Olivia
Online
ɥɔıʌǝɹɐsʇ
@petermayanja
Tech. infosec. Photography. Perpetual n00b. Opinions mine. IG: petermayanja / Check 👉🏿#AirMayanja
Valyria /221B Baker St
Joined November 2010
1.1K Following
929 Followers
25.2K Posts
Pinned Tweet
"Intelligence without ambition is a bird without wings." - Salvador Dali
sometimes there is no way to debug besides staring at the code until you become enlightened
With the soccer crew
We’ve got an smb vuln and now an RCE in word. Next up @hdmoore is gonna release this cool framework called Metasploit
2000s baby. They are back https://t.co/EbkanOYfxn
If you actually want to work in detection. Please make an effort to understand the data sources you are using.
It's not EventID==X or CommandLine contains Y, just because you executed malware in your lab and checked the event log. 😭
Here a couple to think about
- Understand how event id are not unique across providers
- CommandLine can be spoofed, and you should know how easy it is.
- ETW offers a lot of hidden gems. Learn more and explore it.
- The registry contains a lot of hard to spoof evidence.
- A technique is not linked to a tool
Wowzers, dodged a bullet there 😅
It’s really hard to be a good internal pentester if you’ve never walked in the shoes of a sysadmin or if you’ve never been in an IT support role.
You may be able to run some tools, find vulns and even “get DA” but that’s where your effectiveness will end. That’s the easy part..
What about when questions come up about the finding or how to remediate it?
What about when something you do causes issues?
What about when the client asks how to make X thing better?
Internal pentesting is weird for me because I attribute so much of my “success” to my IT support/sysadmin days.
I’m this old
Relaying Kerberos over SMB using krbrelayx https://t.co/J09qMLgkMF
DROP GOALS ARE OVERRATED ANYWAY.
WHAT A WIN WALLABIES
#ENGvAUS
Jorgensen!!
What a game!
#ENGvAUS
Pretty bold take
seriously annoyed
fresh linux, all of my peripherals, wireless devices, bluetooth devices, wi-fi, headset, mic, sound, all the games I enjoy, my whole dev setup
all worked first time zero config zero setup zero installers
where's the fight gone man
new blogpost time!!
this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty
lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c:
have fun!
https://t.co/64ZAIVHoSO
Love a good client-side exploit chain! This crazy cross-product chain targeting Google by @rebane2001 is a great example of the type of exploit that gets easier the longer you spend targeting a single company
https://t.co/mxhH2N7teW
participating in a python ctf this weekend and our team name is chr(sum(range(ord(min(str(not()))))))
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers
✨
⭐
💫