Olivia
Online
Denis Werner
@NOBBD
Interested in IT security, CTFs, penetration testing, adversarial simulation and digital forensics. Once created and wrote poems for @ENOFLAG
Joined July 2013
179 Following
3.3K Followers
627 Posts
Pinned Tweet
Ever wondered what other people submit to @Hacker0x01 ? Check out a list of publicly disclosed bugs here http://t.co/6R1Rmd4l2R #bugbounty
@disclosedh1 It's not about the money itself, I just think it is absurd to charge 0,2$ per API request.. wtf
@YoeriVegt @disclosedh1 I thought about that but I also kinda like that you can just click the link to get to the corresponding report. Maybe remove the link for reports that are limited visibility and keep for the rest. I will think about it
@fede_k @ChupitGood @moyix @Xbow "Several earlier write-ups cover this ground in detail and are well worth reading, including #### ()." - don't leave us hanging like that 🥲
Who to follow
We are working it, sharing what we know as of now - https://t.co/iYq5HUJ767
@The_Cyber_News This isn't a new attack and was covered in SpecterOps research back in 2017 "An ACE Up the Sleeve" and something that we have had in SANS SEC565 for years.
My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is:
1) engagements need more time,
2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind,
3) there's less things shared publicly as a consequence,
4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space
However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)
The blog with how to use the rainbow tables for Net-NTLMv1 is finally live!
https://t.co/LjN9y6PHXA
My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created.
https://t.co/NfFotEh7ah
@vysecurity @sekurlsa_pw Should be around 8TB. Query speed heavily depends on the disk speed and GPU or CPU Power. Should be less than a day worst case even on moderately powerful systems.
There should be a Google cloud link somewhere around as an alternative download
@domchell All I know is that the bread was suspiciously soft and squishy. Plus, most of my classmates didn't like the taste so you could really stack up on them in the bus
@domchell as I see you are a man of culinary culture - do you happen to have any acquaintances that could provide a credible recipe for this staple of my childhood days visiting the UK as a pupil? (Photo stolen from the internet, I couldn't be trusted with a camera back then)
@domchell @rad9800 @__mez0__ @rvrsh3ll @ClarksonsFarm1 @MichaelJRanaldo I am gonna steal your recipe and photo for my Cyber Security Influencer Cookbook. Watch out!
PS: The abbreviation is CSIC (like "seasick" but hopefully not)..
@SkelSec Sign me up!
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]
Interesting conversation about the inter-realm referral process in active directory trusts
@exploitph @_EthicalChaos_ @__invictus_ @4ndr3w6S Correction, the NTLM hashes do match. I forgot trusts still use RC$ by default and I was looking at the AES keys.
@Blurbdust Great work! Looking forward to the blog post and to trying it out
@BlackLotusLabs This blog is the first in a two-part series detailing these findings and providing insights into Secret Blizzard's TTPs. Get mitigation, detection, & hunting guidance along with indicators of compromise to stay informed and to protect your organization: https://t.co/b2myCyE6Wq
This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range.
https://t.co/mGWU5Hdwi6
And yet... they got caught doing this!
Hey folks! The 2024 SANS Holiday Hack Challenge Act I has begun! Login here: https://t.co/k9hRtwm1bG. Once you get through orientation, you'll get your badge. Then do the first couple challenges (or skip them) & click on your badge for Act I, thusly:
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers