Olivia
Online
whynotsecurity
@whynotsecurity
Joined November 2019
5 Following
652 Followers
15 Posts
Fresh off the #WayWest2022 Toolshed, dropping my new Office365 userenum technique against Federated tenants, check it out below!
B: https://t.co/1r2s6p684S
G: https://t.co/eccS8ChtCn
Time for another tool drop. This one I wrote a couple weeks ago for converting ldapdomaindump data to Bloodhound data. Currently only the bare minimum to get data uploaded into Bloodhound works.
B: https://t.co/Rce9eWbxRm
G: https://t.co/R1CKcVn5VR
Awhile back I wrote a tool to look for Windows registry files in a given haystack of data (.tar, .vhd, .vmdk). If impacket is installed, it will automatically secretsdump the found registry files.
B: https://t.co/y6vWhdgAwm
G: https://t.co/d0gsm8gXlN
XSS to RCE: Covert Target Websites into Payload Landing Pages, good introduction article by @knavesec
https://t.co/Qc97O1QBlp
Who to follow
/r/netsec
@_r_netsec
Follow for new posts submitted to the netsec subreddit. Unofficial.
Micah Van Deusen
@micahvandeusen
Offensive Security • Google / Mandiant • @[email protected]
Cody Thomas
@its_a_feature_
Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
XSS to RCE: Hosting your phishing payload on your client's website, a fun technique for boosting your phishing click rate based off a real attack from a known ransomware threat group
Blog: https://t.co/6Yf88uwFfR
Cool new way to make eyewitness web enum more opsec friendly, designed to bypass scan prevention techniques. Check it out!
EyeWitnessTheFitness: create a single Fireprox API that can pass thru to multiple web endpoints. No need to generate multiple APIs to do enum, more opsec friendly, and helps bypass scan prevention techniques that filter by IP
B: https://t.co/E9hNMkTNMi
G: https://t.co/6U69WH90gw
New APIs/syscalls for EDR bypass (@yarden_shafir), UAF browser exploit dev (@33y0re), PowerView replacement [EDD] (@FortyNorthSec), phishing banner defeat (@whynotsecurity), malware packer teardown (@fumik0_), NANDcromancy (@Atredis), and more! https://t.co/toXxXowrh9
Shoutout to @ldionmarcil for making it public. Phishing “external email” warning bypass POC and writeup #redteam
Since it was made public, time to release! Big "External Email" phishing warnings on Outlook webapp & client can be obfuscated with some simple CSS/HTML injections into your phishing email. Writeup, Remediations & POC: https://t.co/sSqilXg4Oe #RedTeam
New blog post going into the details about the potato exploits and SeImpersonatePrivilege. https://t.co/QEJRCSppUU
Introducing Credmaster! Easy & anonymous password spraying suite to beat throttle detections. Based on prior work by @ustayready with just a touch of extra research and features
Tool: https://t.co/XUfTrCvllU
Blogpost: https://t.co/8ROQomJpK5
The BloodHound Domain Password Audit Tool, the newest feature of Max. Run cracked password analysis to identify vulnerable groups, privileges and patterns using the power and information of BloodHound. Based off previous work by @OrOneEqualsOne https://t.co/s6bT6jFHVD
Go check this out, new Bloodhound attack primitive plus some updates to a great tool
Its national dog day, so naturally its time to release an update on Max! This update includes a new attack primitive with how it works, as well as some new features to a few of the old functions for better data extraction. Post: https://t.co/zroMYKMfuR
Back with a new blog post, step up your Bloodhound game with Max! Makes it far easier to extract information and interact with the database https://t.co/Q0i6keZWMR
@SwiftOnSecurity Correct, any user is allowed to read the keys.
We are announcing our new blog with a post about Teamviewer and storing user passwords encrypted and not hashed allow for easy plaintext retrieval from the Windows registry.
https://t.co/GQpaQwO6ve
Last Seen Users on Sotwe
AyÇokKalın
Seen from Turkey
Brown Desi Sissy Gay Boi
Seen from Oman
Black sexy mood
Seen from Netherlands
Pasivo Culon Venezolano🇻🇪en Ecuador🇪🇨
Seen from Venezuela
sexation
Seen from South Africa
Geceninelitonu
Seen from Turkey
Ömer Çelik
Seen from Netherlands
😉يوسف البغدادي🤫 🇮🇶
Seen from Egypt
LindyMan 
Seen from United States
AMATÖR TÜRK
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers