Olivia
Online
PaQooSec
@PaQooSec
Joined November 2021
387 Following
31 Followers
127 Posts
ps5-linux has been released! You can now turn your PS5 Phat console on 3.xx and 4.xx FWs into a fully functional Linux PC gaming device!
https://t.co/WiiQiPCoIa
[1/2]
CVE-2026-32223: heap overflow in usbprint.sys (IOCTL 0x220064).
Malformed USB descriptor, Named Pipe spray + Ghost Chunk for kernel leak, forged IRP, SYSTEM.
Writeup: https://t.co/EMSyWCPsVL
#CVE_2026_32223 #WindowsKernel #LPE #vulnresearch
I just dropped some research: DSCourier and would love for your opinion and to check it out!!
It’s a novel post-exploitation technique abusing WinGet’s COM API to execute code through Microsoft-signed binaries.
GitHub: https://t.co/pgIhifT5cT
Blog: https://t.co/kgeBvZw06N
We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 https://t.co/zz9z3n6t0h and introduce more interesting attacks.
After doing some accounting, I realized I trained over 1,000 people. Time flies... 👨🏫
Today I received a $12,000 bounty using the Sandwich Attack ! 🤑
The vulnerability allowed me to enumerate the API Keys of other users 🤯
How did I do that ? Well the API key was a UUIDv1. If you are not familiar with UUIDv1s you need to know that they are constructed in 6 sections:
High, Mid, Low, Clock Sequence, Node ID, and UUID version.
Interestingly, the Node ID corresponds to the MAC address of the system generating the identifier. This means that if two consequent UUIDs are generated on the same device, this part remains the same, similar to the Clock Sequence.
When High, Mid, and Low are combined, they reveal a timestamp represented in hexadecimal value.
Using some basic mathematics it's possible to subtract the offset between the Gregorian Calendar and the Julian Calendar and then divide by 1000 to get an Epoch TimeStamp.
Ok now that we know that they are generated by a timestamp + machine ID, it means that we could generate them back if we know when the API keys were created 🧐
Luckily enough the API Key that I was using was generated in a batch, meaning I could use the Sandwich Attack in order to brute force the API Keys of other users easily 🔥
If you want to know more about how I exploited the Sandwich Attack, go check my video about this on my YouTube channel 🤟
Nouveau podcast en 🇫🇷 : Service Hacktion.
Ça parlera cybersécurité (plutôt côté offensif), orienté technique, le tout sur un ton décontracté.
Au programme : Revue d'actualité, creuser un sujet en profondeur, interview, etc.
1/2 lien ⬇️⬇️⬇️
Exegol holiday release is live 🎄🎁🎅
New remote graphical desktop, image entrypoint, container startup script, new tools, improved pipeline, doc, etc. Many big things!
https://t.co/R6K6iOqgUf
https://t.co/TwVCkgRQ2a
gg to the team @Dramelac_ @QU35T_TV 👏 and all contributors.
For Christmas 2023, Root-Me has decided to thank its favorite hackers! 🥳
Two prize packages including XXL mouse pads, mugs, stickers, flags, and pins are up for grabs ! 🎁
To participate, it's as simple as :
- Follow @rootme_org
- RT 🔃 this post
- Being verified on the official Discord Root-Me
The two winners will be randomly selected on December 28th at 6 p.m. !
Good luck to everyone and happy holidays ! 🎅🤶
I live to serve
Windows tokens: how to compromise a Active Directory without touching LSASS https://t.co/jyz9NM3kQW by @Defte_
I published a new article delving into the intricacies of sensitive data handling in smart contracts, specifically within Ethereum's account storage. Let's explore the memory organization, variable visibility, and potential risks 🙃
https://t.co/14NZFSHl0n
Challenge's time is over ⏰
To solve it, you had to take part of the fact the it is possible to clobber a form using the following notation 👇
1/6
The new repository of CME 😼https://t.co/LQZvPzrb8I
Hello everyone, I think that most of you have seen that last week @mpgn_x64 announced that it was stopping the maintenance of CrackMapExec, this announcement was followed by a lot of discussions and debates about the continuation of the tool.
Last Seen Users on Sotwe
لودي. 🦋
Seen from Germany
merv|astro 
Seen from Turkey
芜湖夏寒
Seen from Netherlands
Luna Kisses
Seen from Turkey
Gavat Kocaların Boynuz Yeme Mekanı
Seen from Turkey
彦祖
Seen from Pakistan
Damien Asgard
Seen from Brazil
ElMacho Moneybagg_Chaser
Seen from Norway
SubGirl0831
Seen from United States
Stripchat clips🍆🍑
Seen from India
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers