WBG @WBGIIl - Twitter Profile

WBGIIl retweeted

Nicolas Krassas

@Dinosn

about 1 month ago

Glass - A fast and free interactive disassembler https://t.co/hchdiDK03E

1

31

1

20

2K

WBGIIl retweeted

ZachXBT

@zachxbt

3 months ago

1/ Recently an unnamed source shared data exfiltrated from an internal North Korean payment server containing 390 accounts, chat logs, crypto transactions. I spent long hours going through all of it, none of which has ever been publicly released. It revealed an intricate ~$1M/month scheme of fraudulent identities, forged legal documents, and crypto-to-fiat conversion. Enjoy the findings!

zachxbt's tweet photo. 1/ Recently an unnamed source shared data exfiltrated from an internal North Korean payment server containing 390 accounts, chat logs, crypto transactions.

I spent long hours going through all of it, none of which has ever been publicly released.

It revealed an intricate ~$1M/month scheme of fraudulent identities, forged legal documents, and crypto-to-fiat conversion.

Enjoy the findings!

334

6K

870

2K

1M

WBGIIl retweeted

ESET Research

@ESETresearch

7 months ago

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. @0xfmz https://t.co/7ZaOFdA9ZB 1/5

4

74

29

39

12K

WBGIIl retweeted

nix @aniqfakhrul

11 months ago

Powerview 2025.1.5: Added --obfuscate flag to obfuscate ldap filters and base DN. This is heavily inspired by https://t.co/pUjXHK01N5 obfuscation logic by @MacmodSec Credits to the original research "MaLDAPtive" by @sabi_elezi and @danielhbohannon

aniqfakhrul's tweet photo. Powerview 2025.1.5:

Added --obfuscate flag to obfuscate ldap filters and base DN. This is heavily inspired by https://t.co/pUjXHK01N5 obfuscation logic by @MacmodSec

Credits to the original research "MaLDAPtive" by @sabi_elezi and @danielhbohannon https://t.co/MczOZziw3L

1

149

38

73

9K

Who to follow

WBGIIl retweeted

DirectoryRanger @DirectoryRanger

11 months ago

Windows Registry Forensics Cheat Sheet 2025 #DFIR https://t.co/6nfAup6kjD

0

63

18

67

3K

WBGIIl retweeted

Panos Gkatziroulis 🦄

@ipurple

11 months ago

Windows 11 24H2 Runtime PatchGuard Bypass https://t.co/7ABjtyubmV

1

104

26

51

7K

WBGIIl retweeted

ZachXBT

@zachxbt

11 months ago

1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.

zachxbt's tweet photo. 1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects. https://t.co/DEMv0GNM79

401

6K

871

2K

1M

WBGIIl retweeted

Ron BY @RonB_Y

11 months ago

Speaking at @defcon was as fun as always! My new tool called RPC-Racer is now available. It masquerades as a legitimate RPC server to force a protected process to authenticate against an arbitrary server https://t.co/TDO8H36ZEM

0

149

42

110

10K

WBGIIl retweeted

Dark Web Informer @DarkWebInformer

11 months ago

LeakBaseCTI: Targeted framework for investigating OSINT-related threat actors and reconstructing LeakBase datasets. GitHub: https://t.co/uN8m1nxoms

DarkWebInformer's tweet photo. LeakBaseCTI: Targeted framework for investigating OSINT-related threat actors and reconstructing LeakBase datasets.

GitHub: https://t.co/uN8m1nxoms https://t.co/FI9ytUZXUt

1

404

84

369

35K

WBGIIl retweeted

adam_cyber

@Adam_Cyber

11 months ago

The 2025 @CrowdStrike Threat Hunting Report was released today. The OverWatch team did an incredible job stopping an unprecedented number of threats in the last year, Cloud intrusions are up 136% with China based cloud intrusions up 40%! Get the report: https://t.co/13Y4RErAxi

2

122

28

51

17K

WBGIIl retweeted

Orange Cyberdefense's SensePost Team @sensepost

11 months ago

Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s https://t.co/w12YmS1m89. Storytime from Aurelien (@Defte_), including instructions for reproducing the test environment yourself. (link below)

sensepost's tweet photo. Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s https://t.co/w12YmS1m89. Storytime from Aurelien (@Defte_), including instructions for reproducing the test environment yourself.

(link below) https://t.co/dKRTpAo1qG

4

364

117

166

24K

WBGIIl retweeted

Soroush Dalili

@irsdl

11 months ago

I have launched YSoNet (https://t.co/Imw4otKTq9) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:\\temp\\ExploitClass.cs;System.dll" ``` Payloads will be url-encoded already. YSoNet is a fork and replacement of YSoSerial .Net (for me) and I will try to maintain my own version now to have full control over the settings. There are many things I have to change there but all changes will be gradual. Of course you can still use the great YSoSerial .NET repo but I won't be the one maintaining it. Hopefully I can make @pwntester proud 😊

4

464

122

248

36K

WBGIIl retweeted

Logan Goins @_logangoins

over 1 year ago

Introducing Stifle! A super simple .NET tool I spun up these past few days for abusing explicit strong certificate mappings leading to impersonation in Active Directory! Based off the research and powershell tools by @Jonas_B_K and @SpecterOps last year. https://t.co/AT7DFgBYOU

2

226

81

122

15K

WBGIIl retweeted

hasherezade

@hasherezade

over 1 year ago

In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: https://t.co/nPSD841K0N

4

808

283

365

54K

WBGIIl retweeted

GeoSn0w

@FCE365

over 1 year ago

The fact that @xiaohongshu's 小红书 (TikTok alternative)'s app literally contains the "backdoor" in several places in the app code is hilarious. Probably fallback protocols, but boy they didn't even try! 🤣

FCE365's tweet photo. The fact that @xiaohongshu's 小红书 (TikTok alternative)'s app literally contains the "backdoor" in several places in the app code is hilarious. Probably fallback protocols, but boy they didn't even try! 🤣 https://t.co/5S1M5YquIc

13

142

25

36

19K

WBGIIl retweeted

mpgn @mpgn_x64

over 1 year ago

So you want to exploit ADCS ESC8 with only netexec and ntlmrelayx ? Fear not my friend, I will show you how to do it 👇 NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @_dirkjan original work on PKINITtools ⛱️

mpgn_x64's tweet photo. So you want to exploit ADCS ESC8 with only netexec and ntlmrelayx ? Fear not my friend, I will show you how to do it 👇

NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @_dirkjan original work on PKINITtools ⛱️ https://t.co/as7yiJYUIT

8

614

167

326

29K

WBGIIl retweeted

Cos(余弦)😶‍🌫️

@evilcos

over 1 year ago

我们发布了 2024 区块链安全与反洗钱年度报告😶‍🌫️ 🇨🇳中文 https://t.co/lD0A1Abhh0 🇬🇧英文 https://t.co/8vLr5ybS9B 其他不多说，特别提下这点：在 InMist 情报网络合作伙伴的大力支持下，2024 年度 SlowMist 协助客户、合作伙伴及公开被黑事件冻结资金共计超过 1.12 亿美元。感谢并继续战斗！🔥

6

99

18

28

127K

WBGIIl retweeted

Kostas

@Kostastsale

over 1 year ago

🐧 It’s finally here! 🔍 The Linux EDR Telemetry Project results are live! After months of testing and collaboration, we’re excited to share how well EDR solutions handle Linux visibility. Thank you to everyone who contributed, shared feedback, and supported the project! Your help made this possible. 🙌 Read the full blog here: 📝👇 https://t.co/S8c1luzZCO 🔗 Linux Results: https://t.co/L7Aq7Ko9NR 🔗 Scores: https://t.co/3WdJC7ASOr If you want to support the project and help us keep it going, check out 👉 https://t.co/ZDPf7r6idK

Kostastsale's tweet photo. 🐧 It’s finally here! 🔍
The Linux EDR Telemetry Project results are live! After months of testing and collaboration, we’re excited to share how well EDR solutions handle Linux visibility.

Thank you to everyone who contributed, shared feedback, and supported the project! Your help made this possible. 🙌

Read the full blog here: 📝👇
https://t.co/S8c1luzZCO
🔗 Linux Results: https://t.co/L7Aq7Ko9NR
🔗 Scores: https://t.co/3WdJC7ASOr

If you want to support the project and help us keep it going, check out 👉 https://t.co/ZDPf7r6idK

17

434

163

260

43K

WBGIIl retweeted

OtterHacker @OtterHacker

over 1 year ago

Just finished redeveloping the Rubeus monitor plugin in C to avoid uploading a full Rubeus to exploit unconstrained delegation. For now I have the : - List/Inject/Dump tickets - AskTGT/AskTGS - TGTDeleg All the exe file are less than 20KB which is really nice.

OtterHacker's tweet photo. Just finished redeveloping the Rubeus monitor plugin in C to avoid uploading a full Rubeus to exploit unconstrained delegation.

For now I have the :
- List/Inject/Dump tickets
- AskTGT/AskTGS
- TGTDeleg

All the exe file are less than 20KB which is really nice. https://t.co/JZJlpMnOJ3

12

589

105

233

42K

WBGIIl retweeted

Matthew Green

@matthew_d_green

about 2 years ago

Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram. I want to talk about this a bit. 1/

279

18K

5K

6K

5M

WBG

@WBGIIl

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users