Olivia
Online
Manish Kishan Tanwar
@IndiShell1046
SQL Injection fan
Develop vulnerable labs and web shells in spare time
IndiShell Lab
Joined May 2016
536 Following
2.2K Followers
5.1K Posts
Pinned Tweet
Everyone was saying RFI is dead in PHP applications (including me).
Today, I got a way to perform RFI even if remote URL inclusion is disabled.
I blogged about it 😄
SMB is loaded with awesomeness \m/
https://t.co/1LDu6ouUTI
The Internet is falling down, falling down, falling down
Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940
Enjoy with us..
https://t.co/bOzCPy8iS1
‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017.
Website: https://t.co/f5G6KnEv35
Write-up: https://t.co/W86Pz2PC6C
GitHub: https://t.co/zAMTC6nTRk
It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su.
Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise.
Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.
Who to follow
Soroush Dalili 
@irsdl
Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
kmkz
@kmkz_security
Bourbon Offensive Security Services | BOSS
Nikhil Mittal
@nikhil_mitt
Hacker, Infosec Researcher, Military Affairs & History, PowerShell, AD and Azure pwner, Creator of Nishang and others :)
Founder @alteredsecurity
GoodBoy Framework — Malware Dev + Detection (Rust) 🧠⚔️
��� 15-stage Windows malware course (Rust)
• Loader → full C2 agent
• Red + Blue perspective (build, detect, bypass)
• Real AV evasion data (76 engines tested)
• Covers: API hashing, syscalls, injection, anti-debug, persistence, C2
Each stage = new technique + detection + counter-detection
This isn’t theory — it’s how the arms race actually works.
🔗 https://t.co/P7GSInlOWg
#MalwareDev #ReverseEngineering #RedTeam #BlueTeam #ThreatIntel #CyberSecurity
#CVE-2026-40466 is a bypass of CVE-2026-34197 in Apache ActiveMQ, exploiting the vm:// protocol to achieve Remote Code Execution
In our latest post, researcher @craigsblackie documents attacks against the Dell UEFI firmware that enable DMA attacks against TPM-only bitlockered devices https://t.co/b835C7rlW4
@IAMERICAbooted Mam, you talk about interesting Azure stuff, and I like Azure + AAD 😃🙌 that's it
Hacky Christmas to all, see you in 2025 🎄🎅
Better late than never, but I gave a talk called "LOL: The Fun(ny) Things About LOLBINs..." at the @USCyberGames kickoff last summer. I talk about real world impact, some common use cases, and (yet another) discovery methodology for finding these things.
https://t.co/BGTDDNuJ2d
In AD CS exploitation series, here comes Manual exploitation of AD CS ESC1 vulnerable certificate template using Windows certreq binary:
https://t.co/CWwbJzqrhk
Certi-Bhai PowerShell scripts to exploit AD CS ESC2 and ESC3 vulnerable certificate templates.
ESC2.ps1: https://t.co/Oyo2UmHWUw
ESC3.ps1: https://t.co/3O46Pyo8Co
Demo video: https://t.co/OhS1NupQ9r
Special thanks to Dominic sir for his valuable guidance 🙏 , Konstantin bhai ji 😍 for PowerShell script Idea, Karan & MANOJ for being my partner in crime and SpecterOps for Amazing AD CS exploitation research 🙏
I am releasing a PowerShell script that can exploit the Windows AD CS ESC1 vulnerable certificate template:
--==[[ Certi-bhai ]]==--
Script Code: https://t.co/SHjxxW0wy3
Demo video: https://t.co/g2HTHJVOtE
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here:
https://t.co/KnuLXeNLUc
🙃
--==[[ Privilege escalation from IIS defaultAppPool to NT Authority/SYSTEM without *potato exploit ]]==--
Last year, I chained NTLM relay and AD CS web enrollment endpoint to perform privilege escalation from IIS virtual account to NT Authority/SYSTEM
https://t.co/oQtmRuL0EJ
@bohops @d_tranman I believe you have only just begun, bhai ji, and we have yet to see your prime 😃🙌
@d_tranman 🤣🙌 A sweet lie indeed
I think now it is like this, "My bad work habits increased by 1000x when I got a supporting senior 😍🙌😝" (Trying to hide this comment from Jimmy bhai ji 🤣)
Last month, @d_tranman and I gave a talk @MCTTP_Con called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft.
Check out the slides here: https://t.co/1KNln1ldzF
Recording should be released soon.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers
✨
⭐
💫