Olivia
Online
Lukas Klein | @rantasec.bsky.social
@RantaSec
Joined July 2021
169 Following
60 Followers
481 Posts
Check out GoLinHound:
- Discovers Linux & SSH attack paths
- Outputs OpenGraph JSON for BloodHound ingestion
- Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths
https://t.co/HPh2xiiCzl
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: https://t.co/Qa4aieDBji
Fact: Remote service and scheduled task creation bypass firewalls on DCs and Win file servers because of SMB tunnelling.
Solution: Create RPC filters that block MS-SCMR and MS-TSCH over named pipes. The latter has 3 UUIDs, so blocking the atsvc pipe is more elegant. #DSInternals
Who to follow
RMark2022
@RMarko2022
2026 parabolic bullrun made me wealthy ^^
Bear-Room-Bully
@BearroomBully
Simplifying all the investment gems 💎💎💎. Historian-Crypto and blockchain technology investor. Accumulate-Accumulate-Accumulate 💯
allthingsida 
@allthingsida
All things IDA, security, reverse engineering, programming, AI and more. Friend and fan of Hex-Rays but non-official.
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM.
https://t.co/GC5wA2y3EO
The DSInternals.RpcFilters PowerShell module for Windows RPC filter management is out! Includes support for the new OpNum matching capability of Windows Server 2025. Looking forward to community feedback.
https://t.co/AhhoyABwri
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Can't kill sysmon.exe anymore? Cut it off from its own log by stopping ETW logger!
LocalSystem required, of course.
Check out @elad_shamir's recent blog post to learn more about NTLM relay attacks. ⬇️ https://t.co/2AOMyWUiZL
Check out this new blog post from @_wald0 discussing the fundamental components & mechanics that enable the emergence of critical Attack Paths in Microsoft's increasingly popular Intune product. ⬇️ https://t.co/tPygSMu7go
Now available in my tenant
ADSynchronization.ReadWrite.All
The Chinese threat intelligence report is here:
https://t.co/X5TEiZHQXa
It’s always nice to see reports from other parts of the world because they can give a different perspective.
That said, the translation I read was super confusing so I’m sure I missed some details
I finished my talk at BHEU! The attack methods and techniques shared in the talk are not a great deal, but I hope this serves as an opportunity to draw attention to the importance of security measures for Intune. Here is the tool released for the talk.
https://t.co/2tVVJuNe4n
FLARE is releasing a tool today that I've been working on over this year that helps break down binaries into smaller functional clusters and uses Gemini to describe their relationships, behavior and the overall malware functionality. It's called XRefer and it is out for you to read about and try out. Check out the write up here, and look below for some examples: https://t.co/qLxJMOgePy
Unauthenticated Remote Code Execution (RCE) on Domain Controllers (DC).
It does not get worse than that. Probably will be included in #ransomware campaigns.
Any technical analysis of CVE-2024-49112 published?
CC: @gentilkiwi @harmj0y @_wald0
How many audits or IR engagements do you think pull the UAL without checking if any accounts have Audit Bypass enabled?
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
New #AADInternals version is finally out now:
▪ Moved endpoint related stuff to new module: AADInternals-Endpoints
▪ Added blue team stuff: Get app consent info, find backdoors, convert SID<>Entra ID Object ID, find abusable dynamic groups
▪ Added red team stuff: Get ESTSAUTH cookies, export Intune certificate, invoke PS scripts as system or other users
See full change log at: https://t.co/GpEUaIHfT8
The systems used to intercept those calls were designed, built and installed specifically for the FBI to intercept calls. These systems were working exactly as intended, except being operated by “the bad guys.” A scenario always raised as a reason for strong encryption.
Last Seen Users on Sotwe
الملكة إيما/Queen Emma
Taniel
Seen from South Africa
s'ANAL'cı
Seen from Turkey
ชอบสาวใหญ่ใจถึง..
Seen from Philippines
Naughty_Baee
Seen from Malaysia
Mr.Berk
Seen from Indonesia
Kimi.ai
Seen from Singapore
chapinas en corte
Seen from Turkey
gokhantest
Seen from Oman
Heaven & Peezy❤️
Seen from South Africa
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers