Olivia
Online
itsmenaga (💥,💥)
@nagarockshard
Passionate Infosec Guy
Old School Bugbounty
Bengaluru, India
Joined October 2011
1.5K Following
568 Followers
2.6K Posts
You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡
1) Create a clone into a new template of the target VM
2) Download the VMDK file of the template from the storage
3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY
(1/3)
@techspence Run netexec
Let’s make Active Directory security education available to all!
List your favorite Active Directory security resources.
Plz share for reach!
🔥 Super excited to soon present my lifetime project publicly🤩
- 4yrs of R&D + 1y in commercial sale
- Weaponization of 95+ file types
- 140kLOC
- 20+ tools
- 10+ shellcode exec techniques (ts)
- 8 MSI ts
- 20+ LNK ts
- 30+ script/macro ts
⚡ Battle tested, low-profile arsenal
Who to follow
Abhijeth D
@abhijeth
#Appsec, Mentor, Adjunct Lecturer, #Telugu, #bugbounty #TFI #puns #poly. No free bugs only free hugs. Tweets are my own and don't reflect my employer.
yappare
@yappare
حَسْبُنَا اللَّهُ وَنِعْمَ الْوَكِيْلُ نِعْمَ الْمَوْلَى وَنِعْمَ النَّصِيْرُ
Splint3r7 
@Splint3r7
Hacker & Bug Bounty Hunter | BlackHat MEA 3x Speaker // 🔈 MCTTP, DeepSec, SaScon + 15 more
@elonmusk Once come to
Old city Hyderabad
💥 ANNOUNCEMENT: Opik v1.0 is released! 💥
Opik is an open source LLM evaluation framework for:
🔥 Implementing LLM-based metrics
🪲 Logging/debugging LLM traces
💯 Scoring, annotating, and versioning LLM data
And so much more. Check out the repo below.
@Eternaldharma_ Jai shree Ram
⚡ 6000+ Private Nuclei Templates ⚡
✅Download Now - https://t.co/byfX28QFee
#bugbounty #bugbountytips #ethicalhacking #infosec #CyberSecurity
1-Subdomainer(contain sudfinder,amass whois mode,amass passive mode,crt/.sh,GitHub,gobuster,knockpy,)
2-chaos(Archived Data)
3-frogy(wayback,bbot,subfinder,findomain,https://t.co/4G5kTvUESf)
4-assetfinder (certspotter,hackertarget,threatcrowd,wayback ,bufferover,facebook)
If you have access to #jenkins dashboard
use below Script Console cmd for poc
```
def passwdFile = new File("/etc/passwd")
println passwdFile.text
```
#P1 #bugbountytips #bugbounty
Made a new tool for a test I was doing. Decided to share with everyone, added it to my toolbox, for sure. It's like having X-ray vision into JS files.
Crazy, some of the endpoints it pulled out that were never seen before.
https://t.co/xaBJhudBgY
Example:
I decided to take it a step further and make this a @nuclei template.
nuclei -target ./ -t /tmp/appdata.yaml
Looks like scary things are in appdata.
https://t.co/r94FjVugg8
Wants to automate Burp Scans?
Introducing Blinks 🔨:
- Automate Burp Scans in Headless mode
- Customizable HTML & XML reports
- Webhook integration for real-time alerts
https://t.co/EdnqzIhCih
#bugbountytips
#burpsuite #Pentesting #ethicalhacking
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
My notes from labbing AD Certificate Service exploitation.
There’s lots of great resources on this but I wanted to share my walkthrough on how to create a vulnerable certificate, common errors and how to exploit using either Certipy or Certify.
https://t.co/kelGFnEMCr
@alanatiallari_ @SrBachchan As per mythology most of the Rakshas portray themselves as clone of a warrior
I wrote a fun write-up on ADCS exploitation, including explanations and custom built examples of practical exploitation for all 13 ESC vulnerabilities. It's available on my blog: https://t.co/zZReyPgeMi
Hope this helps anyone who's interested in #activedirectory security :)
It’s always worth checking for non-production route names such as:
qa
devenv
devenv1
devenv2
devenv3
preprod
pre-prod
test
testing
staging
stage
dev
development
deploy
slave
master
review
prod
uat
prep
version2
https://t.co/4cILVwLLqy
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers