Talence

@TalenceSecurity

We specialize in offering Training programs that cover both Defensive 🛡️ and Offensive 💥 Cybersecurity.

Joined September 2016

1K Following

634 Followers

1K Posts

TalenceSecurity retweeted

Nasreddine Bencherchali

@nas_bench

about 1 month ago

Have you ever wondered why svchost can spawn from Windows Defender MsMpEng.exe withouth any flags, even though a legit svchost should always have flags? Welp that's because its not a real svchost :D Read - Why Does MsMpEng Spawn svchost.exe Without Flags? - https://t.co/JQxnSF6Buk TL;DR - MpEngine.dll (AKA Windows Defender Engine) has a function called CreateCraProcessHelper that is used as part of the AntiRootkit scanner. In it, it spawns a suspended process with just the CLI "svchost". This is used by the engine and KSL driver to pass specific bytes from the \Device\PhysicalMemory between "Kernel" and "User mode" :D

$nas_bench's tweet photo. Have you ever wondered why svchost can spawn from Windows Defender MsMpEng.exe withouth any flags, even though a legit svchost should always have flags? Welp that's because its not a real svchost :D Read - Why Does MsMpEng Spawn svchost.exe Without Flags? - https://t.co/JQxnSF6Buk TL;DR - MpEngine.dll (AKA Windows Defender Engine) has a function called CreateCraProcessHelper that is used as part of the AntiRootkit scanner. In it, it spawns a suspended process with just the CLI "svchost". This is used by the engine and KSL driver to pass specific bytes from the \Device\PhysicalMemory between "Kernel" and "User mode" :D$

184

120

13K

Talence @TalenceSecurity

about 2 months ago

@AlicanKiraz0 Nice!

TalenceSecurity retweeted

0ca

@francisco_oca

2 months ago

The new BoxPwnr webpage to explore traces and stats is live! https://t.co/nLp5a1a3mF - 14 Platforms - 3,407 Challenges - 1,598 Unique challenges Solved - 7,031 Traces And a new trace viewer with a nice graph you can use to navigate the traces. I also Added cheating/memorization analysis

francisco_oca's tweet photo. The new BoxPwnr webpage to explore traces and stats is live!
https://t.co/nLp5a1a3mF

- 14 Platforms
- 3,407 Challenges
- 1,598 Unique challenges Solved
- 7,031 Traces

And a new trace viewer with a nice graph you can use to navigate the traces.
I also Added cheating/memorization analysis

TalenceSecurity retweeted

Mauricio Velazco @mvelazco

4 months ago

Want a cloud lab environment thats misconfigured on purpose? BadZure deploys #EntraID and #Azure tenants populated with exploitable attack paths. Explore cloud tradecraft, run purple team exercises, or test your detections! Check out the latest release https://t.co/xzzVVuLgUZ

751

Who to follow

Cool Kid Kyle

@CoonedOut

Just here to troll & easily win arguments

cosmicpsyop

@cosmicpsyop

https://t.co/54tP6vHihS

Brendan

@vault_hunt3rs

Discussing & Ranting About Things I Either Disagree With Or Agree With.

TalenceSecurity retweeted

Tristan @TristanInSec

4 months ago

[1/4] Stop prompting from scratch every time and pray for consistent expertise and results. Anthropic just dropped a guide on "Skills", if you use Claude seriously, this changes everything. It's called "The Complete Guide to Building Skills for Claude." #AI #Claude #Anthropic

TristanInSec's tweet photo. [1/4] Stop prompting from scratch every time and pray for consistent expertise and results.

Anthropic just dropped a guide on "Skills", if you use Claude seriously, this changes everything.

It's called "The Complete Guide to Building Skills for Claude."

#AI #Claude #Anthropic https://t.co/VBtSpBW9jV

TalenceSecurity retweeted

0ca

@francisco_oca

4 months ago

Kimi k2.5 is quite good at hacking (and it's cheap). It solved 24 out of the 25 HackTheBox machines in Starting Labs (Easy). 9 months ago Sonnet 4.0 solved only 15 of them. Capabilities are increasing fast and costs are going down. Explore traces, replay them (play button) or read the reports with an attack path diagram to see how Kimi did it https://t.co/xNmpenbBoC

francisco_oca's tweet photo. Kimi k2.5 is quite good at hacking (and it's cheap).
It solved 24 out of the 25 HackTheBox machines in Starting Labs (Easy).

9 months ago Sonnet 4.0 solved only 15 of them. Capabilities are increasing fast and costs are going down.

Explore traces, replay them (play button) or read the reports with an attack path diagram to see how Kimi did it
https://t.co/xNmpenbBoC

632

374

37K

TalenceSecurity retweeted

Florian Roth ⚡️

@cyb3rops

4 months ago

Just built a demo “monitoring matrix” for a slide in my blind spots talk. Many orgs I’ve worked with have the same idea: “we monitor our systems, visibility is pretty good, only a few systems are not integrated yet.” Then you put it into a simple table and the pattern is always the same: the top-left looks great. Servers and workstations send OS logs, basic auditing is enabled, some alerting exists. It feels like control. But when you go deeper, it gets thin fast. Application logs are missing, not collected centrally, not normalized - and often there isn’t even alerting defined for them. People also rarely agree on what a “critical” application-level alert should be. That needs application owners and security to sit down and define signals. OS-level monitoring is already hard; application-level monitoring is where many programs stop. And when you expand the coverage, it gets harder too. The further you move away from the “standard” systems, the more limits you hit: legacy systems, appliances, OT/embedded, unusual platforms, proprietary log formats, limited access, sometimes legal or organizational limits. Even if you get logs, they are often not easy to ingest and use. Main point: “we have monitoring” is not a checkbox. It’s a spectrum - and many environments are fairly wide, but shallow.

cyb3rops's tweet photo. Just built a demo “monitoring matrix” for a slide in my blind spots talk.

Many orgs I’ve worked with have the same idea: “we monitor our systems, visibility is pretty good, only a few systems are not integrated yet.”

Then you put it into a simple table and the pattern is always the same: the top-left looks great. Servers and workstations send OS logs, basic auditing is enabled, some alerting exists. It feels like control.

But when you go deeper, it gets thin fast. Application logs are missing, not collected centrally, not normalized - and often there isn’t even alerting defined for them. People also rarely agree on what a “critical” application-level alert should be. That needs application owners and security to sit down and define signals. OS-level monitoring is already hard; application-level monitoring is where many programs stop.

And when you expand the coverage, it gets harder too. The further you move away from the “standard” systems, the more limits you hit: legacy systems, appliances, OT/embedded, unusual platforms, proprietary log formats, limited access, sometimes legal or organizational limits. Even if you get logs, they are often not easy to ingest and use.

Main point: “we have monitoring” is not a checkbox. It’s a spectrum - and many environments are fairly wide, but shallow.

592

535

53K

TalenceSecurity retweeted

International Cyber Digest

@IntCyberDigest

5 months ago

‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot). The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.

IntCyberDigest's tweet photo. ‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot).

The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.

170

706

227K

TalenceSecurity retweeted

Tanmay Ganacharya @tanmayg

5 months ago

New work from my team 👇 Threat reports are everywhere. Actionable detections are not. Here’s how we’re applying AI to bridge that gap - extracting TTPs, mapping coverage, and accelerating detection engineering at scale. Worth a read for all Defenders: https://t.co/STsOacxTZl

tanmayg's tweet photo. New work from my team 👇

Threat reports are everywhere. Actionable detections are not.

Here’s how we’re applying AI to bridge that gap - extracting TTPs, mapping coverage, and accelerating detection engineering at scale.

Worth a read for all Defenders: https://t.co/STsOacxTZl https://t.co/JyrwimQKJt

141

139

10K

TalenceSecurity retweeted

Or Yair @oryair1999

5 months ago

We at @safebreach Labs just dropped an exploit for CVE-2026-24061 (CVSS 9.8!)- A fresh RCE auth bypass in telnetd 👨‍💻 Working PoC: https://t.co/pGxNk4ODuW Full root cause analysis: https://t.co/TEXnHMpKYP

252

182

26K

TalenceSecurity retweeted

Tristan @TristanInSec

5 months ago

🔥 New Drop on https://t.co/Os2OBv5jUa 🔥 Check this out. I prepared a complete ClickFix attack 😈 Not for malicious intent, but to offer you a cool CTF challenge! #cybersecurity #socialengineering #clickfix #dfir #forensics #ctf #infosec #blueteam #hackforge

293

TalenceSecurity retweeted

Nasreddine Bencherchali

@nas_bench

5 months ago

[New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs. https://t.co/64OQXBq8YZ

nas_bench's tweet photo. [New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs

Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.

https://t.co/64OQXBq8YZ https://t.co/c4VQRha4F6

124

TalenceSecurity retweeted

Mr. OS @ksg93rd

6 months ago

#reversing #repost Windows Inter Process Communication: A Deep Dive Beyond the Surface Part 1 - IPC Roadmap - https://t.co/xXndRaEU7C Part 2 - RPC Architecture Overview - https://t.co/976LmFavNf Part 3 - Handles and binding - https://t.co/F3x5Kt5c8q Part 4 - RPC Security - https://t.co/AEcP1Gdi2t Part 5 - Securing the interface and endpoint - https://t.co/scfQ1a0OLy Part 6 - Endpoint Multiplexing - https://t.co/vX1PeXGPnc Part 7 - RPC Research Tools - https://t.co/oyqpIo2QYS Part 8 - Reverse engineering an RPC server - https://t.co/ogBqjoo8mz Part 9 - High-level reverse engineering - https://t.co/tJoe1GuKNz

281

254

16K

Talence @TalenceSecurity

7 months ago

Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. @_CPResearch_ https://t.co/dBIuPUKAbZ

Talence @TalenceSecurity

7 months ago

IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response https://t.co/t9jihCRasW

TalenceSecurity retweeted

Phrack Zine

@phrack

10 months ago

Phrack turns 40. The digital drop is live. Download it. Archive it. Pass it on. 💾 https://t.co/JbEbf6xoVQ #phrackat40 #phrack72

707

259

134

66K

TalenceSecurity retweeted

Shodan @shodanhq

10 months ago

$5 Membership sale is live for the next 24 hours: https://t.co/0iqiq2vlzP

125

631

576

502K

TalenceSecurity retweeted

Wil Gibbs @cl4sm

10 months ago

While playing @defcon CTF Finals with @shellphish I managed to solve the ICO challenge using LLMs (GPT5 + Cursor) and almost no human intervention. You can read how I did it here! https://t.co/EcqYZdyIfV

378

112

244

55K

TalenceSecurity retweeted

Moshe Kol @0xkol

about 3 years ago

Here are the resources for my talk "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel" at @offensive_con today. Write-up: https://t.co/PlA8ailV90 Slides: https://t.co/kZSHsixM4X PoC for CVE-2022-20421: https://t.co/Pi8qQhJQIZ #OffensiveCon2023

375

146

116

52K

Talence @TalenceSecurity

12 months ago

Client Said No Exploits, Light Pentest. We Delivered Chaos — and Got Paid. https://t.co/uFW4kGxD2e Disclaimer: This is a joke. #Cybersecurity #RedTeam #BlueTeam #Meme

487

Talence

@TalenceSecurity

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users