Olivia
Online
Alexandre S.
@MrSheepSheep
meh.
Joined October 2013
235 Following
109 Followers
627 Posts
Last time I dealt with MSRC
Found a cleartext phishing vector on https://t.co/RRzamXQqsd
5 months without response, they woke up when I mentioned "public disclosure"
They rewarded 1 of the many issues I reported. The others : "working as intended"
https://t.co/nVcJgyDbTz
@I_Am_Jakoby It took 5 months. I requested an update every week. No communication, no details about what was fixed. Incorrect bounty amount in the end. Worst experience I ever had, I consider not reporting again.
@CertSNCF Phishing en cours sur httpx://connect-sncf.net/
@I_Am_Jakoby Reminds me of reaching the docker daemon via a CSRF which only works in FF... 🤔
https://t.co/QE6yh7eyc0
Retex Pentest Telecom - Box 2 Backbone... Et + !
https://t.co/CRPSlzZ6Bn
Je preshot avant la catastrophe : je n'étais pas maître des mes actions, ni du contenu diffusé dans le reportage 🫠
Il ne représente pas la réalité de notre métier, mais bon, faut que les aînés puissent comprendre...
Next-level Redteaming
If someone catches you sneaking in 007 First Light, the main character will come up with an excuse which is actually genius instead of getting a mission failed screen or raising alarm.
@Nishacid Quelques suggestions : https://t.co/I5jwGSi1VV
https://t.co/Cv94ZaSFbB
https://t.co/vlrpzzUbwl
https://t.co/2BtFchpBFh
@podalirius_ Exact same experience on official login page phishing, marked as "important"... Got a bounty however, after 5 months of silence from MSRC. Won't report ever again.
@Print3M_ @defcon @RedByte1337 Meanwhile at @dcgparis https://t.co/deA1d2p9Ye https://t.co/y7ZmETiUmm 😎
Here's the talk for the next meetup!
🎙️ "Your cloud identity providers are phishing platforms" - by @MrSheepSheep
📅 19/04
📍 Oculto, 27 R. Quincampoix, 75004
🕖 19:00
Registration on our website
@I_Am_Jakoby The acknowledgements page has not been updated since March. Maybe they only update it once every 3 months or so.
You did nothing wrong. MSRC don't care, they won't even try to retain you from leaving. Build upon your research, go public, do talks, make it your own.
@UK_Daniel_Card .. such as bypassing MFA policies during redteam engagements ! Enroll your own token when the user does not own one. It's more trusted than push notifications (in the case of Okta), and essentially makes it a 2FA backdoor.
Hello, small error on the date the meetup will be held on May 19.
Program:
🎙️ "Your cloud identity providers are phishing platforms" - by @MrSheepSheep
🎙️ "Understanding EDRs to better bypass them" - by CursedFRA
📍 Oculto, 27 R. Quincampoix, 75004
🕖 19:00
See you there !
Here's the talk for the next meetup!
🎙️ "Your cloud identity providers are phishing platforms" - by @MrSheepSheep
📅 19/04
📍 Oculto, 27 R. Quincampoix, 75004
🕖 19:00
Registration on our website
If you're interested in YARA and Sigma rules linked to this research, check them out on our dedicated repository: https://t.co/2sy8uFyIgZ
@I_Am_Jakoby It took 5 months. I requested an update every week. No communication, no details about what was fixed. Incorrect bounty amount in the end. Worst experience I ever had, I consider not reporting again.
@hyusapx @freemanjiangg Problem is, the audio source (screenshare) cannot be delayed because it's being sent to the app. A trick could be to pull audio from a tab and share it to another, mute it and replay the synced buffer from the app (if mute doesn't mute the screenshare), or some trickery like that
I briefly documented the technique for anyone interested. It applies to pretty much all cloud identity providers. https://t.co/y7ZmETjsbU
I'm essentially extending @_xpn_ incredible work, focusing on the phishing part :)
Don't log in to unknown Okta tenants. Double-check organization URLs before logging in.
It is possible to abuse Okta to harvest cleartext credentials sent through the login form.
Actually, a similar attack vector (OktaJacking) was found by PushSecurity : https://t.co/IOGZbmWeWj
But it required knowing usernames beforehand. Using an LDAP agent, that's not required.
Last Seen Users on Sotwe
💣💣 MERT ATEŞş 💣💣
Seen from Turkey
Iran Observer 
Seen from United States
Jentera pemusnah
Seen from Malaysia
ไบโฟนเสียว
Seen from Thailand
بنات صـ،ـغار
Seen from United States
⚓the🐦🔥Hunter 🏹
Seen from Egypt
Mercury
Seen from South Africa
Verra
Seen from Indonesia
Kupang Pung Gigolo
Seen from United States
Kate Soleil
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers