Olivia
Online
Robin Granberg
@ipcdollar1
Works @ Semperis, Tweets are my own. Blog: Project:
Joined September 2011
297 Following
299 Followers
401 Posts
Regarding Active Directory permissions, most people assume that a Deny ACE always wins. It doesn't!
Windows stops the access check the moment enough rights are granted — any ACE after that point is never evaluated.
New post: https://t.co/aNYAd6tlxz
The .NET ActiveDirectorySecurity API was built for helpdesk scripts, not ACL fidelity.
If you're using it for backup, migration, or exact cloning — you're going to have a bad time. New post: the 9 design problems you need to know. https://t.co/OWOAcVbMnH
A tool you would use when you cant use BH :P
https://t.co/TBbjybdX85
Remember the CredMarshalInfo trick? If you hadn’t applied the June 2025 patch, CVE-2025-33073 would have been critical. We know that in NTLM local auth, msg 3 is empty:You can drop sign/seal -> from Domain User to DomainAdmin escalation. 😅
M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: https://t.co/zoN2fX6Hsc
A short and light post on one of my favorite topics: spotting and exploiting GPO misconfigurations, nothing too technical, just the basics! 😅 https://t.co/lbspKs5f9c
@decoder_it You’re worth more… You’re awesome and I’m grateful to be working side by side with you 🙌
Is Kerberos relaying so limited? I'd say no, thanks to @tiraniddo CredMarshalTargetInfo trick. In this case, I'm relaying SMB to HTTP (ADCS) with a modified version of @cube0x0 krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;)
🤫 The part I’m most excited about with my #BHUSA talk is secretly teaching everyone about identity components of #Entra multi-tenant applications and service principals. 🤓
If that sounds boring, pretend you didn’t read this.
#BlackHat2024 #infosec #EntraID #foreshadowing
Are you also on a conf bridge in the middle of the night dealing with Crowdstrike's bullshit?
Utmärkt inlägg av Staffan Dahllöf (@StaffaniDK) på @SvDDebatt om regeringens massövervakningsförespråkande.
https://t.co/qM4YuFDaIf
#ChatControl #GoingDark #svpol #eupol
Detecting Lateral Movement in Entra ID 😍
Threat actors can perform tenant-to-tenant lateral movement by abusing Cross Tenant Synchronisation.
Full blog 👇
https://t.co/r8RF9XLIS8
You can detect lateral movement from specific logons abusing this feature in Entra ID 😝
This blog covers:
> Attack methodology
> Detection methodology
Just published a short blog post on abusing the SeRelabelPrivilege ;) https://t.co/4otLkOXH7B
I have written a new blog post about Entra ID PIM and how Sensitive Actions are supposed to protect privileged objects. But there is a situation you need to be aware of when working with PIM.
https://t.co/SV6j65WPMB
#EntraID #Cybersecurity #PIM #PrivilegeIdentityManagement
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers