Olivia
Online
XiaoliChan
@Memory_before
Hey👋 , XiaoliChan is here
Joined January 2017
459 Following
306 Followers
1.1K Posts
我以为是什么黑灰路径
想了想我的助理也不干这个事儿啊…
点开一看,我去真的打开新世界
Ghost Bits is a brilliant research: https://t.co/gA5vPZGWf0
Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path traversal caused by Ghost Bits: https://t.co/yWmAvEV3cW
This issue exists in spring-boot-starter-jetty <= 3.2.4 with zero configuration
So here is new local privilege escalation zero-day I discovered, not patched yet too :).
In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint.
Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client.
In the white paper below, I describe five exploit paths you can abuse.
However it's architecture problem and maybe there are more. It's Not A Potato
https://t.co/DOfRFgYqI9
Advanced Active Directory to Entra ID Lateral Movement Techniques, by @_dirkjan
https://t.co/IYDBdsdEHh
Who to follow
Kleiton Kurti
@kleiton0x7e
A web security guy, Red Team Enthusiast and wannabe Malware Developer. Opinions and views are my own.
Soumyani1
@reveng007
Red mind. Blue mission. Turning attack tradecraft into detections | CRTO | CRTP | @BlackHatEvents 2024 Arsenal, @WWHackinFest 2024 Presenter and @BSidesSG 2023
Furkan Göksel
@R0h1rr1m
Staff Red Team Engineer @PicusSecurity
Your EDR just coerced itself. 🫠
Drop a crafted LNK → MsSense.exe makes a CreateFile call → machine account hands over its Net-NTLMv2 hash over WebDAV → relay to LDAP → Shadow Credentials or RBCD.
No user interaction. No exotic exploit. Just vibes and a shortcut file.
If you're running Microsoft Defender for Endpoint, this one is literally about you. 👀
Full attack + detection breakdown 👇 https://t.co/wUsR1cHuZP
#purpleteam #MDE #NTLMcoercion #detectionengineering
Our latest post on the blog details a Windows EoP courtesy of @filip_dragovic... "Total Recall – Retracing Your Steps Back to NT AUTHORITY\SYSTEM" - https://t.co/zpk744Jeit
Stuck Without Coercion options? Why not just Coerce MDE? https://t.co/527byZfAjZ
Forgot to post it, but the recording of my Black Hat talk was released last week. If you're interested in all the hybrid AD attack surface you never knew about, give it a watch: https://t.co/EraL3TPuOB
The Windows Defender engine is doing *a lot* behind the scenes. More than you may realize.
https://t.co/vGKb6Rbm1A
Advanced Active Directory to Entra ID Lateral Movement Techniques, by @_dirkjan
https://t.co/IYDBdsdEHh
SMB alternative ports
https://t.co/sYMSZ4HNZw
Dropping a new article.
It's about a new local privilege escalation technique that becomes viable when a writable system path is present. Yet another technique.
It uses Windows Audio for escalation and doesn't require system reboots.
https://t.co/sw9t5RKoMO
@decoder_it Great work, bro!
Lots of recent posts on NTLM reflection → AD compromise.
To be clear: real fix is CVE-2025-54918, not CVE-2025-33073.
Until Oct 2025, any user could own a 2025 domain if DCs ran Print Spooler. https://t.co/6098AHxhYM
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here:
https://t.co/KnuLXeNLUc
🙃
SCCM admins: review your roles.
MSSQL admins: review ALTER ANY LOGIN exposure.
@_Mayyhem details CVE-2025-47179 & CVE-2025-49758 and how these escalations can be identified through graph analysis.
Check out his blog post for more! https://t.co/M2q6TeMGh1
NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched
https://t.co/mnN8AI7jTQ
Spent some time porting DumpGuard to C as a BOF. Abuses Remote Credential Guard to pull NTLMv1 hashes without going near LSASS or needing admin.
Shoutout to @bytewreck for the original research.
https://t.co/FfibA3bwCu
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services. In our new blog, @freefirex2 breaks down the types of service triggers that exist and how they can be activated with little to no code required. https://t.co/C2va5umFR7
Last Seen Users on Sotwe
türk ünlü ve fenomen ifşa
Seen from Turkey
SergeantSilverFox
Seen from Brazil
⚠️⚠️‼️18+ NSFW PORN SYNDICATE⚠️⚠️‼️ BBW
Seen from Turkey
Giodinapoli💙🤍🦋🌈🦄🤘🦁
Seen from Spain
fart sub
Seen from Brazil
David dos Santos
Seen from United States
Jameel khan
Seen from France
희진
Seen from Korea
SANGEEEAN
Seen from Netherlands
Hardcore_X_
Seen from Germany
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers