Olivia
Online
Julien Bedel
@d3lb3_
French Pentester. Using retweets as bookmarks.
Joined August 2022
177 Following
528 Followers
411 Posts
Pinned Tweet
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
Some of my favorite security capabilities that are not EDR:
1. User behavior monitoring
Example: Suzie in accounting all of a sudden makes a bunch of SMB connections.
Or when bob’s Tier 0 account is now logged into a workstation somehow.
UEBA (user entity behavior analytics) used to be a thing several years ago. Then it got (absorbed?) by identity products. But most have fallen flat in my opinion.
I’d recommend taking a look at data security/auditing products for these capabilities. DM me if you want and I’ll share more details here.
2. Network detection & response
I’ll be honest these can get super expensive. But when tuned well these can be some of the best at detecting suspicious network activity.
Example: Large number of ldap queries from a workstation.
Or when all of a sudden gMSA are being queried for their password attribute.
Believe it or not, I’ve done entire internal pentests and triggered next to no EDR alerts, but the clients user activity monitoring and NDR were lighting up like a Christmas tree 🎄
This is an underinvested area of security for many orgs.
I'm struggling to find reasons to keep CobaltStrike licensed these days. We rarely, if ever, use it. We had been keeping it around for teaching private classes, as some of our clients internal teams use it. The other use case was for threat emulation since it was the hotness with ransomware groups. Now that they have locked down their licensing model and it's less prevalent in the wild, I'm only tied to the first use case.
Who to follow
Thomas Seigneuret
@_zblurx
Red Teamer & Security researcher
Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo
bsky: https://t.co/zISpgvDSWc
Aurélien Chalot
@Defte_
Hacker, sysadmin and security researcher @OrangeCyberdef 💻
Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖
🔥 Hide&Sec 🔥
Kleiton Kurti
@kleiton0x7e
A web security guy, Red Team Enthusiast and wannabe Malware Developer. Opinions and views are my own.
DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with @k3vinTell's new article on DCOM basics. Trust us, it's way cooler than it sounds!
https://t.co/pp28KJng3V
Mythic's browser scripting lets operators customize data analysis beyond raw output.
Alexander DeMine shows how smart agent design + structured responses transform the operator experience. ⬇️ https://t.co/pDZhpvy86e
I automated the POC for stealing policies from MP relays from this blog into a modified version of mssqlclient https://t.co/79bS3Kw4ZB would work too with any other piv account to the DB
https://t.co/7rRXBA5mpZ
(no PR because impacket doesnt merge, sorry)
Trying to fly under EDR's radar?
@_logangoins explains how to use HTTP-to-LDAP relay attacks to execute tooling completely off-host through the C2 payload context. Perfect for when you need LDAP access but want to avoid being caught stealing creds. https://t.co/o6bnxHpxj5
The GroupPolicyBackdoor tool, presented at #DEFCON 2025, is now available on Synacktiv's GitHub: https://t.co/CWLknch5RZ
This python utility offers a stable, modular and stealthy exploitation framework targeting Group Policy Objects in Active Directory!
@ScoubiMtl For sure! I have it posted here: https://t.co/sUBRrogulB
Axel Springer says ad blockers threaten their revenue generation model and that using an ad-blocker illegally manipulates the HTML / CSS (and other web components) thus it is infringement of their intellectual property
INSPECT ELEMENT IS ILLEGAL AND FOR NERDS
Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user.
@0xthirteen breaks down the service startup mechanics, plus the protocols and technologies. https://t.co/ipMkE6Mt1r
Turns out my #PHRACK article is live! 🔥
> The Art of PHP — My CTF Journey and Untold Stories!
Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to @0xdea for not forgetting me, @guitmz for the edits, and the @Phrack crew for keeping it real! 🎉
https://t.co/BMCLlHti7q
👀Turns out MS-EVEN can do a lot more than NULL auth:
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
Got my hands on a stream rip of my DEFCON talk. If you want to see a live demo of #chromealone - check out the talk - https://t.co/GK4s0PuZrk. It covers how to turn Chrome into a Cobalt Strike style C2 along with tips for obfuscation. #malware #redteam #webassembly #chromium
Xbow raised $117M to build AI hacker agents, in @AliasRobotics open-sourced it and made it completely free.
Github: https://t.co/0LhmFhD9bT
Paper: https://t.co/UEUtCUefru
gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: https://t.co/sHgmiOrPCV
It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.
An infostealer that runs in the browser? Kinda.
In our latest research, we explore how Chromium File System APIs can be abused to exfiltrate mapped network drives with a single drag-and-drop.
Blog: https://t.co/CG4bU7MSdH
So you want to rapidly run a BOF? Let's look at this 'cli4bofs' thing then
https://t.co/5elxrenpIr
A tool to transform Chromium browsers into a C2 Implant https://t.co/vuCfIpC3JT
Last Seen Users on Sotwe
Kara baby
Seen from United Kingdom
The one and only "KIWKIW" 
Seen from Thailand
Dick _master 23
Seen from Singapore
Türk ifşa(liselianaL)
Seen from Turkey
Hena
Seen from Pakistan
sex Every day.
Seen from Thailand
Stoute Tannie
Seen from South Africa
Phim Gây Việt
Seen from Vietnam
شـيـمـيــلـز الـعــرب 🏳️⚧️❤️🔥
Junior Tarzan
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers