Olivia
Online
Pinned Tweet
Passed the #OSCP exam by @offsectraining first time around!! Great experience! https://t.co/6I6UoRWZ4X
But I was told there is no risk on public networks? You're telling me I can be popped by a DNS response and there are 0-days in the security product shipped on consumer laptops? At least nobody is going to MiTM me on a train, right? So I'm safe? Please respond tweeps.
‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response.
The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine.
To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement.
That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product.
Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release.
On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly.
Defenders should:
- Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers
- Restrict DNS traffic to trusted resolvers where possible
- Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity
- Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete
> Epstein writes down email and password
> FBI finds it
> Stores as evidence
> Doesn't censor
> Released
> Nerds find Epstein password
> No MFA
> I wonder if anyone logged in?
> Look inside
"do less" is 🆁🅴🅰🅻🅻🆈 good malware design principle.
>avoid shellcode
>avoid arbitrary code execution
>minimize C2 traffic
>abuse legit features to just redirect packets
>get signed by Microsoft
Who to follow
Bishop Fox
@bishopfox
A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking
VC @forgepointcap @carrickcapital @WestCap8
Andy Gill 
@ZephrFish
Security Researcher, RT, Director & Course Author at @ZephrSec |Staff on @CuratedIntel | Lab Creation @XintraOrg | https://t.co/gvGwReANzD - check out my RT course
Joe B. - BlindHacker
@TheBlindHacker
| #Hacker | #Speaker | #Mentor | #BlindGuy | #LHON | #a11y | #988 | 💀🧪⚗️ | @DeadPixelSec @NovaHackers @hacknotcrime Advocate @_MentorVillage @NextGenRedTeam
Where did this "alright Landlord" haircut come from?
Canada has ordered Hikvision to shut down nationwide, citing national security concerns. The ban prohibits government use of its products, but Hikvision calls it baseless and biased.
#Canada #HikvisionBan #NationalSecurity #Surveillance #Cybersecurity
https://t.co/QpOqYQiqeT
I’ve just published the official trailer for my upcoming course, Malwareless Adversarial Emulation (MAE).
Watch the trailer & module overview: https://t.co/KQHHNM2MvI
Sign up to be notified when the course goes live: https://t.co/0227rpN2ba
@CarcinogenSDA You were wrong
People will spend more on recovering the Airpod, rather than just buying new Airpods
My AirPod pros have been lost for a year in Pakistan and guess who’s going to go there next week and get his property back!
I was just in these places!! Damn it!
Operation "Pocket Tissue" is underway at Shinagawa, Ikebukuro and Akihabara 🙏🫶👍🙇🏻🎉
@fwrnr Bug bounty this, bug bounty that, how about you find bugs in deez nuts? 😂
@CyberCakeX Also, I'm not trying to discredit the blog author/researchers as it's a super cool vuln/TTP. I'm more interested in the semantics and the need to use the word "bypass" in every case.
@CyberCakeX Therefore, you didn’t bypass WDAC by defeating its core mechanisms. You leveraged a policy hole which is app and vuln agnostic. It could be any app and any vuln as WDAC trusts binaries not behaviour, no? I'm not an expert on low-level WDAC though.
So, like, do you have to know how to code to be a red teamer? Could save myself the effort of writing loaders and malware to evade EDR, or new C2 comms channels.
In all seriousness, I know red reamers who don't code and are good at it. They have a team for that.
@CyberCakeX Similarly, if WDAC was using a "strictest" policy (however typical) and there was a flaw in how WDAC parses rules or some other logic to run your app/code that should violate the policy then I'd say it's a WDAC bypass. I think it comes down to semantics.
@CyberCakeX I can see where each side is coming from. I am leaning in your favour though. If the WDAC policy allows an Electron app to run that contains a V8 vulnerability, then to me it's the policy that's overly permissive which is not a flaw in WDAC rather the config of it.
@Popeyes https://t.co/6AhxHETvuo 8:52
@thrifjfj40482 Great games. Beat them both. Played Ac!d 2 again on NG+.
Last Seen Users on Sotwe
kang ojoll Surabaya
Seen from Indonesia
大K
Seen from United States
김민지
Seen from Korea
Asupan Berkelas 😎
Seen from Indonesia
Onkar Pandey Rss
Seen from United States
Gerçek Reel Güvenli Sahibeler
احمد
Seen from Algeria
ตัดผมชาย เสรีไทย บางกะปิ แฮปปี้แลนด์ รามคำแหง ลาดพ
Seen from Vietnam
りゆ
Seen from United States
Cute Blowjobs
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers