Olivia
Online
@[email protected] (inactive)
@michael_eder_
account inactive, goto mastodon if you want to follow me
Munich
Joined July 2014
574 Following
976 Followers
5.2K Posts
Pinned Tweet
Took me two grok requests to return to default (or at least something that looks like it)
See you over in the sane part of the internet!
Took me two grok requests to return to default (or at least something that looks like it)
See you over in the sane part of the internet!
Who to follow
Roberto Rodriguez 🇵🇪 
@Cyb3rWard0g
AI Security Researcher @nvidia | Prev: @Microsoft @awscloud | Founder of the @OTR_Community
Spiros Fraganastasis
@m3g9tr0n
Team @hashcat! Eternal n00b and knowledge seeker! Age is just a number and motivation is the fuel!
Whatever you do in your life, do not forget to be humble.
Outflank
@OutflankNL
Red Team Tooling & Tradecraft
Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D
Net-NTLMv1 is outdated, insecure, and must go. 🛑
To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment.
Read more: https://t.co/g4gjEAhCiv
NetExec v1.5.0 is now available on kali!
Go ahead and apt update && apt upgrade your system to get all the new features🚀
SCCM attack paths are messy until you can see them. 👀
ConfigManBearPig from @_Mayyhem extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out! https://t.co/1PJZkoxK7E
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
The blog with how to use the rainbow tables for Net-NTLMv1 is finally live!
https://t.co/LjN9y6PHXA
My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created.
https://t.co/NfFotEh7ah
I just released SAMDump, a tool that extracts SAM and SYSTEM files via Volume Shadow Copy (VSS) API with optional exfiltration (local save or network transfer) and XOR obfuscation. Plus, it uses NT APIs for file operations https://t.co/9bBRMGko98
Responder now supports much more LDAP authentications, the LDAP rogue server has been rewritten to support SASL mechanisms.
You'll see a lot of these on your screens :)
New Windows AD Lab "Pirates of the Caribbean" themed lab is live ! 🔥
🔷NTLMv1/RBCD
🔷GMSA & MSSQL Impersonation
🔷Kerberos Delegation
🔷NTDS Forensics
Build on VMware, VirtualBox, or Ludus.
Thanks @mael91620 for the help!
Full treasure here⬇️
https://t.co/CMaLf23P7v
Singularity rootkit now can bypass SELinux enforcing mode without audit logs on ICMP trigger, conntrack/netlink filtering (conntrack, ss, SOCK_DIAG), UDP hiding + setup script
https://t.co/MKRjVgBROo
#linux #rootkits #malware #evasion #antiforensics
We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks.
You can read our blog post here: https://t.co/oOylKB6Rac
2/2🧵
Using ADCS to Attack HTTPS-Enabled WSUS Clients:
@cookieTheft and I have extended the research by @Coontzy1 on WSUS attacks and explored how to leverage misconfigured ADCS templates to gain code execution on HTTPS-enabled WSUS clients.
1/2🧵
Enumerate DNS zones that allow unauthenticated updates using NetExec🔥
Adding or updating DNS entries without authentication can give attackers a huge advantage.
Thanks to @toffyrak such DNS zones can now be enumerated using NetExec🚀
NetExec now extracts even more secrets from the NTDS.dit🚀
With the new --history and --kerberos-keys flags, NetExec will also dump the password history and the AES/DES keys for Kerberos auth from the NTDS.dit🔑
Implemented by @kriyosthearcane, azoxlpf and me.
Dump DPAPI credentials via WinRM with NetExec🔥
A lot of sensitive data is stored in Windows DPAPI, such as the login credentials used in scheduled tasks.
Thanks to tiagomanunes this is now also possible via WinRM!
Dumping juicy secrets from SAM/LSA is always nice right?
I've added an implementation for the --sam and --lsa flags to the MSSQL protocol of NetExec🚀
No need for manual registry hive extraction anymore!
🚨8 months after public disclosure, @RHEL @AlmaLinux @rocky_linux are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
Last Seen Users on Sotwe
Sexy Feet Videos And Pics
Seen from Turkey
🔞Sifiso_B🔞
Seen from United Arab Emirates
Bey_efendi
Seen from Turkey
Stranger Pakistani
Seen from Netherlands
Tg. Fazlina 🫰🏼
Seen from Indonesia
Tae
Seen from Thailand
𝗞𝗢𝗟𝗘𝗞𝗦𝗜 𝗣𝗔𝗧𝗘𝗘𝗘𝗡
Seen from Indonesia
Sissy Videos
Seen from Indonesia
舞蹈之夜网红
Seen from Germany
Black Boy
Seen from Switzerland
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers