Olivia
Online
Aman Sachdev
@admin_login
I make code, I break code, I make code that breaks code and I break code that makes code. #hacker #coder #infosecTrainer #redTeamer
Joined January 2019
323 Following
297 Followers
149 Posts
Pinned Tweet
Had a great talk on #redteam yesterday. A new experience talking to our own selves but as per the discord reviews, people loved it :)
Its still live on youtube (not for long) if you want to have a look at.
Thanks @hackinthebox for the platform as always.
https://t.co/dUvWuooy3W
Last year, @Raspberry_Pi hired us to test the security of the RP2350 - and using electro-magnetic fault-injection we were able to successfully bypass the OTP security measures!
This allowed us to read and modify the OTP locks, essentially bypassing the RP2350 secure-boot.
Great work Harry🔥
🚀 Launching #BobTheSmuggler! Transforming payload delivery with HTML Smuggling. 🌐💥
✨ Features:
Embeds 7z/zip in PNG/GIF
Compresses & XOR encrypts binaries
Ideal for payload delivery
🔗 [GitHub Link: https://t.co/FYXQmcynYF]
#RedTeam #CyberSecurity
Woot woot🔥🔥
Chandrayaan-3 Mission:
'India🇮🇳,
I reached my destination
and you too!'
: Chandrayaan-3
Chandrayaan-3 has successfully
soft-landed on the moon 🌖!.
Congratulations, India🇮🇳!
#Chandrayaan_3
#Ch3
Who to follow
Sajeeb Lohani (prodigysml / sml555)
@sml555_
Global TISO (Snr Director of) Cybersecurity @Bugcrowd | Web Security Lecturer (Masters) @ Melbourne University | Top 40 @Bugcrowd | #2 DVuln | Investor
Inti De Ceukelaire
@securinti
Hacker | @intidc (Dutch) | Chief Hacker Officer @intigriti
Armaan Pathan
@armaancrockroax
Senior Engineer - Security at Katim | OSCP | Bug Bounty Hunter | Keen Learner | Ex-AppSec @emirates ✈️
Just recreated this awesome @SpecterOps (@zyn3rgy, @0xthirteen) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey: https://t.co/nOerSwV8r1
finally wrote a new blog post, hopefully there's some interesting info https://t.co/y5dr0Nn2Kj
RE: The 3CX VOIP supply chain attack, vendors have stated that macOS was also targeted - but I couldn't find any specific technical details (yet) 🍎🐛☠️
One vendor stated, "we cannot confirm that the Mac installer is similarly trojanized"
...let's dive in! 1/n 🧵
Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).
Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down.
Thanks @THREAT_CON for inviting us. We had a wonderful time :)
#securityconference #threatcon #nepal #kathmandu #cybersecurity
Huge kudos to Dylan Evans! This is absoluetely amazing to see that someone took time and effort to pull this off! 🔥 https://t.co/50HQOOlOql
Who is this exceptional dev @Airbnb who doest swear in test inputs😂
Or someone about to get a bounty🙃
The greatest there was, the greatest threre is, the greatest there ever will be. HALA MADRIIIIIIIIID!!!!!!
CVE-2022-26923 ("Certifried") combined with KrbRelayUp: domain user to domain admin without the requirement for adding/owning previously a computer account. Step-by-step write-up of the attack in a pure Windows environment: https://t.co/0Vnp4NpTEo
@r4j47 @airtelindia Wait till you see other "similar" apps uploading your sms dump that too over http all in the name of auto KYC
⚠️ In macOS 12 (beta 6), Apple patched an intriguing flaw. Discovered by Gordon Long (@ethicalhax), CVE-2021-30853 allowed attackers to bypass:
▫️Gatekeeper
▫️Notarization
▫️File Quarantine
Interested in exactly how?
Read: "Where's the Interpreter!?"
https://t.co/N3aZhkSW0L
@zapstiko @0xmahmoudJo0 @shodanhq That sqli payload is incorrect. It will throw an erro. (given that one still finds this in reality on a paid target) Should be:
admin' or 1=1--
Or
admin' or '1'='1
@offsectraining Try harder... bitch...
Last Seen Users on Sotwe
عمر المصري🍆🍆(ناكح الأمهات الزنجي)
Seen from Turkey
Gwinna ooh bb 🔥🔞♥سكس
Seen from Algeria
istanbul beyi
Seen from Turkey
Cankiri pasif
Seen from Turkey
enigma
Seen from Qatar
spikspik
Seen from Singapore
Kyle Oconnell
Seen from Guatemala
Aslı
Seen from Turkey
Ceyda Atay
Seen from Turkey
آلُـِـِِـِِِـِِـِـڛـ,ـفُـ,ـآحـًـًًـًًًـًًـًـح
Seen from Egypt
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers