Olivia
Online
José M. Aparicio
@_apanonimo
Red Team @BlackArrowSec (@Tarlogic)
Santiago - Sevilla
Joined March 2012
251 Following
233 Followers
319 Posts
Microsoft has addressed a one-click NTLM leak vulnerability affecting Windows Snipping Tool (CVE-2026-33829), discovered by our researcher Marcos Díaz (@Calvaruga).
➡️ Read the write-up: https://t.co/JvMGad5NuI
➡️ Microsoft bulletin: https://t.co/0IbpRxxUY7
A small rant:
The State of Art in Red Team is whatever you want to believe
https://t.co/ZihtNl8WEF
Tangled is a social engineering platform that weaponizes calendar event processing in Outlook and Gmail to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction.
https://t.co/vz4ulB2SL3
Technical breakdown: https://t.co/0Z0LH8hjdM
Meetings You Didn’t Plan, But We Did
In this post, @ineesdv breaks down how calendar event processing in Outlook and Gmail can be abused to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction
➡️Read more: https://t.co/7RApljHair
Who to follow
ATTL4S
@DaniLJ94
I like spending time understanding things | FSAS @NCCGroupInfosec
Gonzalo J. Carracedo
@BatchDrake
@[email protected] - C/Unix ninja, amateur radio and radioastronomy enthusiast. PhD student in astronomical instrumentation - EA1IYR
Pepe Vila
@cgvwzq
observer. my opinions are not mine and reflect those of your employer.
This Thursday, our colleague @_Kudaes_ will be at @NavajaNegra_AB presenting Activation Context Hijack: a new code execution technique for Windows environments.
➡️ More info: https://t.co/KLCb6lWNDw
AvePoint has fixed a vulnerability in DocAve, Perimeter and Compliance Guardian discovered by our researchers @m1ntko and @Calvaruga.
This vulnerability can be used to achieve Remote Code Execution (RCE) in affected systems.
➡️ Advisory: https://t.co/bD9hLomlG1
Old Red Team Story:
@_apanonimo created something similar but as APK uploaded to the Android PlayStore spoofing the target company. It read the 2FA from SMS and autofilled it to login in the intranet, but also gave us access.
It stayed alive for months 😂
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk.
This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives.
https://t.co/gRtlOdNejE
As someone involved in the AWS offsec space, I want to share why I strongly do NOT recommend the HackTricks AWS Red Team Expert course. The author of it is a plagiarist, stealing content from other creators and is directly profiting off of it through sponsorships. A 🧵
Our colleague @IagoAbad has weaponized the leaked token handles technique for MSSQL.
Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain.
https://t.co/JmXSDrLMfH
My 2cents: before using something random you saw on twitter/Github, think twice how it works and if it is worth or just crap. And, please, don't reuse infra in your attacks 🤣
First video of "Understanding a Payload's Life" uploaded. As soon as I have some spare time I'll be recording more. Enjoy!
https://t.co/AJsQvUgFws
Watchguard has fixed 4 vulnerabilities in Watchguard EPDR discovered by our researchers @antuache and @Calvaruga.
These vulnerabilities can be used to turn-off the defensive capabilities of the product and achieve privilege escalation.
➡️ Advisories: https://t.co/uJGhFsI5VR
Finally I figured it out how to remove your username and other undesired absolute path strings from Rust binaries. It's pretty simple, but I've added it to the tips and tricks repository in case anyone has been struggling with this issue as well. https://t.co/bRpjF1CeSp
In our latest post, @xassiz introduces a new technique to obtain cleartext passwords from MSSQL by abusing linked servers through the ADSI provider.
➡️ Read more: https://t.co/KUDKJiV4KY
New process injection technique through entry points hijacking.
- Threadless or threaded, at will.
- No hooking.
- No RWX memory permissions.
- No new threads with start address pointing to the injected shellcode.
https://t.co/2Hjq9pOdsA
I've found that fibers may be something to look at when it comes to execute local in-memory code. This is a simple PoC of how you can leverage fibers to execute in-memory code without spawning threads and hiding suspicious thread stacks among others.
https://t.co/kjIPOunGun
Have you ever tried exploiting a Spring Boot Actuators RCE but the restart endpoint was disabled?
⬇️ Abuse this behaviour using this #TrickOrThreat by @antuache
Last Seen Users on Sotwe
duycuong9999
Seen from Vietnam
jason albert
Seen from Egypt
Grup manyağı
Seen from Turkey
Türk | Porno Sex İFŞA
Seen from Turkey
Jason Morgan23
Seen from Italy
ANNE SİKEN
Seen from Turkey
People2peopl3
Seen from Indonesia
ocome|※
Seen from Japan
jahanggis malih aqqel
Seen from Indonesia
pb
Seen from Malaysia
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers