Olivia
Online
CU
@CraigUnder
💻 ⚽️🎾🏎️🏃
Joined May 2012
821 Following
1.3K Followers
4.5K Posts
This morning I have made public an internal repo on relaying available to everyone. I call it the relay bible. I still have a few more additional tweaks and techniques to add in here but for the most part. It's ready. Hope everyone enjoys my reference.
https://t.co/if08LR2Nwv
Good to see people researching and publishing on this. Worth paying attention to Passkey and FIDO 2FA security in the context of malicious client-side JS and supply chain attacks. We’re not seeing this attack often yet, but we'll likely see more now that everything moves faster.
seems to be hot. a 6-year old LPE what was fixed(?) in 2020 by MS is still (again?) working on Win11 (and Server 2025).
just tried the freshly weaponized PoC by @ChaoticEclipse0. regular user -> SYSTEM works like a charm on an up-to-date Win11. 🎉
https://t.co/MeBwPLJpNT
Earlier today Cloudflare's CSO shared how they tested Anthropic Mythos using an unreleased 8-stage vulnerability-discovery agent. So I asked Opus to implement the agent for me, it works via Claude SDK with a Pro or Max subscription, no API.
Enjoy https://t.co/McoZbTvTLL
Who to follow
Tony
@TJ_Null
Blue Teamer in Disguise. Blog at https://t.co/spa33ybIVL. SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining
🇺🇦 Joe Gray aka JOSINT 🇺🇦
@C_3PJoe
Abandoned account.
BlueSky: C_3PJoe & Mastodon: JOSINT.
Threat Intel; 5x Black Badge; Views: my own; https://t.co/eGtH4P4tzV
spaceraccoon | Eugene Lim
@spaceraccoonsec
Author of "From Day Zero to Zero Day" - No Starch Press. Every day is 0day! Personal profile - all opinions expressed are my own.
Built a fun little project this weekend: surface-watch
It’s a lightweight external attack surface monitoring framework that builds scope from known FQDNs and IPs plus automatic root-domain discovery using passive providers like DNSDumpster, Chaos, and OTX, resolves candidate hosts, scans externally reachable ports with nmap, stores history in SQLite, detects meaningful changes between scans, and sends grouped alerts to Slack, Teams, or Discord
I also added an AGENTS.md setup guide so you can just point your agent at the repo, answer a few setup questions, and get going pretty quickly
https://t.co/WSy6bOmk25
Been very interested in Async BOFs lately and implemented a few for use with Conquest. The first implements Rubeus monitor as a BOF and notifies when TGTs are collected. The second monitors for clipboard changes and returns them. https://t.co/p7hmjv4kAq https://t.co/Kdo9FG9Fba
@HackingLZ https://t.co/uam8E4wwrr
Maybe useful
Had some fun making this credential dumper BOF implementing the Silent Harvest mechanism from @haider_kabibo . Thanks to him as well as @R0h1rr1m for his SilentNimvest implementation of the research!
https://t.co/e0IqN4AZBi
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
Small updated to DRSAT just pushed that will also allow Group Policy Editor and Certificate Authority / Templates MMC snap-ins work over a TCP only SOCKS connection.
https://t.co/zqGYByH9wc
LLMs have changed the way offensive security practitioners reason about problems and build offensive capabilities. @evan_pena2003 and I wrote how our @ArmadinSecurity red team approaches this in the new age of LLMs ⬇️
https://t.co/JSWKPiSjOU
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.
NDSS'26 paper: https://t.co/MI567gb2Jr
GitHub: https://t.co/Ns9nn9JEZM
This is Cloudflare’s encryption and i am not kidding
Amazes me every time i think about it
@Defte_ Update:
Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements:
https://t.co/g42CHDxQdB
Now Shadow Creds are working again 😀
Added a feature to ADExplorerSnapshot script today to gather useful information about the environment via the classes, now it will tell you if SCCM, ADCS etc are active in the environment https://t.co/cOeOyf3PRe . Thank you @c3c for the awesome tool and the quick PR approval
Just released a new @SpecterOps blog! I discovered that during client push in SCCM env's it's possible to remotely start WebClient and coerce HTTP from site servers for a relay to LDAP resulting in hierarchy takeover when WebClient is installed! 🫠
https://t.co/4LTRtkogQr
ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on machines. It uses the BloodHound OpenGraph format to build a new edge called which determines if a user profile exists on a computer. This edge allows operators to make informed decisions about which computers to target for looting secrets.
https://t.co/l524stExDt
So this is a fun one. I previously wrote about relaying a management point (or site server) to the site database to dump TaskSequence and NAA policies and steal credentials. Turns out we can take advantage of this a bit more after taking over the site.
https://t.co/79bS3Kw4ZB
Hello folks, inspired by @lefterispan , I’m releasing a BOF implementation of COM-Hunter for @_CobaltStrike. The BOF version includes the exact same features as the .NET implementation, and I recently added a remove-mode feature to both versions. I hope this BOF proves useful in your operations.
Project Link: https://t.co/NlcefTeOKn
#redtea #cobaltstrike #bof #beacon #persistence
Implemented a number of persistence methods in a BOF. Nothing ground breaking but might be useful to some. https://t.co/j6XzlSiuAO
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers