Olivia
Online
SadPanda
@sadpanda_sec
Thats a no for me dawg
Joined March 2015
646 Following
296 Followers
1.8K Posts
Pinned Tweet
We getting griddy! Pushed a minor update to print a nice grid emulating excel sheets in console output. #redteam
https://t.co/hjkLLVc2wr
Beacon Object File for LDAP Queries Through ADWS https://t.co/xHEurcxLJw
Releasing DCOMIllusionist as part of our talk on DCOM at @x33fcon with @k3vinTell. It's a remote in memory fileless lateral movement technique based on some research of @tiraniddo
https://t.co/XLljazKmnH
Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog!
https://t.co/jeaMcyAQ2J
Who to follow
Cobalt Strike
@_CobaltStrike
Official account for Cobalt Strike. Benchmark red teaming tool known for its flexibility and powerful user community. Follow for new releases and other updates.
LuemmelSec
@theluemmel
I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBn
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
LdrShuffle - stealthy code execution, by Hugo Valette (@RWXstoned)
It temporarily overwrites the EntryPoint of loaded DLL modules within the Windows PEB. When OS automatically invokes the modified module's EP, execution is successfully redirected to a payload of choice.
Source: https://t.co/28w8vUtb8P
#maldev #malwaredevelopment #redteam #blueteam
EDR has the attention span of a toddler. If it doesn't see the exact pattern it was trained on (sleep, allocate, inject, sleep), it just moves on. Anything else between your calls and it forgets you exist. So I built a library that does exactly that
https://t.co/pZWlTt863l
Wrote a BOF that is able to execute .NET assemblies in-memory via module stomping so ETW / AMSI are seeing a legitimate GAC assembly instead - https://t.co/IimpD8aZ66
New small Blog Post from my side - anyone faced 429 too many requests on Microsoft Graph in your projects? This blog provides more insights on how to bypass those. 🫡
https://t.co/v3DlLWzFqq
Impacket 0.13.1 is live! This release includes new relay surfaces, stronger support for modern Windows and SQL Server environments, and a set of practical improvements across the examples scripts. Check out the blog post to get more details>
https://t.co/B52xTyCNMT
Async BOF that monitors USB device connect/disconnect events, reports device information and performs actions on connected USB storage volumes. https://t.co/OxgsLPaU7n
LFG!!!
35+ non-Office file formats fully weaponized & obfuscated by the OST Builder - coming soon! So many ways to run your shellcodes. This release becomes my hello world to the OST family 👋
And now you don't 🙃
net_use - a modernized BOF ported from @TrustedSec's
SA BOF repo, it is used to add, list, or remove mapped drives via the Windows MPR API. og functionality is preserved just added improved memory handling to reduce crashes during runtime
In monitored environments, spawning net.exe or PowerShell for drive mapping can create unnecessary telemetry.
find it here:
https://t.co/fTezAomOi1
morphkatz - Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants https://t.co/FvYcpCVSqF
New video: creating COM objects with the class moniker.
Most of you know CoCreateInstance.
Here is another way: class moniker. I walk through what the class moniker is, how the registry resolves the clsid: prefix to an implementation in combase.dll, and then rebuild the whole thing manually with MkParseDisplayName and IMoniker::BindToObject.
https://t.co/X1eAjXJeIh
I too woke up and choose violence today as the fail-copy POC dropped.
Made a clean exploit including fixing the UID post exploitation without rebooting the target server. Smoke those CTF’s in hack the box.
https://t.co/nRiFyXQzRe
Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents. https://t.co/lACioWjtkf
MSSQLHound runtime is down from 17 minutes to 17 seconds in my lab after rewriting the BloodHound collector in Go with Javier Azofra and added SOCKS proxying, Kerberos and NT hash auth, and pathfinding. Hope this is more useful for ops than PowerShell! Let me know how it goes!
Here is my BOF POC (emphasis on POC...) of this research. As the README states it's not an operationally-ready tool, but it was neat research and I figure the code might be useful for someone else. Thanks to @lildylannn and his colleague for their work! https://t.co/MoOVepSfFd
Been very interested in Async BOFs lately and implemented a few for use with Conquest. The first implements Rubeus monitor as a BOF and notifies when TGTs are collected. The second monitors for clipboard changes and returns them. https://t.co/p7hmjv4kAq https://t.co/Kdo9FG9Fba
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers