Sotwe logo Sotwe logo
sploutchy's profile image

Sylvain Heiniger

@sploutchy

Suisse
Joined December 2009
204 Following
421 Followers
168 Posts
sploutchy  retweeted
compasssecurity's profile image
Compass Security @compasssecurity
Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!… https://t.co/3HF3OoWGCk
compasssecurity's tweet photo. Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!… https://t.co/3HF3OoWGCk https://t.co/2OarrdabUY
0
58
17
33
5K
sploutchy  retweeted
eliran_nissan's profile image
Eliran Nissan @eliran_nissan
I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! https://t.co/ruQJlXgLqV https://t.co/Yp25P6pZvH
12
595
245
440
41K
sploutchy  retweeted
Synacktiv's profile image
Synacktiv Verified account @Synacktiv
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: https://t.co/4Drnk4BoBz
1
326
144
158
32K
sploutchy's profile image
Sylvain Heiniger @sploutchy
You can also find me there: https://t.co/FfB3viKUXW
0
1
1
0
100

Who to follow

_zblurx's profile image
Thomas Seigneuret
@_zblurx
Red Teamer & Security researcher Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo bsky: https://t.co/zISpgvDSWc
HackAndDo's profile image
Pixis
@HackAndDo
Active Directory curious ♥
compasssecurity's profile image
Compass Security
@compasssecurity
Penetration Testing, Red Teaming, Incident Response, Bug Bounty, Security Training, Cyber Range
sploutchy  retweeted
compasssecurity's profile image
Compass Security @compasssecurity
COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (@sploutchy) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM https://t.co/zu6vphlXG0
compasssecurity's tweet photo. COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (@sploutchy) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM https://t.co/zu6vphlXG0 https://t.co/YdphPYYTmM
0
193
93
111
16K
sploutchy's profile image
Sylvain Heiniger @sploutchy
@stratosberry @compasssecurity @decoder_it @D1iv3 Hey @stratosberry, default AD settings allow users to create new machine accounts (https://t.co/UEFhhqJbDL). In hardened environments, you need privileges to modify a computer object (e.g. https://t.co/C5pct6jMmv). Hope this helps!
0
1
0
0
46
sploutchy's profile image
Sylvain Heiniger @sploutchy
@decoder_it @compasssecurity @D1iv3 @tiraniddo This is the cherry on the top ;) Then one doesn't need to implement the whole OXID resolving. Thanks for your great research!
0
0
0
0
68
sploutchy  retweeted
compasssecurity's profile image
Compass Security @compasssecurity
DCOM cross-session coercion + Kerberos = 💣 We took a closer look at the attacks discovered by @decoder_it and @D1iv3 earlier this year and made a PoC in Python! Curious? Full blog post here: https://t.co/MUrrVqdBnW #potato #impacket
compasssecurity's tweet photo. DCOM cross-session coercion + Kerberos = 💣 We took a closer look at the attacks discovered by @decoder_it and @D1iv3 earlier this year and made a PoC in Python! Curious? Full blog post here: https://t.co/MUrrVqdBnW #potato #impacket https://t.co/pmaupcttWk
4
120
49
64
9K
sploutchy's profile image
Sylvain Heiniger @sploutchy
@Jonas_B_K Great blog post, thanks for sharing! I made a PR in certipy (@ly4k_) for checking ESC13: https://t.co/Ej6TiNfzPb
0
3
0
0
64
sploutchy  retweeted
compasssecurity's profile image
Compass Security @compasssecurity
You like device code phishing? You will like Felix Aeppli’s latest research even more. He shows how to backdoor Entra ID phished accounts by adding a new sign-in method. Details and PoC here: https://t.co/u2jVl2v12S
compasssecurity's tweet photo. You like device code phishing? You will like Felix Aeppli’s latest research even more. He shows how to backdoor Entra ID phished accounts by adding a new sign-in method. Details and PoC here: https://t.co/u2jVl2v12S https://t.co/cls9fDwh3H
0
14
9
3
2K
sploutchy  retweeted
thezdi's profile image
TrendAI Zero Day Initiative Verified account @thezdi
Collision – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points. #Pwn2Own
thezdi's tweet photo. Collision – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points. #Pwn2Own https://t.co/NqoNRjGG14
1
43
10
0
12K
sploutchy  retweeted
ldionmarcil's profile image
Louis Dion-Marcil @ldionmarcil
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam
ldionmarcil's tweet photo. Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam https://t.co/hfN9SV9DU0
13
806
230
374
117K
sploutchy's profile image
Sylvain Heiniger @sploutchy
@0xdeaddood Self-plug: https://t.co/yU3TjUJmzF adds relay to ADCS over RPC to ntlmrelayx
0
2
0
1
101
sploutchy  retweeted
decoder_it's profile image
Andrea P @decoder_it
We did it again with #LocalPotato! A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM. Tracked as #CVE-2023-21746 - Windows NTLM EoP Soon more details --> https://t.co/Skyn0xdxNN cc @splinter_code
decoder_it's tweet photo. We did it again with #LocalPotato! A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM. Tracked as #CVE-2023-21746 - Windows NTLM EoP Soon more details --> https://t.co/Skyn0xdxNN cc @splinter_code https://t.co/v3LZ9aK3Ri
14
712
267
117
90K
sploutchy  retweeted
MartinGalloAr's profile image
Martin Gallo 🇦🇷 💚✊🏾🚀 @MartinGalloAr
🆕More personal news here .. I want to share that the Impacket project is moving to @fortraofficial's @CoreSecurity! It will now be part of their open source portfolio, and funded with a team of very talented security professionals. https://t.co/dcfBKv1AFo #impacket
1
171
38
21
0
sploutchy  retweeted
BlackAlpsConf's profile image
BlackAlps @BlackAlpsConf
Recordings of #blackalps22 are available here: https://t.co/cM6oe6bUUL
0
17
13
1
0
sploutchy  retweeted
podalirius_'s profile image
Rémi GASCOU (Podalirius) Verified account @podalirius_
Next week I will present a #talk at #BlackHat Europe 2022 on how to automate the search of RPC functions allowing to coerce authentications on #Windows. Alongside this talk, I'm publishing a brand new version of #Coercer! ➡️Check it out here: https://t.co/6aVELSPCDa
podalirius_'s tweet photo. Next week I will present a #talk at #BlackHat Europe 2022 on how to automate the search of RPC functions allowing to coerce authentications on #Windows. Alongside this talk, I'm publishing a brand new version of #Coercer! ➡️Check it out here: https://t.co/6aVELSPCDa https://t.co/QBr9uGs3xN
3
163
64
24
0
sploutchy  retweeted
ShitSecure's profile image
S3cur3Th1sSh1t @ShitSecure
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash: https://t.co/OMiWBOVaS8 Really easy and intuitive to use 👏
5
279
102
59
0
sploutchy  retweeted
pomaretar's profile image
Ramón José @pomaretar
Si tu as aidé une dame à vélo aujourd'hui devant un tram à Genève, peut-être tu as perdu cet airpod qui est tombé par terre. #airpod #28.11.2022 #geneve #geneva https://t.co/ewTvyrRI8C
0
0
1
0
0
sploutchy  retweeted
compasssecurity's profile image
Compass Security @compasssecurity
At @BlackAlpsConf, our analyst Sylvain Heiniger @sploutchy presented a new attack path to AD CS. Read his blog post for details and tools updates. #adcs #esc11 #ntlmrelay #rpc #msrpc https://t.co/UiRDilU9TS
compasssecurity's tweet photo. At @BlackAlpsConf, our analyst Sylvain Heiniger @sploutchy presented a new attack path to AD CS. Read his blog post for details and tools updates. #adcs #esc11 #ntlmrelay #rpc #msrpc https://t.co/UiRDilU9TS https://t.co/sBH3GMUDI5
5
145
76
32
0

Last Seen Users on Sotwe

MuhammadBi86616's profile image
Muhammad Bilal
Seen from Pakistan
SubMuscleStud's profile image
SubMuscleStud | Built for Use
Seen from France
bantuhamil's profile image
bantu hamil
Seen from Indonesia
Lmd_2712's profile image
Luis D (Lmd_2712)
Seen from Colombia
Temmzvolley's profile image
Vsever 2.0 🏐 Verified account
Seen from Turkey
RAJA448811861's profile image
RAJA BAWUK
Seen from Singapore
AlfieCarta's profile image
AlfieCarter
Seen from Spain
JAVJIKAIINDO's profile image
JAV Bokep Indo Cewe Manado Mabuk Sange
Seen from Singapore
PtBokep382's profile image
Pt Bokep
Seen from United States
OsamaIb88347033's profile image
السراب

Trends for you

1
Knicks
Under 10K tweets
2
Wemby
Under 10K tweets
3
Melanie
Under 10K tweets
4
Castle
Under 10K tweets
5
Tony Brothers
Under 10K tweets
6
San Antonio
Under 10K tweets
7
Freddie Freeman
Under 10K tweets
8
Gundam
Under 10K tweets
9
FMVP
Under 10K tweets
10
Stellar Blade
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.2M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
108.9M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.3M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.6M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
86.8M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.6M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.2M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.4M followers
youtube's profile image
13
YouTube Verified account
@youtube
68.6M followers
imvkohli's profile image
14
Virat Kohli Verified account
@imvkohli
68.5M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.4M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.1M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
59.9M followers