Olivia
Online
Josh Hawkins
@BinaryFaultline
Joined May 2015
515 Following
288 Followers
514 Posts
Pinned Tweet
New blog post and tooling: Introducing Striker and the Payload Automation Libraries.
https://t.co/UhbY3veJ95
A set of Python libraries to interact with Cobalt Strike to help script and automate custom payload generation.
This is a good example of large scale security issues companies can face with AI adoption. Enterprises have years of baked in assumptions that work because people following processes do not necessarily understand the capabilities those assumptions imply. Now, potentially any user
We’re proud to introduce the Offensive AI Con 2026 Review Board.
This year, we’ve brought together 12 of the most respected minds across offensive security, AI research, and real-world adversarial operations to help shape the direction of OAIC. The CFP opens June 1st!
Think about the red teams you respect most. Now think about how they actually breach mature environments with strong stacks and strong defenders. It's almost never a memory corruption 0day. It's abuse of functionality.
If you’re into Impacket you might want to checkout Titanis. Perhaps it’s more opsec safe 🤷♂️
https://t.co/cx2JzY6ta1
If you use a personal phone/laptop for your work, pay very close attention to this little detail.
Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices.
The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :)
Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen.
People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.
Companies be wildin yo. Just sat an interview where the candidate said “I don’t have a ton of experience with Cobalt Strike, but another company I interviewed with yesterday gave me one of their license keys so I could get it and do a CTF they set up”.
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
The wait is over…Choose your side!!
Barely Human Official Video is live now!!!
#LYLVC #judgeandjury #howardbenson #neilsanderson #altmetal #metalcore #raprock #rapmetal #posthardcore #activerock #rockmusic #rock #numetal #hardrock
I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it!
- https://t.co/Hh089SaVOS
- https://t.co/geO0HXTykf
Hiring a junior/mid role on my team for a Red Team operator, feel free to DM me with any questions or anything https://t.co/N1ON0c2OXd
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. https://t.co/CI6U1M9Mbn
You can find my slide deck for @TheOffensiveX on GitHub. I also included a minimalist extension that you can build on and will load in any of the VSCode forks on any platform 👨💻⚔️
I'm happy to announce that my BOF Development and Tradecraft course on Zero Point Security is now part of their Purcharsing Parity Program (PPP). This means you can purchase the course at a potentially reduced price based on the country that you live in! https://t.co/E1wNDiLdZI
🚨 New blog post alert!
@_xpn_ drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs. https://t.co/NYxzwaRm5U
Okay so this is HUGE - our amazing AI red team have open sourced their AI red team labs so you can set up your own training!
https://t.co/brvdq6roHp
@ram_ssk
Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux.
For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have AI do it.
Up to @taviso whether that merits switching to Windows 98 :)
https://t.co/KfqmJqvlJu
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
https://t.co/ykJv0sePN9
@corg_e Well I've sent my two emails for the day, time to put all my passwords in SharePoint and take a four hour lunch break
Last Seen Users on Sotwe
toptito
pegging wife13
Seen from Singapore
raja ngocok
Seen from Indonesia
OSINTdefender 
Seen from United States
VManiak Jilbab
Seen from Indonesia
ชอบนัดเย็ดกับสาวใหญ่
Seen from Thailand
ป้อนไง จะใครล่ะ
Seen from Thailand
อนาจักรล้านนา
Seen from Thailand
Morbo Club
Seen from Spain
olgun arıyorum
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers