Sotwe logo Sotwe logo
dafthack's profile banner image
dafthack's profile image

Beau Bullock

Verified account

@dafthack

Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH
Florida, USA
Joined January 2013
645 Following
18.4K Followers
4.2K Posts
 Pinned Tweet
dafthack's profile image
Beau Bullock Verified account @dafthack
I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: https://t.co/MmQZkenODe
dafthack's tweet photo. I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: https://t.co/MmQZkenODe
3
103
17
72
7K
dafthack  retweeted
BSidesTampa's profile image
BSides Tampa IT Security Conference @BSidesTampa
2026 BSides Tampa *Unlucky 13* Session Announcement 12pm-1pm | Augmented Cloud Hacking with AI Workflows by Beau Bullock If you haven't already, be sure to get your tickets here: https://t.co/YBotHucOgO #BSidesTampa2026 #Unlucky13BSides #InfoSecCommunity #Cybersecurity
BSidesTampa's tweet photo. 2026 BSides Tampa *Unlucky 13* Session Announcement 12pm-1pm | Augmented Cloud Hacking with AI Workflows by Beau Bullock If you haven't already, be sure to get your tickets here: https://t.co/YBotHucOgO #BSidesTampa2026 #Unlucky13BSides #InfoSecCommunity #Cybersecurity https://t.co/hl6MuxondA
1
7
2
0
516
dafthack  retweeted
dafthack's profile image
Beau Bullock Verified account @dafthack
I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: https://t.co/MmQZkenODe
dafthack's tweet photo. I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: https://t.co/MmQZkenODe
3
103
17
72
7K
dafthack  retweeted
AnthropicAI's profile image
Anthropic Verified account @AnthropicAI
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. https://t.co/NQ7IfEtYk7
2K
44K
7K
16K
31M

Who to follow

BHinfoSecurity's profile image
Black Hills Information Security Verified account
@BHinfoSecurity
Specializing in pen testing, red teaming, and Active SOC. We share our knowledge through blogs, webcasts, open-source tools, and Backdoors & Breaches game.
harmj0y's profile image
Will Schroeder
@harmj0y
Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
curi0usJack's profile image
Jason Lang Verified account
@curi0usJack
@TrustedSec Red Team lead | Hi-Fidelity trolling | Liberty/Privacy Enthusiast | Linux | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
dafthack  retweeted
xaitax's profile image
Alex Verified account @xaitax
So Microsoft Copilot has its own App-Bound Encryption now. The standalone Copilot app (mscopilot.exe) is a full Chromium browser based on Edge, ships with its own elevation_service.exe, a dedicated COM interface (IElevatorCopilot), and a separate ABE key scope. Decrypting the ABE key gives us some cookies (https://t.co/jDTRHwilyP auth, MUID, MSAL session, Cloudflare tokens) and the Microsoft Account token from the token_service database. Local Storage also holds MSAL.js cached tokens. An ID token, two access tokens (chatai.readwrite for the Copilot API + https://t.co/Zgut26Y35L for Microsoft Graph), and account metadata for the signed-in MSA. These use MSAL's own browser-bound CryptoKey encryption, not ABE. Edge 147 also quietly hardened IElevator2 by switching from oleaut32 to a custom proxy/stub but simultaneously registered IElevatorCopilot with oleautomation. Closed one door, opened another. Next up: decrypting the MSAL tokens? 🤔
xaitax's tweet photo. So Microsoft Copilot has its own App-Bound Encryption now. The standalone Copilot app (mscopilot.exe) is a full Chromium browser based on Edge, ships with its own elevation_service.exe, a dedicated COM interface (IElevatorCopilot), and a separate ABE key scope. Decrypting the ABE key gives us some cookies (https://t.co/jDTRHwilyP auth, MUID, MSAL session, Cloudflare tokens) and the Microsoft Account token from the token_service database. Local Storage also holds MSAL.js cached tokens. An ID token, two access tokens (chatai.readwrite for the Copilot API + https://t.co/Zgut26Y35L for Microsoft Graph), and account metadata for the signed-in MSA. These use MSAL's own browser-bound CryptoKey encryption, not ABE. Edge 147 also quietly hardened IElevator2 by switching from oleaut32 to a custom proxy/stub but simultaneously registered IElevatorCopilot with oleautomation. Closed one door, opened another. Next up: decrypting the MSAL tokens? 🤔
8
235
59
158
21K
dafthack  retweeted
IntCyberDigest's profile image
International Cyber Digest Verified account @IntCyberDigest
🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack. The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames.
IntCyberDigest's tweet photo. 🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack. The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames. https://t.co/8E1w2U0irS
63
3K
536
909
708K
dafthack  retweeted
hnykda's profile image
Daniel Hnyk @hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
308
9K
2K
3K
6M
dafthack's profile image
Beau Bullock Verified account @dafthack
@passthehashbrwn @_subTee
0
5
0
0
116
dafthack's profile image
Beau Bullock Verified account @dafthack
@_subTee Thanks so much for the kind words Casey! I hope you are doing well man!
0
2
0
0
208
dafthack  retweeted
_dirkjan's profile image
Dirk-jan @_dirkjan
Next week at @WWHackinFest I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀
_dirkjan's tweet photo. Next week at @WWHackinFest I'll present a major update to roadrecon, with some awesome features I wanted to add for a while! Friday 9am in track 1 for those attending 😀 https://t.co/q7WiYvFCQq
2
149
30
23
11K
dafthack  retweeted
GrahamHelton3's profile image
Graham Helton (too much for zblock) @GrahamHelton3
Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.
GrahamHelton3's tweet photo. Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched. https://t.co/MQky20uamu
47
3K
374
2K
414K
dafthack  retweeted
nyxgeek's profile image
nyxgeek Verified account @nyxgeek
Here's a video PoC for Azure Entra ID SignIn Log Bypass in action. I had to make it to help MSRC replicate it (lol). You'll see how simple this bypass was. No worries admins, Microsoft says that it was only a "Moderate" issue.
12
416
67
320
42K
dafthack  retweeted
byt3bl33d3r's profile image
Marcello Verified account @byt3bl33d3r
“Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models” One day we might be hiring literature majors in cybersecurity. https://t.co/ddHhfkYYmh
1
19
5
3
2K
dafthack  retweeted
WWHackinFest's profile image
Wild West Hackin' Fest @WWHackinFest
Join @dafthack for his precon training class, "Breaching the Cloud," at Wild West Hackin' Fest - Mile High 2026! Don't ya go missin' it, grab yer tickets to the con today! https://t.co/QLA9JGyq6Q
WWHackinFest's tweet photo. Join @dafthack for his precon training class, "Breaching the Cloud," at Wild West Hackin' Fest - Mile High 2026! Don't ya go missin' it, grab yer tickets to the con today! https://t.co/QLA9JGyq6Q https://t.co/nXCs78heni
0
6
4
1
1K
dafthack  retweeted
_dirkjan's profile image
Dirk-jan @_dirkjan
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
138
3K
902
1K
475K
dafthack's profile image
Beau Bullock Verified account @dafthack
Want to learn how modern attackers hack cloud infrastructure like Azure and AWS? In two weeks (9/23 & 9/24) I'm teaching Breaching the Cloud live and fully remote. Register here: https://t.co/tOxnQRPKqs @Antisy_Training
0
15
3
13
2K
dafthack  retweeted
dafthack's profile image
Beau Bullock Verified account @dafthack
Two opportunities to take my Breaching the Cloud course live are coming up soon. If you want to learn how to hack cloud environments like Azure and AWS this is the course for you. Sep. 23 & 24 - Fully remote and live Oct. 7 & 8 - In-person only at @WWHackinFest Register here: https://t.co/8UhqpDU6G5
dafthack's tweet photo. Two opportunities to take my Breaching the Cloud course live are coming up soon. If you want to learn how to hack cloud environments like Azure and AWS this is the course for you. Sep. 23 & 24 - Fully remote and live Oct. 7 & 8 - In-person only at @WWHackinFest Register here: https://t.co/8UhqpDU6G5
2
34
12
8
4K
dafthack's profile image
Beau Bullock Verified account @dafthack
@Badgerops @stokfredrik Ha! Yeah that was quite the surprise! Awesome to meet you too! 🤘
0
2
0
0
140
dafthack  retweeted
Icemoonhsv's profile image
Hope Walker @Icemoonhsv
Check out my new blog on nested app authentication and brokered authentication.
2
42
17
17
13K
dafthack  retweeted
mrgretzky's profile image
Kuba Gretzky Verified account @mrgretzky
FIDO downgrades are still possible, in reverse proxy phishing attacks, if you manage to convince the server that your device does not support strong MFA. 🪝🐟 Research from @proofpoint: https://t.co/zRTqV27CgB
2
86
28
32
13K

Last Seen Users on Sotwe

IKeson52's profile image
I Keson
Seen from Thailand
UDSex52's profile image
Uoo
Seen from United Arab Emirates
ccassiee277's profile image
cassie
Seen from United States
pelerrrrrrr12's profile image
gabut su
Seen from Indonesia
bnwo_france's profile image
BNWO FRANCE 🇨🇵 Verified account
Seen from Turkey
HSdamduc's profile image
HỌC SINH DÂM
Seen from Vietnam
lekbagongnih's profile image
Lae
Seen from Netherlands
DiChatr18037's profile image
นัดเยสสุราษฏร์ฯ
Seen from Thailand
Maeylinm's profile image
maeylin เหมยหลิน
Seen from Thailand
MUDAxSarawak's profile image
Parti MUDA Sarawak
Seen from Malaysia

Trends for you

1
Knicks
Under 10K tweets
2
Josh Hart
Under 10K tweets
3
#loveislandusa
Under 10K tweets
4
ORM VEGGIE POPUP ICONSIAM
Under 10K tweets
5
#AEWDynamite
Under 10K tweets
6
Scott Foster
Under 10K tweets
7
#82and0
Under 10K tweets
8
Betrayed
Under 10K tweets
9
Hop Sing
Under 10K tweets
10
Shamet
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.1M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
108.8M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
106.9M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.2M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.5M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
86.7M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.5M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.1M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.3M followers
youtube's profile image
13
YouTube Verified account
@youtube
68.6M followers
imvkohli's profile image
14
Virat Kohli Verified account
@imvkohli
68.4M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.4M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
60.9M followers
x's profile image
19
X Verified account
@x
60.9M followers
cnnbrk's profile image
20
CNN Breaking News Verified account
@cnnbrk
59.9M followers