Olivia
Online
Daniel Heinsen
@hotnops
doin thangs @specterops
San Diego, CA
Joined March 2020
315 Following
1.2K Followers
277 Posts
Pinned Tweet
Pasting API keys in an LLM makes me feel kinda gross, so I created agentcordon. It's an agentic key vault that's:
✅Agent agnostic
✅Cedar policies for clear authorization
✅Fully auditable
✅Remote MCP Support
https://t.co/Gu1ZWYu3rm
Pasting API keys in an LLM makes me feel kinda gross, so I created agentcordon. It's an agentic key vault that's:
✅Agent agnostic
✅Cedar policies for clear authorization
✅Fully auditable
✅Remote MCP Support
Who to follow
HEY EVERYONE. THE BLOG POST IS OUT.
I put an LLM in an AMSI provider and some cool stuff came out. Really excited to finally have this released.
The Azure AD Broker plays a key role in Entra ID sign-in & token handling, but how well do we really understand it?
@winternl_t unpacks its on-disk cache, how to decode it, & the security implications. 🔐 https://t.co/eC86G7QFzy
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more ⤵️ https://t.co/mYPHg1mTKj
I feel like @YuG0rd's briefly mentioned new dMSA account takeover mechanism in his last blog didn't get enough attention. A new account takeover mechanism is on the horizon. I wrote a blog detailing it, releasing with a new BOF I wrote called BadTakeover
https://t.co/fyUkDYKAeP
WSFC misconfigurations can turn your domain into one big fustercluck. I'm sharing fustercluck today as part of my #BHUSA presentation. The README summarizes the issues and a detailed blog is coming soon. https://t.co/JJ4gNVV0WO
MSSQLHound leverages BloodHound's OpenGraph to visualize MSSQL attack paths with 7 new nodes & 37 new edges, all without touching the SharpHound & BloodHound codebases.
@_Mayyhem unpacks this new feature in his blog post. 👇 https://t.co/ZvZt45UrOa
The best creds are the ones you simply ask for =)
https://t.co/rKyYylLC01
@cnotin Medium post updated, thank you!
This post goes more into Entra Connect tradecraft and how partially synced objects can be hijacked for cross domain attacks.
https://t.co/fRfdfhXKhb
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
i'm on the internet this week. head over to https://t.co/ToS2K9CitP to hear me talk about tokens and conditional access
A new fun way to set shadow credentials
https://t.co/RvkQRa9aNV
Want to move laterally from C2 on an Intune admin's workstation to any Intune-enrolled device? Check out Maestro (https://t.co/u6BPKhlEnK), a new(ish) tool I wrote for those situations, and this blog post to walk you through how: https://t.co/Sibp8uhzSa
my workshop tomorrow in a nutshell
Don't miss our next webinar w/ @hotnops, which will showcase how Apeman can quickly identify Attack Paths by solving AWS CTF challenges. Each challenge will highlight a common misconfiguration & how Apeman can help identify them.
Register today ▶️ https://t.co/Tz4nN0LWWQ
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers