Olivia
Online
NotFound
@Notfound404__
-- Member of @HexpressoCTF -- ☕ ☕GNU/Linux && bash|py addict
0x54726f6c6c2045766572797768657265
127.0.13.37
Joined July 2012
864 Following
2.1K Followers
5.5K Posts
Pinned Tweet
If a website is protected by @CheckPointSW IPS "anti-SQLi" and mysql<=5 is running, you can easily bypass this by using "||" and "&&" instead of "OR" and "AND" which are blocked. Tested on the lastest version R80.20.
#bugbountytip #bugbounty #pentest #payfornothing
"Viendez" tester ce petit challenge ! Un peu de network, un soupçon de crypto, une pincée de RE et surtout : 0 guessing.
Gagne ton pass pour @_leHACK_ 2026 ! 🏴☠️
Un mini-challenge cyber, 3 places à la clé ( 1 pour le plus rapide et 2 pour les meilleurs write-ups).
⏱️ Fin : 21/06 à 23h59
👉 https://t.co/QV6HrYQcHX
I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀
Presenting the Continuous Reasoning AI Pentester!
Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR.
Zero human input.
One hundred percent success.
Si vous ne souhaitez pas passer par LinkedIn :
https://t.co/124WPQ2O8s
Who to follow
Kaluche 
@kaluche_
Red Team 🎯 at @QuarksLab | Windows & Active Directory 💗 | @BreizhCTF co-founder 🚩
HZV
@asso_hzv
HZV will never die !! Since 2000 https://t.co/fbmQzJKdFU
SaxX ¯\_(ツ)_/¯
@_SaxX_
🥷🏽Gentil Hacker et Engagé ¦¦🎙Speaker à forte Valeur ajoutée ¦¦ 🤝 Cyber Diplomate ¦¦ 👳Mentor Guardia CS ¦¦ 🥂Épicurien 🍽
3 places à gagner pour Le Hack (la NDH pour les anciens) !
Et faites moi plaisir, je veux un writeup en oneliner bash svp.
En plus, il y a quelques messages cachés 🤫
#challenge #ctf #loginsecurite
Je serai à #LeHack vendredi 27 et samedi 28 juin, et si tu n'as pas encore ta place, tente ta chance pour venir gratuitement, en résolvant ce petit challenge made by @LoginSecurite 💪
https://t.co/BQzol8h6pt
@SecurityTrybe set completion-ignore-case On
💤
PoC Exploit for the NTLM reflection SMB flaw CVE-2025-33073
https://t.co/tkgfd5UnEp
Il y a bien longtemps que j'avais pas trouvé un chall aussi sympa !
Malgré sa simplicité, on y trouve des vulns très récentes, le cheminement jusqu'à DA est fluide et surtout, c'était l'occasion de jouer avec certipy5 👌
(https://t.co/6BGMyyUH6e)
https://t.co/OATAxif7pA
@_SaxX_ comme même !
@_SaxX_ Si t'es sage 😘
BadSuccessor ports:
◾️.NET https://t.co/27SFjjBOWL
◾️Python https://t.co/NxLYxf6H0x
◾️PowerShell https://t.co/8q7Pd9KSk2
🎯 Implemented in these tools:
◾️Netexec: https://t.co/aF6xlW1DIR
◾️BloodyAD https://t.co/mjemUKJOEl
I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution!
https://t.co/nvZmsNqjnG
Many missed this on #BadSuccessor: it’s also a credential dumper.
I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.
#BadSuccessor - a textbook example of why the security ecosystem is broken
- A privilege escalation vuln in Windows Server 2025 AD (via dMSA)
- Full domain compromise with default config
- Microsoft was told, agreed it’s real, but rated it "moderate"
- No patch, No fix
- No code execution needed
- No need to touch the DC
- No RPC, no ntds.dit
- Just a write to one attribute on an account you can create
- Rubeus already supports dMSA abuse (since February)
- Metasploit module is in the works
Researchers published everything anyway. Because… "we respectfully disagree with Microsoft’s assessment". So yeah, let’s just drop an end-to-end domain takeover technique online to prove a point.
To be fair, Windows Server 2025 isn’t widely deployed yet, so the real-world blast radius today is limited. But this isn’t about today - it’s about trust, process, and what happens when security decisions are driven by vendor priorities and researcher egos.
What this tells me:
1. Microsoft either:
- Can’t assess bugs anymore
- Or stopped caring about on-prem AD completely (because Entra ID is what they want to sell)
2. And the offensive sec crowd?
- They knew this would hit hard
- But chose to burn the world anyway
- Because their urge to be right > everyone else’s security
In the end, both sides look bad.
Microsoft, for being dysfunctional or apathetic
Researchers, for chasing clout over coordinated disclosure
Congrats. In a rare show of unity, both sides managed to screw this up.
Blog: https://t.co/f9eDCBmbjI
LinkedIn: https://t.co/dc1l5EUYpb
Metasploit issue: https://t.co/tcRkUHavo1
Just built an MCP for Ghidra.
Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks.
One-shot markups of entire binaries with just a click.
Open source, on Github now.
Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post https://t.co/eF5nhHfPuS
@_SaxX_ Attention avec l'utilisation de "diskpart" et son équivalent Linux "dd" , n'est-ce pas 👀
Oh ça, c'est fort !
Même pour les fanboy cli comme moi, toujours pratique d'avoir un tool qui donne une vue d'ensemble rapidement sur certains éléments.
https://t.co/bwMOsJU6b5
Attacking UNIX Systems via CUPS, Part I
https://t.co/T6SqraB5nh
Last Seen Users on Sotwe
Tata
Seen from Indonesia
F@ntastic porno 👅
Seen from Turkey
Deepthroat & Anal
Seen from Turkey
kohar hhh
Seen from Malaysia
awik@pemburu bokong123
Seen from Indonesia
ngelamun jorok
Seen from Indonesia
บาส ครับ ชอบสาวรุ่นใหญ่โชว์เสียว
Seen from Thailand
idrissou_86
Seen from Netherlands
xhx93
Seen from Singapore
Sert batman
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers