Olivia
Online
kl_secservices
@kl_secservices
Kaspersky Lab Security Services team
Joined January 2018
1 Following
439 Followers
39 Posts
Pinned Tweet
We know it’s been a while since our last post.
But we’re back, with great news!
We’re launching our blog, “Purpleshift,” featuring interesting articles, talks, and research for both blue and red teams.
Yeah that’s why it’s purple :)
https://t.co/h8kQbJwUsM
Recently, there was a vulnerability in the Windows Snipping Tool that allowed user NTLM hashes to leak. For detection, monitor the launching of SnippingTool.exe with the filePath parameter that starts with '\\' or its URL-encoded version.
Read more
https://t.co/WLWaH7CRHG
In this blog post, we continue our story about discovering a misconfigured Kubernetes cluster during a pentest engagement conducted by our colleague @irabva , which eventually led to access to internal source code repositories.
https://t.co/SHdN70CkxP
New NTLM audit policies and events in Windows 11 24H2 / Windows Server 2025 can help detect coercion attacks and analyze unusual NTLM authentication behavior.
In the screenshot below, there is an example of a coercing attack
Read more here:
https://t.co/rmMDpwMh9b
Can local LLMs really perform pentesting effectively?
Our colleague @ahmed_khlief benchmarked local LLMs (GLM, Qwen, GPT-OSS, Gemma) against a vulnerable web app using MCP tools, no RAG or internet access.
See the top-performing models and key findings:
https://t.co/VbqPq8w9eK
CopyFail (CVE-2026-31431) allows local privilege escalation to root in all major Linux distributions. The vulnerability gives an attacker the ability to modify the cache of any readable file. Check here what you should do
https://t.co/icKFfh0nlL
AI agents like OpenClaw are becoming more common.
Our colleagues and @Black2Fan analyzed it and found a way to get remote command execution.
Read more here:
https://t.co/RDpmBcLS4A
Gained initial access to a company network… but what next?
In this real pentest project our colleague @irabva shows how Kubernetes misconfigurations led to full cluster access and exposed S3 data.
If you work with K8s, read this
https://t.co/n2bQyrovOL
Our colleague @haider_kabibo has discovered a flow in MSRPC that introduces a new technique for privilege escalation in processes with SeImpersonatePrivilege.
Read More:
https://t.co/58PW5zhiT9
All information you need about attacking System Center Configuration Manager (SCCM) and the best detection mechanisms can be found in our colleague @Gam4enko’s talk:
“C2 by Microsoft: What Can Go Wrong If SCCM Ends Up in the Wrong Hands.”
https://t.co/yMEAww3RmN
If you're interested in wireless network penetration testing, you may encounter 802.11r (Fast BSS Transition) used for fast roaming.
There’s no Hashcat module for its hashes, but our colleague @0xc0rs recently published one.
Find more .
https://t.co/0bkqVlmVwB
Sharing highlights from incident response cases in 2022 by @AymanShaaban in https://t.co/tucLfsT5JQ. You can get the slides https://t.co/gbPPvQBhWs and the analyst report https://t.co/AqDRWAY3pz #dfir #incidentresponse
Significant raise in vulnerability exploitation as initial access vector. Analysis of incident response practice in @AymanShaaban webinar https://t.co/2YizTVQsiX and analyst report https://t.co/SVwAw7AUSw #dfir #incidentresponse #threathunting
Evasion and detection in CLR https://t.co/87e6696q3D by @Gam4enko with PoC https://t.co/nBxfCBrsfz #threathunting #dfir
Analyst report for IR cases from 2020 is available https://t.co/y5lw5vre3J #DFIR #incidentresponse #threathunting
Dive into #blueteam metrics and adversarial TTPs from our #MDR #threathunting operations https://t.co/jPYsAGMcAX. More details https://t.co/FZc3UihM6Q
#POS terminal and #verix security research will be presented by @zero_wf on #TheStandoff in a couple of minutes.
Catch up with the stream https://t.co/V7qZIA7R5N and full slide deck https://t.co/pzlhC7827T
Greetings from speakers )
Talk by @epotseluevskaya, @_moradek_ , @alender911 on #defcon @ICS_Village https://t.co/7Ea6BAem44. Actually this is "we don't need backup, so don't bother" recording as they were not able to connect due to technical issues. Anyway, get loot here https://t.co/bO3KJQqT0O
Alexander Korotin, Radu Motspan, and Evgeniya Potseluevskaya of @kl_secservices will be speaking at #defcon28 @ICS_Village today 3:30-4:30 ET on the insecure nature of turbine control systems in power generation
Join the talk on YouTube:
https://t.co/3OQ2dp7ncW
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers