Olivia
Online
0xBB
@bb_hacks
Someone who breaks stuff, sometimes even on purpose!
Learningsville
Joined January 2013
508 Following
712 Followers
714 Posts
Pinned Tweet
I'm super please to announce the release of NSGenCS - an extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows.
Pick a technique and delivery method or create your own - new ones can be added in under a minute
https://t.co/qJ8jX2NOYN
It's been a few months since I released a few short "Mythic Developer" videos. Before making more, I'd like to first get your feedback on the current ones. Please take a few min and fill this out so I can make sure you get the best content :)
https://t.co/UEDjWbXjVY
Meanwhile I have not seen a *single* useful use case of ANY AI working inside of ANY mainstream Microsoft products.
Who to follow
Thomas Seigneuret
@_zblurx
Red Teamer & Security researcher
Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo
bsky: https://t.co/zISpgvDSWc
Ido Veltzman
@Idov31
I'm a security researcher who uses this platform to share my projects and research. Opinions are my own.
https://t.co/UiWgKq40sV
☠️ Brandon
@__mez0__
👽 UNC1194 🔥 Targeted Ops @TrustedSec 🤖 Dev @preemptdev
"purveyors of the prettiest log files"
BREAKING: @AOC just completely went off on Trump after ICE murdered Alex Pretti.
"Donald Trump [is] accusing a Veteran Affairs ICU nurse (Alex Pretti) as being a terrorist against the United States. A man who was treating services members to our country, who was dedicating his life to serving Americans. Who in his final act on this earth was helping a woman pushed to the ground. And they are calling him a Domestic Terrorist, in order to defend their gross abuse of power, their absolute breaching of the law and in order to precipitate greater conflict."
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe.
https://t.co/015qmQnIS2
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. https://t.co/CI6U1M9Mbn
@thatgirldadlife And you are a fucking idiot
Fancy breaking out of ConstrainedLanguageMode, disabling userland ETW and bypassing AMSI? All at once and all with one tool? Signed by Microsoft?
Well have I got some good news for you : https://t.co/YxVF8I6yVR
Plain text credentials from Palo Alto GlobalProtect v6.3.2-525
Will update https://t.co/bAPNigUO7x later but the new pattern (~line 300) is
{0x48, 0x8D, 0x15, 0x63, 0x62, 0x4E, 0x00}
BlueSky Account : [email protected]
Hey @AXS_UK, pretty sure that's not my IP address, being a private one (RFC1918 and all that). #HappyNewYear
@DebugPrivilege @r3nzsec I'm not bashing on @r3nzsec here, he's an absolute legend and in no way responsible for this clusterf#ck.
So Palo Alto apparently silently updated (nothing in the release notes I could see) and decided rather than fix the issue, they would just stop the PoC working.
So here is the tool getting plaintext creds on the latest version.
Stop blocking the tool and start fixing the issue
Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ...
Full write up here : https://t.co/6T65cHCi9n
Tooling available here : https://t.co/bAPNigVlX5
Make sure to take your chances this holiday season to grab a free gift from the "cybercrime santa" 😂
🐋 Orca has arrived!
The latest Proxmark3 source code is here, packed with fixes, features, and expanded capabilities. From enhanced iClass tools to new Python/Lua support, this is our most versatile update yet.
🔗 https://t.co/WKv3DC53yK
#Proxmark3 #RFIDHacking #Orca
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏
Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:
https://t.co/4Drnk4BoBz
@ifredriks Since you asked so nicely...
10.2.10-h7
If you can't get to GitHub to download the tool and test it internally at Palo Alto, please let me know and I'll send you a copy
Otherwise I'm actually working through this with Palo PSIRT so you can follow it there as well as here.
Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ...
Full write up here : https://t.co/6T65cHCi9n
Tooling available here : https://t.co/bAPNigVlX5
@ifredriks I think this is a different way - both CVE-2024-8687 and CVE-2024-5908 say they are fixed in >=6.2.1 and >=6.2.3 respectively
Here the tool is running against 6.2.4-652
Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems.
On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers