Olivia
Online
Spencer McIntyre
@zeroSteiner
Views are my own.
Cleveland, Ohio
Joined March 2011
920 Following
2.8K Followers
649 Posts
Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup + @metasploit module available now!
🔗https://t.co/VAYLxZ6o1b
I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.
@_RastaMouse @metasploit The Block API then changed to use the Length field instead of MaximumLength so it wouldn't be tricked into using a planted value in memory.
We'd occassionally get reports of what was fundamentally the same issue e.g. https://t.co/UqBqGkirID 2/2
FWIW, @metasploit made an update to how ror13 hashes are calculated for the first time in (I think?) over a decade to address some limitations in the block API we were running into.
Created a small .NET tool for ROR13 hashing that you can install to add a global command to cmd/pwsh. It's a lifesaver if you just need some quick hashes.
Who to follow
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
Mr.Un1k0d3r
@MrUn1k0d3r
I don't know how to search on Google so I do research on my own and tweet about it. Hacking as a life style
https://t.co/a05mevChzu
Beau Bullock
@dafthack
Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH
@_RastaMouse @metasploit The ROR13 calculation was switched to use an "IV" of 0 by default, and the module name hash is used as the IV when calculating the function name hash. Framework now randomizes the IV at assembly time so the ROR13 hashes aren't hard-coded anymore 1/2
Catch this episode of Hacktics and Telemetry on Youtube, featuring our very own @zeroSteiner talking about the Metasploit MCP!
https://t.co/Sq8azNqWJD
Active Directory Exploitation with Metasploit https://t.co/7voHc9C0Z6
This weeks wrap up is packed with new stuff including an MCP server, and new modules for relaying NTLM from HTTP to LDAP and a Copy Fail exploit with x64 and AARCH64 support https://t.co/ymF91y5pxA
The annual wrap-up for Metasploit Framework is out now, and it includes the entirety of stats for 2025. This wrap-up and its contents would not be possible without the participation and dedication of our contributors and researchers, and all of our thanks goes to them! Metasploit Framework wouldn't be the same without you, thank you. https://t.co/guhMFZSxfW
From Zero to Shell: Hunting Critical Vulnerabilities in AVideo
https://t.co/pShNsxoMSR
New NTLM relay dropped for MSSQL. Should see some SCCM modules to use it next. @unsigned_sh0rt gave me all kinds of ideas.
This week's wrap-up has some pretty rad MSSQL updates and a module for React2shell. Get it here: https://t.co/diw05fZ4y9
Metasploit also has a merged exploit with check for react2shell.
⌨️ module:
multi/http/react2shell_cve_2025_55182
📦 Dockerfile to test available in:
Data\exploits\react2shell_unauth_rce_cve_2025_55102
https://t.co/B9cwDsj9ph
New Metasploit module for CVE-2025-54236 (SessionReaper) - Unauthenticated RCE in Magento
https://t.co/mR8mSe1BSw
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
Come join @rapid7! I’m hiring for a Senior Security Researcher to join our team. You'll get to work on n-day analysis, zero-day research, exploit development, and more - focusing on enterprise software and appliances. Fully remote in the UK, details here: https://t.co/WpUxk5nqjI
Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: https://t.co/zvWDK8ab3s
Our @metasploit auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978) and then validate the creds: https://t.co/3uJG56aMx9
Today @rapid7 disclosed two vulns affecting NetScaler Console and NetScaler SDX, found by Senior Security Researcher Calum Hutton! 🎉 Our blog details the authenticated arbitrary file read vuln (CVE-2025-4365), and the authenticated arbitrary file write vuln (Which the vendor has not assigned a CVE for).
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers