Olivia
Online
Alfie Champion
@ajpc500
Founder at @delivr_to | Author of Practical Purple Teaming | Detection & Emulation at @github | Tweets my own
London, England
Joined November 2010
541 Following
2.6K Followers
714 Posts
Pinned Tweet
With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarch! 🎉
"Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing.
https://t.co/2syCI1JmDd
Apple has now acknowledged ClickFix as a serious threat. The new protections in 26.4 meaningfully raise the bar for the average user. 🙌
However, for enterprises and developers, we thought more can still be done. So we built Phorion's advanced Clipboard Protection. 🧵
New blog post - prioritizing alerts triage with higher-order detection rules
https://t.co/3E11NJCdxC
Who to follow
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
Cas van Cooten
@chvancooten
@Offensys Co-Founder || Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist
Melvin langvik
@Flangvik
Red Team @TrustedSec , terrible creator of InfoSec content 📹Opinions are my own and not the views of my employer.
Apple (copied BlockBlock 👀) and added ClickFix protections… but kept the good stuff private 😤
Reversed xprotectd to see how it really works and emerged with enough detail to build your own (kinda)!
Read: No Paste for You!
https://t.co/hoWodAY53h
Playing with Apple’s latest ESF events took a little bit more work this time around!
I’ve written up a post on exploring the new undocumented socket bind events or ES_EVENT_TYPE_RESERVED_3 and _4.
https://t.co/TUu2UQJqgk
You can now build macOS firewalls/network tools via Endpoint Security - no Network Ext. needed! ���
Reversing macOS 24.6’s new ES_EVENT_TYPE_RESERVED_* ES events shows some are network auth/notify hooks
Read: “Building a Firewall…via Endpoint Security!?”
https://t.co/gR4t6dPbbr
📢🍏 macOS is now part of the EDR Telemetry Project. After three months of focused work, we’re excited to share a new framework and generator for endpoint visibility on macOS!
Huge thank you to everyone who contributed and helped shape this release. Looking forward to what comes next.
Read more: https://t.co/qxDGMMsrlH
Less copy-paste; more drag-and-drop.
In our latest blog, we explore a new variation of ClickFix that makes achieving malicious command execution more streamlined than ever.
https://t.co/icct4aN99g
New on Hacking the Cloud: @AI_red_team documents a new method for extracting IAM creds from an AWS Console session. Useful for post-exploitation and evasion tradecraft.
I've been meaning to cover this for years. Glad it’s finally live:
https://t.co/kqboea3DIS
New from @KingOfTheNOPs + @senderend: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents:
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
https://t.co/0jNpt5978o
🧵: 1/2
@ipurple Hope you find it useful! 💜⚔️
New books arrived today for my library! 🔥🔥🔥 @ajpc500
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
@_xpn_ Hope you find it useful, dude! 💜
Phorion Threat Report: a backdoored Cursor extension was used to deploy the Paradox Stealer infostealer into macOS developer workflows.
The post breaks down the full infection chain, detection opportunities and why IDE extensions have become a reliable point of initial access.
https://t.co/cj9mKj8GZ3
I wrote a thing about some recent dabbling with AppleScripts https://t.co/hzdgrv1wtV
I got a sneak preview of this research and it’s a must-see for anyone attacking or defending macOS environments! 🍎🍪
Our very own @_calumhall will be speaking at KawaiiCon (prev. KiwiCon!) today talking about Phorion's innovation in ransomware defence and recovery. Where he will be discussing the technical inner workings and some cool tricks to build a comprehensive anti-ransomware solution.
Rumour has it that he may have discovered a (related!) neat bypass for cookie theft protections too. 👀
Tune in to the live stream, Friday 7th November, 11:45am (NZDT), or convert to your local time. (hint: It's Thursday afternoon/evening for US/EU! 🚀 )
https://t.co/yOOKXiIPAp
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more ⤵️ https://t.co/mYPHg1mTKj
Finally disclosing the critical supply chain attack I've spent the last 6 months preventing:
🧵
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers