Olivia
Online
Jack Halon
@jack_halon
Red Team and Offensive R&D at @CrowdStrike | Powered by ☕🍻🍩
Joined October 2016
401 Following
4.9K Followers
3.4K Posts
Pinned Tweet
To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome!
In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463.
Enjoy!
https://t.co/Xhrnh4fqNB
I'm tired of my tools getting sig'd so I built a pipeline to keep our tools alive for longer and bring some classics back.
Post 1 of 3 is live now. The final post will drop our Go/C# -> WASM toolchain. It builds #Sliver, #Chisel, and some of #GhostPack.
https://t.co/yFF65A8MQO
🫡 We’re back.
Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.
Enjoy the journey with us, while you sob into your hands 🫠
https://t.co/fHR6dsaILM
Who to follow
offensivecon 
@offensive_con
OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid
Dark Vortex Founder/Brute Ratel Author
Swissky
@pentest_swissky
RedTeam | Pentest
Author of PayloadsAllTheThings & SSRFmap
https://t.co/w1ZLRqoafG
while we’re eating our best writing crayons and using finger paint to finish our latest research, we’ve decided to take this opportunity to share research from the archives with new followers 🙂
happy Friday… for now 🥹
https://t.co/maUn3dGPoG
(Yes this is not new don’t @ us)
What's new is old, and what's old is new - as is relentlessly proven.
Join us in our analysis of CVE-2026-32746, the recent pre-auth RCE in inteutils' Telnetd
Speak soon.
https://t.co/taD1iltZBB
In 2025, we achieved pre-auth RCE against another solution in a ransomware gang favourite category. Today, we finally click publish.
Join us as we walk through a chain of vulnerabilities we identified in BMC’s FootPrints ITSM solution.
Enjoy!
https://t.co/gtCNb05QHu
We promised we'd be back!
Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE.
This research fuels the watchTowr Platform, our Preemptive Exposure Management technology.
https://t.co/TzNBT1Ghs7
We just published our @rapid7 analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: https://t.co/TexLowi4Lk
We’re releasing our analysis of https://t.co/cAmTrO7mvx, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code.
https://t.co/ykGrHdl6ty
https://t.co/LhEXxeIcnF
I wrote a post on creating "scalable research tooling for agent systems" and I'm also releasing the companion MCP server which lets you do autonomous Frida instrumentation on Android. Details in thread 👇📲🪝
A small rant:
The State of Art in Red Team is whatever you want to believe
https://t.co/ZihtNl8WEF
Someone knows Bash disgustingly well, and we love it.
Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.
This research fuels our technology, enabling our clients to accurately determine their exposure.
https://t.co/BT9c78uuh5
Earlier this month, we reported a zero-day auth. bypass in the SmarterTools SmarterMail email solution.
Someone has reversed the patch (released on 15th Jan) and begun exploiting it in the wild.
Read our analysis and please, ASSUME BREACH + PATCH NOW.
https://t.co/Guz3tfYqgE
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs https://t.co/aK4pysY1wD
TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it.
Code: https://t.co/47xHRObhRy
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
https://t.co/tMhM7OFLBp
And, we're back - analyzing CVE-2025-52691, a pre-auth RCE in SmarterTools SmarterMail mail server solution.
Speak soon (:^)) and enjoy..
https://t.co/G0FNUC9tqK
@HackingLZ The only offsec people who write off TTPs as dead are the ones that don't actually know what they're doing or how EDR works 🤷🏻♂️
A fun little Friday night project porting @AndrewOliveau C# SessionHop code to a BOF. Built off of @tiraniddo session moniker research & @CICADA8Research original IHxHelpPaneServer blog. Enjoy!
https://t.co/QYcsPKaOii
Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions.
Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.
https://t.co/UvsetqL5yj
Last Seen Users on Sotwe
المفتريه
Seen from Algeria
Mom_desire💦
Seen from Italy
Rohman
Seen from United Kingdom
Her telden
Seen from Turkey
Ünlü İfsa 31K
Seen from Germany
analizör
Seen from Turkey
PORNO PAYLAŞIM
Seen from Turkey
incest lover
Seen from Germany
Suka yang di kampung
Seen from United States
AI Hunter
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers