Olivia
Online
v1n3gr3p
@vinegrep
Infosec. Fuck around, find out. All tweets are my own.
Joined February 2011
485 Following
127 Followers
3.1K Posts
Modern C2 implants use sleep masking & metamorphic code to stay hidden. We’re revealing how to unmask them using low-level runtime telemetry (ETW & CPU profiling) live in production including a POC with a lightweight sensor.
My team will be presenting our research at x33fcon:
https://t.co/qhtckSyxx5
🔐 Releasing LUKSbox: encrypted vaults that survive the next decade.
Drop sensitive files on any cloud or USB. The provider gets one random-looking blob they can't read, even under subpoena.
✅ FIDO2 (YubiKey, Titan, Nitrokey, Windows Hello)
✅ TPM 2.0 keyslots
✅ Post-quantum hybrid (ML-KEM-768/1024 - FIPS 203)
✅ Detached header → zero metadata on the container
✅ Linux / macOS / Windows
✅ Rust, Apache-2.0, 30M+ fuzz iterations
v0.1.0 is out!
👉 https://t.co/ZtlL2ygPFx
#infosec #encryption #postquantum #FIDO2 #rust #opensource #cryptography #penthertz
EDR Tradecraft: Internals, Detection, Evasion & Advanced Research
TL;DR: Covers kernel callback APIs, file-system mini-filters, ETW providers, four detection engine model, syscall gates sleep obfuscation, call stack spoofing, ETW-TI HWD and more ....
https://t.co/U9fxJKIJZv
In response to CVE-2026-33825 (BlueHammer patch),
The RedSun, a new unpatched windows defender EoP vulnerability has been publicly disclosed and can be found here -
https://t.co/4nRcWSbuBv
In collaboration with a couple of other leaders in the industry we are releasing https://t.co/Kssdre4HiX - It's an attempt to provide transparency about role levels, expectations and (just for the US market currently, salary ranges). For leaders writing JDs and candidates alike.
meet VMkatz, https://t.co/eza4AXRuFT
someone built a device that DETECTS when FEDS is SPYING on your phone nearby
its called rayhunter, made by the EFF, and it costs $20
you buy a cheap mobile hotspot from amazon, flash it with their open source software, and carry it in your pocket
feds use devices called stingrays that pretend to be real cell towers so your phone connects to them instead, once connected they can track your EXACT location, grab your phone identity, and potentially intercept your calls and messages
counter-surveillance equipment used to cost THOUSANDS of $ and required serious technical knowledge
now its $20 and fits in your pocket
New post on the MDSec blog and another Windows EoP....
RIP RegPwn - https://t.co/o9PjCQAvx5
Saying goodbye to a much loved EoP, by @filip_dragovic
Your EDR just coerced itself. 🫠
Drop a crafted LNK → MsSense.exe makes a CreateFile call → machine account hands over its Net-NTLMv2 hash over WebDAV → relay to LDAP → Shadow Credentials or RBCD.
No user interaction. No exotic exploit. Just vibes and a shortcut file.
If you're running Microsoft Defender for Endpoint, this one is literally about you. 👀
Full attack + detection breakdown 👇 https://t.co/wUsR1cHuZP
#purpleteam #MDE #NTLMcoercion #detectionengineering
404 page to RCE. A report by @spaceraccoonsec
He chained two old CVEs to achieve RCE:
- Found a 404 page mentioning an obscure CMS, discovered /josso/signin login
- Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy
- Reached an unprotected JBoss web console on localhost (CVE-2007-1036)
- Exploited Java deserialization with jexboss tool for full RCE
Full report 👇
https://t.co/3Cera6pL9w
Malware Development Basics: DLL Injection EDR Evasion: Hiding an elephant in the closet
https://t.co/sahYYN6b3G
Hey guys! Here’s my latest research. I've dubbed it: Living off the Process😺. I wanted to leverage already existing artifacts in a remote process to execute shellcode. We will hunt for ROP gadgets, assembly stubs, preexisting RWX memory, etc!
https://t.co/qStiQvblxr
#Voidlink, A new era of malware has arrived! We discovered that the framework was built nearly end-to-end using agentic AI. It stands as an alarming example of what experienced actors are capable of using artificial intelligence.
https://t.co/4cGE620Nrd
Small update on "printerbugnew:" added a description of how to exploit CVE-2025-54918: DCs running 2025 allow reflection RPC->LDAPS - from a standard user to DA before patch😃 https://t.co/MWXfrkZBev
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
📞 Microsoft fixed an authenticated RCE in Windows Telephony Service (CVE-2026-20931), discovered by our researcher Sergey Bliznyuk @justbronzebee
Read the write-up: https://t.co/nNsMGF1hLK
My book "Pentesting Active Directory and Windows-based Infrastructure" is on sale.
Practical AD attack & defense. No fluff. Limited time.
Just released a new @SpecterOps blog! I discovered that during client push in SCCM env's it's possible to remotely start WebClient and coerce HTTP from site servers for a relay to LDAP resulting in hierarchy takeover when WebClient is installed! 🫠
https://t.co/4LTRtkogQr
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers