Olivia
Online
R∆V∆N∆N
@R4vanan
i am also a gamer!! but a small difference, you love #Xbox to play! but i love #hackthebox to play ;-)
Joined July 2019
677 Following
49 Followers
415 Posts
@Olufela_Jr Same problem I faced a lot of time how you bypassed this?
Remote Desktop, Windows quietly saves fragments of what was on screen. Attackers can grab those fragments and reassemble them into readable screenshots using two free tools and about ten minutes. No special privileges required.
https://t.co/h56E4HVvoJ
Fun fact! Just like the notepad Ctrl+Click RCE, Windows, Linux, and Mac terminals all support something similar.
printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\\n"
Ctrl-Clicking will open Calc with no warning and we're able to make it remote by outputing to /dev/pts/#
Microsoft does not consider this a vulnerability
Open source Burp Suite alternative for security research
https://t.co/ykiSfMtFkV
I factored the number RSA1024-1 using my home-built QPU stack; alarming sign that RSA1024 will soon be broken.
I'm choosing Full Disclosure, in the interest of transparency and Science advancement: https://t.co/UyImHud2n2
Non-ZK proof that the correct RSA1024 was used: https://t.co/eLdU0xpTMU
@yuvadm your move
Why is no one talking about this?
@nvidia is offering around 80 AI models via hosted APIs absolutely for free.
You get access to MiniMax M2.7, GLM 5.1, Kimi 2.5, DeepSeek 3.2, GPT-OSS-120B, Sarvam-M etc.
This plugs straight into OpenClaude, OpenCode, Zed IDE, Hermes agent and even with Cursor IDE.
Setup:
– Grab API key: https://t.co/Wfdclm0hY2
– base_url = "https://t.co/VOGC10LmGP"
– api_key = "$NVIDIA_API_KEY"
– select model (e.g. minimaxai/minimax-m2.7)
If you’re building or experimenting, this is basically free inference.
Lock in and start building today anon.
Thank me later.
Claude-Red: 38 Saldırı Güvenlik Becerisiyle Claude'u Kırmızı Takım Operatörüne Dönüştürün. 🤖💀
SQLi, XSS, EDR atlatma, istismar geliştirme, OSINT ve daha fazlası için önceden oluşturulmuş SKILL .md modülleri — gerçek sald��rgan iş akışlarına benzer şekilde yapılandırılmıştır.
Yapay zeka güçlüdür, ancak kötü girdi = kötü çıktı. Beceriler yeteneği tanımlar.
https://t.co/mlVhe79Suw
Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness -
Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack.
Check https://t.co/d0SZSf1KqF
いいツールだ。Azureペンテスト捗る。
https://t.co/IekT2aQ1yF
So here is new local privilege escalation zero-day I discovered, not patched yet too :).
In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint.
Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client.
In the white paper below, I describe five exploit paths you can abuse.
However it's architecture problem and maybe there are more. It's Not A Potato
https://t.co/DOfRFgYqI9
@cybermunene i am trying to bypass the defender on exam but i failed
NTLMv1 is still out there. And now it’s easier than ever to break.
@skylerknecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required.
Check it out! ⤵️ https://t.co/AoC1NFBNK1
If you’re doing #cloud #security penetration testing and Azure is in scope, AZexec should already be in your toolkit!
AZexec brings a NetExec-style workflow to Azure & Entra ID, finally giving cloud pentesters the same speed, clarity, and offensive ergonomics we’re used to on-prem.
What makes it a must-have:
- Unauthenticated & guest-based enumeration (yes, the Azure “null session” problem is very real)
- Two-phase password spraying using Microsoft’s own APIs (stealthy, lockout-safe, MFA-aware)
- Deep Entra ID & ARM reconnaissance: users, roles, apps, Key Vaults, storage, networks, VMs
- Remote command execution across Azure VMs, Arc, MDE, and Intune
- Credential extraction & token abuse tailored for cloud-native environments
- NetExec-style output + reporting (CSV / JSON / HTML) for clean ops and clean reports
If you know CrackMapExec / NetExec, AZexec will feel instantly familiar, just adapted for how Azure actually works.
Cloud attacks deserve cloud-native tooling.
🔗 GitHub: https://t.co/pn75EvMlKO
#CloudSecurity #Azure #EntraID #Pentesting #RedTeam #OffensiveSecurity #AzureAD #NetExec #AZexec #Logisek
📞 Microsoft fixed an authenticated RCE in Windows Telephony Service (CVE-2026-20931), discovered by our researcher Sergey Bliznyuk @justbronzebee
Read the write-up: https://t.co/nNsMGF1hLK
ZK Security Alpha: Found the repo.
100+ zero-knowledge proof vulnerabilities compiled.
This is required reading for every ZK audit you run.
https://t.co/ZpG3py4EYP
Hey developers and vulnerability researchers!
I'm working on improving my C/C++ #Semgrep ruleset, and I've just published the v1.1.0 release: https://t.co/UQpsnQ8Grv
Please test it inside and out, open issues or submit PRs. Aiming for a major release sometime before spring.
#SetcodeRAT a custom Telegram‑stealing Trojan targeting Chinese‑speaking regions. While the malware itself is heavily customized for Telegram plugin injection
Using the query http.html_hash:-1514130953 to track the SetcodeRAT C2 cluster.
Report: https://t.co/gCqcpAE9Np
🚨🚨CVE-2025-55182 (CVSS 10.0): RCE in React Server Components
A decoding bug in React Server Function payloads enables full unauthenticated RCE on vulnerable RSC backends.
🔥PoC: https://t.co/ZsTgkRqiHH
Search by vul.cve Filter👉vul.cve="CVE-2025-55182"
ZoomEye Dork👉http.body="react.production.min.js" || http.body="React.createElement(" || app="React Router" || app="React.js"
3.1M+ exposed React targets.
ZoomEye Link: https://t.co/evM9m7xxl0
Refer:
1. https://t.co/ypCp3ghocv
2. https://t.co/CbGYXnMWpR
#RCE #ZoomEye #cybersecurity #infosec #OSINT
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers