Olivia
Online
Sunand
@Crypt0_b0y
Hacker | Security Researcher
Joined June 2010
2K Following
295 Followers
10.1K Posts
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID. https://t.co/ffuJsfOG9x
Master the art of reverse engineering and binary exploitation. Train through an immersive terminal. Progress through the belt system. 📍
Source: https://t.co/enxuULFPeF
We dropped our complete OSED notes index on the blog. It’s a raw technical reference covering x86 assembly, PE structure analysis, format string primitives, and OS mitigation bypasses.
https://t.co/BDr6aJZO5J
#offsec
Who to follow
gartzen
@Gartzen72
( ͡° ͜ʖ ͡°) Security vs Obscurity
Clandestine 
@akaclandestine
| Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
Katie Paxton-Fear
@InsiderPhD
Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her
JWT Auth Bypass TestBed
https://t.co/qoYUYTxduT
Test your skills: 18 main tests with variations.
A proprietary tool with 40+ techniques for Brute One will be available this week to spot all these cases in the wild in a matter of seconds.
https://t.co/ThMs09G3Hp
SPN-less RBCD with NetExec🔥
While classic RBCD requires a computer account, you can use U2U authentication to perform RBCD with a normal user account, if a computer account is not available.
Thanks to @azoxlpf, you can now perform this attack with NetExec as well🚀
FULL REMOTE CODE EXECUTION on default nginx 1.30.0 no config changes needed. 🫠
Verichains a deadly exploit chain combining Nginx-Rift (CVE-2026-42945) + Nginx-PoolSlip (CVE-2026-9256).
2-byte heap pointer overwrite & heap over-read then ASLR bypass to arbitrary command execution via system() on connection teardown.
Vendors++
Added:
GL.iNet
Hikvision
Dahua
Not all of them encrypt, but nice to have.
https://t.co/eMD7qL6Nhp
My latest blog post: Using BYOVD to loot LSASS bypassing HVCI and all other security protections built in to Windows 11 25h2:
https://t.co/xuKSBQSwYr
Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0.
nginx-rift has been patched, but our security agent Vega has found a new 0 day.
We will release the full technical writeup with ASLR bypass 30 days after the patch on https://t.co/LAhOC5UHrp.
This is Microsoft's 5th WinRE BitLocker bypass in 3 years. CVE-2022-41099, CVE-2023-21563, CVE-2024-20666, BitUnlocker, now YellowKey
How it works:
1. Recovery tools look for a config file called RecoverySimulation.ini on the OS drive
2. If Active=Yes, it enables "test mode" for the recovery tools
3. Test mode unlocks your BitLocker drive but a flag called FailRelock tells it to skip relocking
4. cmd.exe spawns with full access to your "encrypted" drive
Awesome Large Language Models for Vulnerability Detection https://t.co/p0DR30TQEg
ADWSDomainDump. Active Directory information dumper via ADWS (Active Directory Web Services)
https://t.co/EECO9NOWMl
Found a pretty solid fuzzing resource for web security testing 👀
👉 https://t.co/JtQVcqiQzH
Contains:
• endpoint discovery wordlists
• XSS/SSRF/LFI payloads
• parameter fuzzing lists
• Burp Intruder payloads
• recon & web fuzzing dictionaries
Useful with:
ffuf • Burp Suite • dirsearch • arjun
Good repo for bug bounty & web app testing workflows.
#BugBounty #CyberSecurity #WebSecurity #InfoSec #EthicalHacking
DeadMatter
Extracts LSASS credentials from memory dumps. Lightweight. Can be used to bypass AV/EDR. Usually is paired with DumpIt as both of them don't need GUI.
Tested with Microsoft Defender and Kaspersky
https://t.co/phV5wNPfBZ
@three_cube @_aircorridor #edr #apt #redteam
Claude-Red: Turn Claude into a Red Team Operator with 38 Offensive Security Skills. 🤖💀
Prebuilt SKILL .md modules for SQLi, XSS, EDR evasion, exploit dev, OSINT & more — structured like real attacker workflows.
AI is powerful, but garbage input = garbage output. Skills define capability.
#RedTeam #AIsecurity #CyberSecurity
https://t.co/QraHdkdU0A
New NetExec module: mssql_cbt🔥
Relaying to MSSQL can be a hidden gem when you are out of options. The only protection against relaying to MSSQL is to enforce Channel Binding Tokens (CBT). Thanks to @Defte_, NetExec now has a module that checks whether this CBT is required.
The latest Proxmark3 release is called BREAKMEIFYOUCAN!
Not a random name.
That is the actual 3DES factory default key NXP burned into every MIFARE Ultralight C they shipped since 2008.
Somebody finally broke it properly.
The paper drops the keyspace from 2^112 down to 2^28.
Counterfeit cards fall in under 60 seconds from a single card interaction. The tooling is merged: https://t.co/2CYKrRdv22
#Proxmark3 #RFID #NFC #MifareUltralightC #NXP #OpenSource
TokenSmith. generates Entra ID access & refresh tokens on offensive engagements, by @JumpsecLabs
https://t.co/FG7GijDEJj
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers