Olivia
Online
ghostinthehive2027
@ghostinthehive
Genuine🏹| Been to so many scary places..
Malware Research and Detection | Offensive Capabilities Engineer | #Women_Of_Suricata | Surreal haikos and scribbles
🕳️
Joined April 2014
188 Following
509 Followers
884 Posts
Pinned Tweet
Once you know, you know .. and with that comes a lot of change and wisdom.
I am back to posting to https://t.co/V6g7G4R6rd in my free time (which I have again). I plan on adding new content relating to Active Directory & Azure AD (now Entra ID).
First up is "Entra & Azure Managed Access Revisited". This article expands on one I wrote years ago about how to jump from Azure AD/Entra ID to Azure. This new article covers managing Elevated Access as well as logging.
https://t.co/wHxlRKTo2J
Enjoy!
Fantastic Rootkits and Where to Find Them.
Case Study #1: APT29 Brute Ratel C4 Campaign Drops “Husky” Rootkit
Case Study #2: Mingloa (CopperStealer) Rootkit
https://t.co/nyQYNn3zQd
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment.
Your own hands-on Entra lab for identity attack simulation.
Built for red teams, blue teams and identity nerds.
Check it out here👉https://t.co/5qlXQiSYHS
Who to follow
Ivan Kwiatkowski
@JusticeRage
Security at a Big Tech company. Maintainer of Manalyze, Gepetto, and writer.
Trolling on a purely personal capacity.
Jan 'Duchy' Neduchal
@DuchyRE
Stuff at @sentinelone. Ex @vxunderground staff. Opinions are my own and not of my employer.
Xeno Kovah
@XenoKovah
Interested in reverse engineering, firmware, bluetooth, trusted computing, and training. Founder of OpenSecurityTraining2 https://t.co/slK2fsMRwU
It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates.
Also includes ESC1 over Intune (in some cases).
https://t.co/Dm1x9ORW7Q
Oh, and a new tool for SCEP: https://t.co/mm9ASrBUKp
In this blog post I explain the fundamental building blocks, vocabulary, and principles of attack graph design for BloodHound: https://t.co/yzho0OpqXA
💥 CERT-UA published a report on a malware powered by an LLM.
The malware uses Qwen 2.5-Coder-32B-Instruct via the HuggingFace API to generate and execute commands on infected systems.
It is a Python script that embeds prompts to dynamically craft Windows reconnaissance commands. The generated commands are executed on the fly and the result stored in C:\Programdata\info\.
This is a very interesting use case and you can leverage NOVA for prompt pattern detection.
So here are 2 NOVA rules to detect and match those embedded prompts 👇
➡️ Report: https://t.co/hRhgU74Vgo
In our latest webinar we proudly presented Sentry Respond - FalconForce’s cloud native automation platform for high maturity SOCs - to the world! You can watch the webinar recording and download the slides from our website: https://t.co/vHL1idMV6c
TrustedSec | Hiding in the Shadows: Covert Tunnels via QEMU… https://t.co/yNowSlYVdt
Hi, I just released this python-version of @CICADA8Research's nice RemoteKrbRelay-tool.
It is based on @_dirkjan's KrbRelayx and @sploutchy's https://t.co/sLJiDOZjPQ and https://t.co/SjvgbFz7WX.
Please check it out:
https://t.co/LWtuRyVoue
built a tiny fingerprint-aware reverse proxy (on top of fingerproxy)—logs JA3, JA4, and JA4H fingerprints, and lets you ⛔️ block or ↪️ route traffic based on them. great for honeypots or bot filtering, better for fun! can release if it’s useful to anyone.
Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components
https://t.co/YMuB2BjIOi
My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64:
https://t.co/5xASMMNAEk
Centralized resource for listing and organizing known injection techniques and POCs: //#ProcessInjection
Me when I read Connor’s blogs 🤣
Ten years and this always gives me the chills. My favorite musée.
https://t.co/3c46Jzqj5z
Can we slow down please, sometime it's so hard to cope up with this type of life.
Understanding Windows DKOM(Direct Kernel Object Manipulation) techniques
https://t.co/KaZHkLQ8fF
New Blog Post: PowerShell Exploits – Modern APTs and Their Malicious Scripting Tactics
I’ve just published a new blog where I explore how PowerShell is used in red team operations, especially by advanced persistent threats (APTs), with a focus on evasion.
In the blog, you’ll find:
- A detailed explanation of AMSI (Antimalware Scan Interface) and how to bypass it with PowerShell
- How we can abuse .NET to run PowerShell commands without PowerShell and without getting detected, and how this works
- Methods of AMSI memory patching in C with many practical examples and effective public tools like Invoke-Obfuscation
- How APTs create their own methods to avoid detection by security tools with practical, effective demonstrations
- Practical examples of underused techniques like CLSID hijacking and exploiting lesser-known LOLBins
- Introducing PowerLoad3r: An advanced, evasive malicious PowerShell script loader.
Read it from here -> https://t.co/wG8qzPhswm
"All the techniques and tests are done against Kaspersky EDR, so you’ll get real-world demos :)"
A special shoutout to @0xNinjaCyclone for inspiration.
#redteam #evasion
Last Seen Users on Sotwe
اعــتــرافــات &وقــصص حـقـيـقـية🔥🔥
Seen from Saudi Arabia
سكــرانة
Seen from Saudi Arabia
kaumhawa.ai
Seen from United States
Archiving
Seen from Japan
SintaSayannk
Seen from United States
bunda dewi
Seen from United States
Joda top
Seen from Turkey
Marihotwife04
Seen from Singapore
ชอบชายแท้
🐽 Emma's cuck | 80k ♠️ 
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers