Olivia
Online
Cedric Van Bockhaven
@c3c
Joined February 2009
354 Following
980 Followers
947 Posts
In one week I will be presenting at @SpecterOps SO-CON 2026 about CyberArk PAM. I will share our practical experience and insights on PVWA edge cases and CCP API misconfigurations. #SOCON2026
More information and registration: https://t.co/dHORi2Jooo
Pushed a major redesign and improvement of https://t.co/ZRVQgWfEKI for the old-school PowerShell warriors out there. Includes five more recent patch methods and tons of fixes, thanks to my best friend Claude 🤠
1. There's little to no value giving away someone's hard work to public only to feed threat Intel feeds, signature databases and APTs in return for a few likes and kudos 🙃
2. Private Discord servers offer Signal/Noise ~ 1.0 + friendly atmosphere🫢
Initial Access Guild FTW! 🍻
Added a feature to ADExplorerSnapshot script today to gather useful information about the environment via the classes, now it will tell you if SCCM, ADCS etc are active in the environment https://t.co/cOeOyf3PRe . Thank you @c3c for the awesome tool and the quick PR approval
Who to follow
Outflank
@OutflankNL
Red Team Tooling & Tradecraft
Ryan Cobb
@cobbr_io
Red Teamer | Hobbyist Software Developer | Operator @SpecterOps
Developer: Covenant, SharpSploit, PSAmsi
Cody Thomas
@its_a_feature_
Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
📢 Big News! @mariuszbit is joining Outflank! He ticks all the boxes:
Experienced #offsec researcher ✓
Respected name in red teaming ✓
Built RMF tooling for initial access ✓
His work is coming to OST✓
The red hoodie fits perfectly ✓
Welcome Mariusz!
https://t.co/EBbODaWPBB
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
@ze_ts_ @SEKTOR7net The bigger risk with enclave vulns is that sensitive data/key material may be compromised, which is what they were designed to protect.
@ze_ts_ @SEKTOR7net Abusing an enclave for running malicious code is tough (custom gadget chains needed) and most interesting functions (file IO, network IO) will go via VTL0/be subject to analysis in VTL0 anyway.
For post exploitation their use is limited - at least for now
@ze_ts_ @SEKTOR7net Identifying what is exported in existing DLLs requires some reverse engineering to figure out the playing field for that enclave.
The offensive use is limited to memory ops within the same process - anything more interesting will go via VTL0 and is subject to ETW/EDR analysis
@ze_ts_ @SEKTOR7net Thanks for the mention 😊
@ze_ts_ are you looking for defensive guidance? For developing enclaves it’s indeed important to limit the exported functions and follow the recommendations by microsoft :
https://t.co/fByQjHp847
Awesome work by Lance, clear write-up on the issue, the solution, a PR to ROADtools and more tradecraft!
My first blog with @falconforceteam! Check it out if you want to learn a few things about Azure DevOps.
🚀 We're hiring a DevOps/Cloud Engineer at Outflank!
Join us to build and manage complex Azure environments that deliver our OST toolkit.
Skills: Kubernetes (AKS), GitOps, IaC, Tekton, Python💻 It's NOT an offensive role!
Based in NL or a time zone-friendly region? Let's chat!
New Blog Alert! 🚨
Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs.
Learn how it combines Early Bird APC Injection & EDR-Preloading: https://t.co/oWreVHNKyL
I am excited to share that I have graduated for my master's degree in Cybersecurity from the Radboud University🎓. I completed my thesis "Endpoint Detection & Response Evasion during Windows Process Creation" with a 9/10!
Who’s the real #GrimResource? Spoiler: It’s us! 😏
Here's our latest blog on using MSC files for initial access: https://t.co/aQ0Of11pU8
Fun fact: @elastic’s post on this technique came from a sample caught by a blue team, originally used by a red team through our OST offering.
It's not *always* about Windows--macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery explains more about the telemetry sources for these under-discussed #endpoint products>
https://t.co/fxA5s7vKUH
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
https://t.co/xO0Jv9ONNd
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers