Walter.Legowski @SadProcessor
Purple PowerShell & Hazy Windows You Are Here Joined February 2016-
Tweets3K
-
Followers5K
-
Following212
-
Likes3K
I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March. If you are interested in getting credentials from LSASS without accessing its memory, check it out! medium.com/specter-ops-po…
I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec! posts.specterops.io/rooting-out-ri…
🚨 Did you miss the news? @merill, @Thomas_Live and I just released maester, the #Microsoft #Security test automation framework! 🛡️ Give it a try today. maester.dev
▶️ Invoke-WhateverYouLike - Building the tools you dream of with PowerShell ◀️ ▶️ The Dog Ate My Homework - A new chapter in my BloodHound adventures with PowerShell ◀️ @SadProcessor will be speaking during #PSConfEU 2024 🎟️🔗 psconf.eu #PowerShell
New lab 🏰 for the GOAD project 🥳: SCCM You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware. More information here: mayfly277.github.io/posts/SCCM-LAB… Repository here : github.com/Orange-Cyberde… Thx again @KenjiEndo15 for your help to building this !
#BloodHound v5.8.0 is live now! This release includes support for .zip ingest, clearing the graph database natively, ADCS ESC4, and more! @SpecterOps support.bloodhoundenterprise.io/hc/en-us/artic…
How does MS Exchange on-premises compromise Active Directory? Check out @Jonas_B_K's latest blog to learn what permissions Exchange has in AD that an attacker can abuse to compromise the domain & what organizations can do to prevent that. ghst.ly/3x551kd
Luckily, auditing app permissions in your tenant is easy with ROADrecon, which (unlike the Azure/Entra portal) has an easy overview for all the app permissions granted to other apps in your tenant. Reachable via the Service Principals item or the Application Roles in the menu.
"Summoning RAGnarok With Your Nemesis" posts.specterops.io/summoning-ragn… I detail how we built a a Nemesis powered Retrieval-Augmented Generation (RAG) chatbot PoC, code now public at github.com/GhostPack/Ragn… ! Fun example of how to build on top of Nemesis' functionality.
Early birds ready for trainings at #SOCON2024
Thank you to everyone who joined us for a SOLD OUT #SOCON2024 summit! 💜💚 Keep an eye on the website for updates: specterops.io/so-con
Thirsty panelist at #SOCON2024
Last talks today at #SOCON2024 are mine and @SadProcessor's #BloodHound operator. If you're struggling to decide, consider this: Mine is closer to happy hour 🍺 🍔.
Gorgeous Panel Talk on “Garding your Identity” at #SOCON2024
Gorgeous view on DC at #SOCON2024…
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Florian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeDirectoryRanger @DirectoryRanger
31K Followers 100 Following This account assembles and disseminates information related to Active Directory and Windows security.Dr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)mRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistGrzegorz Tworek @0gtweet
29K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-b33f | 🇺🇦✊ @FuzzySec
32K Followers 843 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsDirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Jeffrey Snover @jsnover
63K Followers 1K Following Jeffrey Snover: Google Distinguished Engineer / PowerShell Inventor / Science geek.bohops @bohops
13K Followers 454 Following Full StackOverflow Developer | Security Researcher | Red/PurpleVincent Le Toux (Pari.. @mysmartlogon
11K Followers 56 Following Author of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.Oddvar Moe @Oddvarmoe
19K Followers 1K Following Red Teamer @TrustedSec | MS MVP | Speaker | Security Researcher | Blogger | Total n00b & always learning | UNC1194 | Tinkerer | Gamer I try to inspire!Adam @Hexacorn
24K Followers 1K Following Red Brain, Blue Fingers [email protected] https://t.co/Bm0C9KQDDY RIP TwitterFilip Dragovic @filip_dragovic
6K Followers 1K FollowingFabian Bader @fabian_bader
7K Followers 650 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]🥝🏳️🌈 Be.. @gentilkiwi
62K Followers 278 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employerDarren Acrey @derwood
77 Followers 743 Following Security Analyst. Hubby and Daddy-O. Tasty beer drinker. Lover of the outdoorsmoldyacorn @moldyAcorn
3 Followers 138 Following ✝ Love dogs. Overly proud of my Honda Civic Si. I try to do security stuff.Juergen Hasslauer @JHasslauer
5 Followers 58 FollowingCarlos Mayorga @MayorgTech
296 Followers 2K Following System Administrator | Working on transitioning to CybesecurityJaysus @JayInfoSec
714 Followers 3K Following Detection Engineer 🦸♂️| DFIR 🔎 | SOC Wizard | BLUE TEAM 🧢 | Threat Hunter 🏹 | Mathematics 🔢 | False Positive Aficionado🪤 |id3m @id33m
3 Followers 46 FollowingJB @JB257920
3 Followers 67 FollowingKris Bogaerts @BogaertsKris
44 Followers 426 FollowingKishan Savant @kishansavant1
11 Followers 40 FollowingRohan Bhise @rohanbhise836
1 Followers 72 FollowingStephen Hinck (he/him.. @StephenHinck
836 Followers 462 Following InfoSec pro turned customer success advocate - I love helping others succeed. Statements are my own.MOR DAVID @m0rd4vid
8 Followers 308 Following Cyber Security Expert & Red Teamer with 5+ Years of Experience.Socratest @TheReaITester
4 Followers 131 FollowingCharley ☠ @charleytonge
7 Followers 773 Following Red Team | Vulnerability Research & Exploit Dev | Mal Dev & RE 🗡️hatchet @hatchet_v_1
27 Followers 427 FollowingBamBam @obscure_sin
6 Followers 610 FollowingErik Mortimer @bytefl0w
217 Followers 442 Following Penetration Tester | Software Dev turned Ethical Hacker 👨🏻💻 Securing one byte at a time.Jazz Singh Gill @Jazz_Singh_Gill
911 Followers 3K Following Native Memphian, TN. Gen Z. ADHD. Neutral Evil. Eagle Scout. @pdsmemphis '06 @musowls '12 @RhodesCollege BA'16,MS'17 @GeorgetownMSF '21. Fortune40alum. 💯club💯Crucifilth @Crucifilthxion
12 Followers 120 Followingd0g0x01 @0xff6a
29 Followers 259 FollowingAdam Brown @coffeegist
795 Followers 524 Following {Code - Coffee - Hacking} - I’m just here for the laughsThijs Bosschert @ThiceNL
1K Followers 192 Following Security, IR & SOC professional. Escape room & game creator. Sometimes plays CTFs with Eindbazen, Jobless Hackers & Spotless. I do all my own stunts.Rayan Bouyaiche @ Ins.. @rayanlecat
1K Followers 680 Following Active Directory & Cloud hacking enthusiast, CTF @phreaks2600 and pentester @secnumcloudOIHEC hackers @HackersOIHEC
43K Followers 7K Following Hacker mexicano - Fundador de OIHEC antes OMHE - #opensoc #latam #speaker #pentester #blueteam #redteam #criptoanarquista #securityHtet Naing Lin @htetnainglin123
41 Followers 453 FollowingKhaled Esheh @KhaledEsheh
57 Followers 2K FollowingDuane Michael @subat0mik
869 Followers 465 Following Adversary Simulation Operator, Researcher, Teacher, Leader @SpecterOpsNADIMنديم كدي�.. @Nadimkadiwala
99 Followers 801 FollowingHermyo @H3rmy0
56 Followers 417 Followingdarthmrvader @darthmrvader
183 Followers 700 Following Hacker in training | Hampton U grad | 1906 | Lover of food, films, and fotografypeter_ry @peterry14968
33 Followers 56 FollowingDrucilla @nededde18983
106 Followers 902 FollowingCyberhawk @cyber_warriors7
245 Followers 2K FollowingCody Thomas @its_a_feature_
7K Followers 276 Following Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected]Kay Daskalakis @KayDaskalakis
47 Followers 144 Following 🛡️ Visually helping to spread the message #DefenceInDepth starts with #Identity @SpecterOps - Tweets, satire and harmless opinions are my own.Ryan Zagrodnik @TheL0singEdge
387 Followers 2K Following Legal Criminal | Electronics Enthusiast | Virtual Commercial Airline Pilot | Dog & Cats Rescuer | Cofounder https://t.co/eGvbEA8SUE @[email protected]Serag Adeen Fouzi @AdeenFouzi
275 Followers 3K Following🛸Mayank Sharma🏴.. @ping_mayank
361 Followers 4K Following Application Security Engineer 🛡️ | Product Security, Red Team Enthusiast 🚀 | Cloud Security Researcher 🌐 🏢 | Crew @Cloudvillage_dc- Defcon 31Pr@$#@_2024 @PrashPrash63766
155 Followers 2K FollowingFlorian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeDr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)b33f | 🇺🇦✊ @FuzzySec
32K Followers 843 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsDirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.Charlie Bromberg « .. @_nwodtuhs
13K Followers 648 Following Trying to hack the way we hack things 🏴☠️rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Oliver Lyak @ly4k_
8K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KIJeffrey Snover @jsnover
63K Followers 1K Following Jeffrey Snover: Google Distinguished Engineer / PowerShell Inventor / Science geek.bohops @bohops
13K Followers 454 Following Full StackOverflow Developer | Security Researcher | Red/PurpleDominic Chell 👻 @domchell
16K Followers 531 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOklVincent Le Toux (Pari.. @mysmartlogon
11K Followers 56 Following Author of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.James Forshaw @tiraniddo
48K Followers 364 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]Steve Syfuhs @SteveSyfuhs
17K Followers 2K Following Windows and Authentication at Microsoft. Developer. Mostly dog pictures. Might actually be two dogs in a trench coat. 🇺🇸 / 🇨🇦 @syfuhs.net on blue skyOddvar Moe @Oddvarmoe
19K Followers 1K Following Red Teamer @TrustedSec | MS MVP | Speaker | Security Researcher | Blogger | Total n00b & always learning | UNC1194 | Tinkerer | Gamer I try to inspire!Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Agapios Tsolakis @s1kal0st
114 Followers 750 Following Defensive Specialist at @falconforceteam | aka l1intheheartStephen Hinck (he/him.. @StephenHinck
836 Followers 462 Following InfoSec pro turned customer success advocate - I love helping others succeed. Statements are my own.Jamie Williams @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Martin Sohn @martinsohndk
319 Followers 150 Following BloodHound Enterprise Technical Account Manager @SpecterOpsLuemmelSec @theluemmel
6K Followers 485 Following I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBnJames O'Neill (@james.. @jamesoneill
1K Followers 194 Following Microsoftie emeritus, Scuba diver, father of 2, pentax camera lover and F1 nut. @[email protected]CCob🏴�.. @_EthicalChaos_
8K Followers 413 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksCCharlie Clark @exploitph
5K Followers 1K FollowingJake Hildreth @horse@.. @dotdotdotHorse
974 Followers 1K Following @JimSycurity liker If you actually want to interact with me: Mastodon - https://t.co/XMVOGGxl6h LinkedIn - https://t.co/ofwXdPbOCMFabian Bader @fabian_bader
7K Followers 650 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]JMP RSP @0xffhh
408 Followers 346 Following offensive security addict. @falconforceteam co-founder. speed maniac.Jos @0xFFJP
115 Followers 143 Following Hacking is like hammering. It's only illegal if you hit something without permission.Gijs H @gijs_h
242 Followers 236 FollowingSpeaker 25 @rodtrent
15K Followers 2K Following Christian. Husband. Father. Runner. Speaker. Author. Cyber and AI @Microsoft. Copilot for Security. Dude/BroDave Cossa @G0ldenGunSec
2K Followers 241 Following Adversary Simulation @xforcered / Frequent reader of the first page of Google results / Occasional reader of the second page of Google resultsThomas Naunheim @Thomas_Live
5K Followers 485 Following #Microsoft MVP | #CloudSecurity Architect ☁️ | #Entra #AzureAD 🔑 + #AzureSecurity 🛡️ | #CommunityRocks | #SchaengelATTL4S @DaniLJ94
3K Followers 636 Following I like spending time understanding things | @NCCGroupInfosecJo Dalton @Cyb3rUnic0rn
1K Followers 438 Following Passionate about Cyber Sec! Consultant, Speaker, Student & Stand-Up! Changing the world one sensible question at a time. Unhackable = Unicorn. Opinions my ownOhm-I (Oh My) @mcohmi
7K Followers 2K Following Nerdcore (https://t.co/c2TiVKDx3j @npccollective) | Hacker (https://t.co/a9EOmRd8cC) | Senior Sec Consultant @bishopfox | PhD candidate @DakotaState | 🏳️🌈spotheplanet @spotheplanet
11K Followers 138 Following Hacking the planet at https://t.co/ifUgKQtEYV. Buy me a vinyl at https://t.co/SO41y55HJLHendrik Schmidt @hendrks_
223 Followers 125 Followingcmprmsd @cmprmsd
31 Followers 148 Following I rant... and also I blog about solutions to problems vendors are too lazy to fix or features they are not interested in but which help me stay productive.Sebastian @0xB455
294 Followers 315 Following retired eSports pioneer; nowadays dwelling in the #infosec realms; offensive guy; 20y+ in security; occasionally blogging @ https://t.co/2v0NG2niap; LVL 3 dadAbleton @Ableton
311K Followers 2K Following We make creative tools for a global community of artists and learners to get started and go further as music makers.Archillect @archillect
2.9M Followers 1 Following The ocular engine. Sources: @archillinks https://t.co/U7Oh7xumQpTobiasPSP @TobiasPSP
3K Followers 200 Following Microsoft MVP, ISESteroids, https://t.co/2SwpC4GDRv, PowerShell trainings & consultantAdam @Hexacorn
24K Followers 1K Following Red Brain, Blue Fingers [email protected] https://t.co/Bm0C9KQDDY RIP Twitterʎppɐɯɔ @cmaddalena
2K Followers 523 Following I prefer to make things | https://t.co/7l8uQlu0bY | Author of Printing Props (https://t.co/9b6KNMaV1L)David Rowe @davidprowe
628 Followers 378 Following Diving deep into Cloud Security. Avid Reader. North Shore beach bum, husband, and father. Views and comments are my own https://t.co/OEc21bdFWs :linkedinAdil Leghari @adilio
658 Followers 330 Following Lover of all things #PowerShell & Automation. Slayer of Passwords. Professional Solutioneer & Blabbermouth @Okta. views = own.Philip Tsukerman @PhilipTsukerman
3K Followers 79 Following I sometimes tweet about security stuff. Pondering whether to turn this into a music-focused account instead...Olaf Hartong @olafhartong
16K Followers 934 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model | https://t.co/bKZGWDNkDJ | https://t.co/5KkGf4YykTIf you want to get started with BloodHound CE, then I highly recommend reading this awesome blog post by @m4lwhere. It's a great resource to kickstart your journey! m4lwhere.medium.com/the-ultimate-g…
Microsoft Graph Activity Logs are out of public preview and now generally available. These have quickly become one of my favourite log sources for both detections and investigations, some guidance and example hunting queries here - techcommunity.microsoft.com/t5/microsoft-e…
Wow! Thank so much to you all at #PSHSummit, that means a lot to me! 🥰 Honestly, it feels like cheating when the community is always there to support your crazy ideas and help you make it successful!
Congrats @gaelcolas Winner of the inaugural Don Jones Community Leadership award
For those transitioning over to Microsoft Graph PowerShell @merill and many others have been working hard to put together a heap of useful cmdlets to help admins day to day, if you haven't seen the Microsoft Identity Tools, check them out - aka.ms/msid
And if you didn't get the chance to see the presentation at the PowerShell conference yesterday, no problem: Join me at the @PSConfEU in June where I will talk about maester
Finally made it to the team member page on @SpecterOps "About Us" page. Yes my picture looks like I work at Asda and am about to offer to carry your bags to your car... but still classing this as my win for the month 🤣specterops.io/about/team/
Friends and followers, As you may have noticed, I’ve taken an extended absence from X lately. As the Fresh Prince of Bel Air said, “My life got flipped turned upside down”. I sincerely appreciate those of you who reached out to check if I was ok, or even alive.
SCCM lab write up 📝 started: mayfly277.github.io/categories/scc… - Part 0x1 : Basic Recon & PXE exploit mayfly277.github.io/posts/SCCM-LAB… - Part 0x2 : Low user exploitation mayfly277.github.io/posts/SCCM-LAB…
This new book has finally arrived. Thank's to @nostarch as well as @billpollock for making it happen as well as @Lee_Holmes as my tech reviewer.
This is a HUGE deal. If you've ever purchased a #BloodHound shirt or otherwise donated to @MDAorg, your money has gone towards making this happen.
BREAKING NEWS: #MDA’s funding of foundational research leads to new drug approval by the @US_FDA of Duvyzat (Givinostat) to treat children and adolescents living with #DMD. Duvyzat (Givinostat) will be made available in the US by ITF Therapeutics: mda.org/press-releases…
Can a DHCP administrator become a domain administrator? Well, as it turns out, sometimes it sure can. 🥴 In our latest blog post, see how Akamai researchers discovered a new PrivEsc technique affecting Active Directory. Full write-up: akamai.com/blog/security-…
I've always recommend the free Microsoft 365 developer subscription as a great way to learn. Having it locked behind a 600 EUR to 3k EUR minimum cost is going to hurt Identity Security learning capabilities for everyone. Very sad to see it like this. devblogs.microsoft.com/microsoft365de…
First con talk done. Was scarier than I thought, but in a good way! Looking forward to doing it again! Also excited that I’ll be joining @SpecterOps in April. This is a team that I’ve wanted to work with ever since the company started. I’ve used so many of their revolutionary…
I'm pumped to announce the release of Misconfiguration Manager, a knowledge base and how-to for both offensive and defensive SCCM attack path management, that @subat0mik, @garrfoster, and I have been working on! Check it out and let us know what you think! posts.specterops.io/misconfigurati…
Watching @mcbroom_evan diving deep into his reverse engineering research into LSA internals, including new info on how to obtain and use credentials WITHOUT reading lsass.exe's memory! 🔥 #SOCON2024
@SadProcessor Nervous AF!! :D Can relax now and enjoy a few beers tonight!
I finally caved and bought a Flipper Zero. Whilst it's useful, there's a fair few bits of it that aren't particularly well explained. Let's start with the Mifare Classic reading! What's it doing, and how is it doing it?
Are you finding it cumbersome to use #EntraIDPIM ? I typically use PIM up to 10 times a day going into different roles in different environments. I created a script to be able to PIM with ease, you can find it here: powershellgallery.com/packages/invok… Test it and let me know how it goes :)…