Olivia
Online
Chema García
@sch3m4
Threat Researcher at Palo Alto Networks @Unit42_intel | @THIBER_ESP cofounder | Tweets are my own
0.0.0.0
Joined January 2010
424 Following
623 Followers
4.5K Posts
Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
https://t.co/EQgOtnhCyk
Hunting #APT28 infra 🎯 like @MichalKoczwara style
highlighted by @billyleonard
Actor use XSS for redirect victim to phishing site, with login form, which push POST request to compromised EdgeOS routers as an intermediate infrastructure with deployed the server.
1/🧵
AdaptixC2 v0.8 is out!
https://t.co/mL8AAS7w4c
* AxScript: new events and functions
* Added Targets Manager
* Updated tunnels
Full update details: https://t.co/XkVlgaXW6W
Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking Kimsuky
A copy of his workstation data was done and is now available for all researchers to analyse!
Article: https://t.co/iCI70eUbuQ
Data dump: https://t.co/vDRLKk8DKD
Who to follow
cr0hn
@ggdaniel
La ciberseguridad es una cosa jodida. Soy un freelance ayudando a empresas a que no se lleven sustos desagradables
Juan Garrido
@tr1ana
Trianero de nacimiento
Pablo San Emeterio 
@psaneme
Emprendedor en VAPASEC. Investigador y formador en ciberseguridad, desarrollador de software y colaborador en @ciberafterwork spotify: https://t.co/GvL89h9HGG
We are observing active global exploitation of critical Microsoft SharePoint vulns CVE-2025-49704 and CVE-2025-49706.
Orgs worldwide are being targeted. Patch immediately. The exploits are real, in-the-wild and pose a serious threat.
IoCs we've seen: https://t.co/Yp3KaWRtCz
Initial access broker TGR-CRI-0045 is attributed with medium confidence to Gold Melody. One technique in a recent campaign is to employ https://t.co/ZxVdlzDRjU View State deserialization for in-memory payload execution. We deconstruct the tooling and more: https://t.co/XskibEtEIh
In-memory IIS tradecraft significantly hinders detection — learn what you can do. This method was used in a campaign by TGR-CRI-0045, which targeted industries from financial services to transportation. Read the full campaign details: https://t.co/XskibEtEIh
Principal Component Analysis (PCA) is the gold standard in dimensionality reduction.
But PCA is hard to understand for beginners.
Let me destroy your confusion:
At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95).
This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields.
Actors used an unknown Exchange exploit chain.
PPT: #IOCs #APT
📚 Learn How To Use Angr
🆓 Open-Source IDA Pro Alternative
🧠 Specializes in symbolic execution
👉 https://t.co/4SHgU1lweP
How tf did the FBI / NSA get a picture of North Korean IT workers working
📷 Due to overwhelming demand from my last post… I’ve decided to publicly drop the OSCP 2025 Linux Privilege Escalation Notes for everyone! 📷📷
📷 These notes cover advanced privilege escalation techniques tailored for real-world pentesting and OSCP exam prep — from enumeration to exploitation.
📷 Grab them here, no DM required:
📷 https://t.co/9Wtqt8clmL
📷 If you found this valuable:
📷 Repost to help others
📷 Like if you’re studying OSCP or hacking
📷 Comment your favorite trick or ask a question
I see you all — and I appreciate the insane support. Let’s keep leveling up together. 📷📷
#OSCP #PrivilegeEscalation #CyberSecurity #Hacking #BugBounty #Linux
CrowdStrike Researchers Investigate the Threat of Patchless AMSI Bypass Attacks
https://t.co/I9FWvSHJwq
Finally! Google has just released Gemini CLI an AI agent that brings Gemini directly into your terminal
→ 1,000 free requests PER DAY
→ Open source
You can use it as a coding agent, automate tasks, use MCPs, generate videos & images, etc.
Steps to install and use it:
Anthropic ha publicado una guía gratuita de prompt engineering que convierte técnicas avanzadas de IA generativa en habilidades que cualquiera puede aprender
https://t.co/D993OaEz0m
Rust for malware development
https://t.co/G9WWMuhLaO
TL;DR: This blog explores the advantages of using Rust over C for malware development, highlighting Rust's evasive characteristics and challenges for reverse engineering.
Active Directory Penetration Testing Using Impacket
https://t.co/LiVydXU8vP
🔥 Telegram: https://t.co/upuP8k7Ev3
#infosec #cybersecurity #cybersecuritytips #microsoft #redteam #informationsecurity #CyberSec #ai #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips
Playbook Hunting Chinese APT
an Chinese APT TTPs and LOLBAS Operations
https://t.co/zuNeEK3lmX
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers