are abusing right now.
#HTTP1MustDie
Need to keep under the radar:
NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz.
https://t.co/jpyuUScCuD
RemoteMonologue is a new Windows technique that uses DCOM to coerce NTLM authentications, enabling remote credential harvesting and privilege escalation for attackers.
#RemoteMonologue #CredentialHarvesting #WindowsSecurity #NTLM #Cybersecurity
https://t.co/6NG6PZZzJl
Active Scan++ just got sharper - we’ve added new checks for OS command injection, powered by our latest ASCII Control Characters research. Install via Extensions -> BApp Store
‼️ Evilginx Pro 4.1 - Google Safe Browsing evasion 🛡️
I've just uploaded a short demo video demonstrating how Evilginx Pro is able to evade Enhanced protection in Google Chrome browser.
The update is coming soon!
🔗 https://t.co/WtJb00SBrS
Need another route to Active Directory? Check out SharpADWS, it has the ability to extract or modify Active Directory data without communicating directly with the LDAP server.
https://t.co/rDMekwfOse
Source details: https://t.co/3Gld602uLp
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code https://t.co/Pa6sgy5j0N
Need some cleartext password from TGT or NTLM hash? Always useful on internal penetration testing. Nice work @malcrove their blog post - https://t.co/vZuN0aw0Tb
SeamlessPass: Leveraging Kerberos tickets to get Microsoft 365 access tokens https://t.co/XItPFoSzuL
Weaponizing Windows Defender: New Attack Bypasses EDR
Krueger is a Proof of Concept .NET post-exploitation tool for remotely killing Endpoint Detection and Response (EDR)
https://t.co/T5km9tFFx7
Excited to share a tool I've been working on - ShadowHound.
ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers