Olivia
Online
Ethical Hacker
@offethhacker
127.0.0.1
Joined June 2015
5.6K Following
2.3K Followers
94.4K Posts
VeeamDumper by @MWRCyberSec
Veeam is a ~ backup solution. The dumper detects DB config, pulls registry decryption info and decrypts credentials from the DB.
📕Blog: https://t.co/E7wyCZk8QK
🔧Tool: https://t.co/I3STJTX4Q4
🔩BOF: https://t.co/q5hZBIYhBy
The software supply chain has a new predator. 🐛
Meet Iron Worm, the "rustier cousin" of the infamous Shai-Hulud worm. Just like its predecessor, it burrows into dev environments, steals credentials, and self-propagates through trusted GitHub and npm workflows.
Except this one is built in heavy, async Rust, hides behind an eBPF kernel rootkit, and talks over Tor.
Full teardown of the beast:
https://t.co/9Tn4G8tluW
Welp, I found out that, this is a HVCI Compatible BYOVD. That's even scarier. This means it will work even on Windows 11. Proof below @0XDbgMan @weezerOSINT @horsicq @thezdi Expect a well throughout POC. CVE Incoming!
https://t.co/gi3Vivt2aB
Exploits Were Never the Point.
What 46 CERT-UA incident reports and 25 red team operators told us about how cyber operations actually unfold — and why the zero-day mystique keeps getting in the way.
https://t.co/EL7xvPgQeZ
Who to follow
Dominic Chell 👻 
@domchell
Just your friendly neighbourhood red teamer @MDSecLabs @nighthawk_c2 | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Beau Bullock
@dafthack
Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH
soaphorn seuo
@soaphornseuo
PowerShell/YARA scanner for github\.dev VS Code OAuth token theft artifacts
Hunt tip: watch Chrome/Edge file writes under *\IndexedDB\*https_github.dev*\*.log / *.ldb
then scan with the script.
https://t.co/lTsfxLA1sD
https://t.co/3ojUWLqYAu
new detection for cloud metadata credentials using the network_traffic integration captures process, cmdline, url and user_agent and easy to setup via fleet (few clicks), example of a match on the malicious tanstack npm script:
https://t.co/VVVDnEJ28y
https://t.co/HqPJcemqtY
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.
https://t.co/s5jkzBpV36
Stop memorizing SQLi payloads. Start understanding the logic behind them.
More VAPT deep-dives & members-only training on YouTube
https://t.co/Rn8XUltaTn
#VAPT #SQLInjection #CyberSecurity #EthicalHacking #BugBounty #CyberPanchayat
GitHub Advisory Database /Unreviewed
#CVE-2026-8326
"Path traversal vulnerability in Remote Spark SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE.
👉The affected component is the RDP drive redirection""
https://t.co/FJsyIo7jHN
auto: [Android 5.15] KASAN: use-after-free Read in ext4_xattr_ibody_get: A use-after-free bug was detected in ext4_xattr_ibody_get, leading to a crash when accessing freed memory. Involves the ext4 filesystem and requires fix tagging.
link: https://t.co/FMKbg892oa
4 byte heap overflow to a a full RCE in Minecraft via the STB Image Parsing library.
https://t.co/BGDIVeTaxx
It seems like in the latest preview build(s) ETW functionality has been encapsulated in it's own DLL (ETW.dll) -e.g., ControlTrace/etc. are now exported by this DLL instead of sechost/ADVAPI32/etc. Seems to just be code re-org (for now) - but maybe the future will reveal more!
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: https://t.co/WO9MeExoun
PoCs: https://t.co/NpVgEHBHPl
Shellcode execution as a service!
To exploit an argument injection in Jellyfin, we searched and found a gadget in the .NET runtime to turn file writes into code execution. Learn about the bug and this new technique:
https://t.co/HvWtrNbbK5
#appsec #security #vulnerability
Bring Your Own RWX Region DLL (BYORWXDLL)
New Medium post, today we are exploring a technique I call Bring Your Own RWX Region DLL, inspired by the well-known BYOVD (Bring Your Own Vulnerable Driver)
https://t.co/slNKv9qF4W
One of the most exciting parts about our upcoming EDR Internals & Development course is that it walks the students through the development of a research EDR agent called MaldevEdr.
@GigelV41464 analyzed various EDR products to understand their inner workings and incorporated these techniques directly into the training. The agent developed throughout the course includes all the primary components of a real EDR such as a PPL service, user-mode DLL, ELAM driver and other kernel-mode components.
The diagram illustrates the components of the MaldevEdr.
More information: https://t.co/LeGYIWO09h
Cleaned up my old ETW notes from Obsidian and put them into one post.
No new research here.
Just a practical map of the parts I keep coming back to, providers, sessions, kernel loggers, ETWTI, tampering, and detection.
https://t.co/e068LAH8p7
Tired of not understanding s**t about what calls your fav DApp is making? Decoding with cast commands? ABI-hunting on Etherscan?
Some time ago I released Web3 Decoder, a Burp Suite extension to make your life a bit easier.
I just released a big update!
https://t.co/I5gIqGFfPM
Last Seen Users on Sotwe
Yudi12
Seen from Indonesia
Selena Art | 𝗖𝗢𝗠𝗠𝗜𝗦𝗦𝗜𝗢𝗡𝗦 𝗢𝗣𝗘𝗡 💌
Seen from Germany
Shero
Seen from Egypt
ครั้งเเรกที่เเอบดูหีป้า
Seen from Thailand
مجنون
Seen from United Kingdom
Trọng
Seen from Vietnam
OLGUN GEZGIN 50
Seen from United States
#คู่โคราช ด้านมืด หาเดี่ยว/คู่แลก-ไม่แลก.outdoor
Seen from Thailand
Bokep indo viral terbaru 2025 pink
Seen from Indonesia
Los Mejores Packs 🔥
Seen from Spain
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers