Gavin K

Verified account

@atomiczsec

building and breaking @SpecterOps | opinions are my own

/

Joined August 2021

405 Following

7K Followers

2.6K Posts

Pinned Tweet

6 days ago

cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can: - fingerprint AWS, Azure, and GCP from the current process - report IAM and managed-identity credential snippets - probe Azure App Service, Arc HIMDS, and WireServer extension metadata this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below. the in depth Azure coverage was provided by @s1zzzz This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

atomiczsec's tweet photo. cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can:

- fingerprint AWS, Azure, and GCP from the current process
- report IAM and managed-identity credential snippets
- probe Azure App Service, Arc HIMDS, and WireServer extension metadata

this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below.

the in depth Azure coverage was provided by @s1zzzz

This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

2

20

3

5

4K

about 10 hours ago

@iamjasonlevin bro said "just" a picture of us at an event

0

1

0

0

282

about 20 hours ago

@SBousseaden 👀 https://t.co/9W3l4E6JfK

6 days ago

cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can: - fingerprint AWS, Azure, and GCP from the current process - report IAM and managed-identity credential snippets - probe Azure App Service, Arc HIMDS, and WireServer extension metadata this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below. the in depth Azure coverage was provided by @s1zzzz This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

atomiczsec's tweet photo. cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can:

- fingerprint AWS, Azure, and GCP from the current process
- report IAM and managed-identity credential snippets
- probe Azure App Service, Arc HIMDS, and WireServer extension metadata

this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below.

the in depth Azure coverage was provided by @s1zzzz

This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

2

20

3

5

4K

1

4

0

1

346

1 day ago

interesting idea here splitting model usage 👾

0

3

0

0

267

Who to follow

Godfather Orwa 🇯🇴

Hacker | Bug Hunter | Cooker | Top 5 P1 Warrior On https://t.co/dzFQH75OWj | LevelUpX Champion | 10+ 0Days/CVEs

Md Ismail Šojal 🕷️

Cyber_Security_Re-searcher || Ai Re-searcher || AI-Sec|| Malware Analysis II iOS || Pwn || 0SINT || Project AI-StrikeSec || 0ldAccounts Suspended @0xSojalSec ||

Verified account

🔎 @mapperplus 🥷 Cyber Security Engineer - Penetration Tester 🔴 Synack Red Team Member 💻 Enthusiast ... --------------- OSCP-CRTO

3 days ago

@b_nnett very intriguing

0

0

0

0

935

3 days ago

@iamjasonlevin @Jayyanginspires

0

3

0

0

211

4 days ago

0

2

0

0

444

4 days ago

new repo for macOS and Linux execution is almost here - everything will be released publicly here and on github in the coming days, stay tuned ;)

atomiczsec's tweet photo. new repo for macOS and Linux execution is almost here - everything will be released publicly here and on github in the coming days, stay tuned ;) https://t.co/ys0s5TYNpZ

6 days ago

cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can: - fingerprint AWS, Azure, and GCP from the current process - report IAM and managed-identity credential snippets - probe Azure App Service, Arc HIMDS, and WireServer extension metadata this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below. the in depth Azure coverage was provided by @s1zzzz This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

atomiczsec's tweet photo. cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can:

- fingerprint AWS, Azure, and GCP from the current process
- report IAM and managed-identity credential snippets
- probe Azure App Service, Arc HIMDS, and WireServer extension metadata

this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below.

the in depth Azure coverage was provided by @s1zzzz

This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

2

20

3

5

4K

0

14

1

4

2K

4 days ago

@lukOlejnik ministry of propaganda = @memelordtech

0

0

0

0

448

5 days ago

@0xBoku @AnthropicAI let the goat cook

0

1

0

0

511

5 days ago

@N7WEra thank you!!

0

0

0

0

15

6 days ago

cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can: - fingerprint AWS, Azure, and GCP from the current process - report IAM and managed-identity credential snippets - probe Azure App Service, Arc HIMDS, and WireServer extension metadata this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below. the in depth Azure coverage was provided by @s1zzzz This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

atomiczsec's tweet photo. cloud_metadata_check - BOF to probe cloud-local metadata services (IMDS, App Service, Arc HIMDS, WireServer) that can:

- fingerprint AWS, Azure, and GCP from the current process
- report IAM and managed-identity credential snippets
- probe Azure App Service, Arc HIMDS, and WireServer extension metadata

this is very useful for SA and pivoting, by mining cred material we can see what access this instance has and use that or try to pivot further; more info commented below.

the in depth Azure coverage was provided by @s1zzzz

This is the windows BOF version, soon I will be releasing a repo similar to Adrenaline, but for Linux and macOS environments ;)

2

20

3

5

4K

5 days ago

@sec_hub93028 identities

0

4

0

0

301

5 days ago

0

1

0

0

500

6 days ago

@a16z best chart yet

0

1

0

0

361

6 days ago

@weezerOSINT denied all of my cyber-adjacent requests so far. no model is as tight as this one, it is unusable - even to edit markdown files in a repo that has some tooling

0

2

0

0

235

6 days ago

some example outputs of what different providers would look like:

atomiczsec's tweet photo. some example outputs of what different providers would look like: https://t.co/s1EhsZt9r0

0

1

0

1

394

atomiczsec retweeted

SpecterOps @SpecterOps

8 days ago

Splunk can be daunting to new detection developers, but when used right its an exceptional tool for detecting adversaries. @sou_predictable's guide covers how to write queries that are fast and efficient to find what you're looking for. Check it out! ⤵️ https://t.co/7saK1d5Pq4

0

13

6

17

2K

8 days ago

@chompie1337 gone with the wind

atomiczsec's tweet photo. @chompie1337 gone with the wind https://t.co/Daq441W2Kk

0

1

0

0

725

10 days ago

@techspence need more of these presentations for small and local communities 🔥

0

2

0

0

185

Last Seen Users on Sotwe

Trends for you

Most Popular Users