Olivia
Online
No Security
@nos3curity
Offensive AI & Red Team @Google @Mandiant | OSWE, OSCP, OSEP
California, USA
Joined October 2018
1.1K Following
366 Followers
935 Posts
Pinned Tweet
New bio acronym just dropped. @offsectraining
Read my blog for a review and tips for the OSEP exam.
https://t.co/2pZdFLe1Qc
+100 CTF #Writeups #Android and #iOS
Link: https://t.co/9qpLKymQFD
#MobileSecurity #Hacking #Cybersecurity
Posting my write up for @XintraOrg 's Hybrid Azure APT Emulation Lab (Husky Corp) https://t.co/TnhhLHMMQi. Fairly in depth blog post walking through OAuth, Managed Identity, and PTA abuse, Pass the PRT, etc. Huge s/o to @inversecos and the team for making an amazing lab.
I had a fun side project where I reverse engineered, hacked and modded an old Spider-Man mobile game. Check my blog for juicy technical details about game hacking and Android security things - https://t.co/xoKVdmLc4R
Who to follow
Dylan Tran
@d_tranman
pro skid
salsa sultan, verde villain, condiment connoisseur
sdvx vf 16
Former: Adversary Simulation @xforce, @NationalCCDC+@wrccdc & @globalcptc @calpolyswift
Moloch
@LittleJoeTables
Offsec Engineer
Formerly of @BishopFox
https://t.co/YcsVLOezuj
https://t.co/z3UKx3Wcrf
SkelSec
@SkelSec
CEO and Co-Founder of Octopwn
Excited to announce the 🚀 launch of the 🔥 LOLESXi project. It provides valuable insights into adversarial techniques targeting VMWARE ESXi.
https://t.co/MLCSW1Zix1 #threatresearch #lolesxi #dfir
Bellingcat’s Online Open Source Investigation Toolkit
bellingcat.gitbook[.]io/toolkit
![blackorbird's tweet photo. Bellingcat’s Online Open Source Investigation Toolkit
bellingcat.gitbook[.]io/toolkit https://t.co/20b6rPgsEz](https://pbs.twimg.com/media/GYOq4-EbUAAIYx4.jpg)
Well, this was a stupid insomnia project, but... 😂
Playground code is here: https://t.co/GQsVFrYsvy
Binding to port 445 on Windows without WinDivert. This is highly useful for NTLM relaying. Big thanks to @zyn3rgy for the talk.
I can make you click a phishing link. Want to know how? Just click this link and I will teach you ;) Don't worry. This is not a test. Nobody will know. Just do it: https://t.co/rAnZ2JvS7D
omg 🫨🫨🫨
Awesome List of Password Spraying TTPs
Okay, I started pulling this together before my morning run for another project I'm working on. I need contributions. Please submit MRs if you have any ideas for additions!
https://t.co/XuLP9bKi0D
I exfiltrate data from People, SharePoint, Teams, OneDrive, and Outlook. I navigate to https://t.co/dmQ9PeuJYd use People from low privileges to find M365 Public Groups and see what documents I can exfil, what email archives I can read, gain knowledge about the organizational structure and people's PTO sometimes, and get distribution lists. I plant malicious files in OneDrive to transition from cloud to on-prem, I browse to other apps like ServiceNow to get information in wiki's and how-to's. I check admin portals like https://t.co/xPQGqJxwF4 for targeting and get all the configuration information about Oauth app registrations and Enterprise Apps for exploitation. I look for shared mailboxes and delegated mailboxes to hide in. I get location specific restrictions to learn where I can go. I set up internal Illicit Consent phishing for lateral movement and do phishing via access to Teams and SharePoint with device codes and other methods for lateral movement ... to name a few.
Dropping a new initial access technique via RDP that I dubbed "Rogue RDP". Use malicious .RDP files to bypass email/servers/security gateways and then run code to binary plant/exfil from your own RDP server, blinding EDR. Bonus: Target runs HyperV? RCE! https://t.co/iMMS1pK0qs
Satellite Hacking Demystified : https://t.co/fK7D0Yog5P
Hilarious thread
TL;DR — recruiters and HR/People Ops are worse than useless
🗒️ LLM Testing Findings
An open source collection of LLM Integration & Application Findings
Consider using these for a “tabletop” assessment of your own LLM integrations and applications
By @bishopfox
#pentesting #AI #cybersecurity
https://t.co/16JNtQACYH
Practical and Theoretical Attacks in the Industrial Landscape (Part 2) https://t.co/9IrKvlC4Dn
I'm pumped to announce the release of Misconfiguration Manager, a knowledge base and how-to for both offensive and defensive SCCM attack path management, that @subat0mik, @garrfoster, and I have been working on! Check it out and let us know what you think! https://t.co/OuGS5uLAYA
FormThief - a project designed for spoofing Windows desktop login applications using WinForms and WPF https://t.co/lKTwh9xlrJ
AzSubEnum - Azure Service Subdomain Enumeration https://t.co/hai96UnMgo
This is a great blog by @Tw1sm
Tldr; Compromise workstations by coercing machine account HTTP authentications and relaying them to LDAP to set shadow credentials on the computer object. Then extract the NT hash, create a silver ticket, move laterally 🔥
https://t.co/PJWolaL5VL
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers