Tiago Sintra @henshinpt
Code breaker Portugal Joined March 2014-
Tweets255
-
Followers386
-
Following133
-
Likes772
Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer 🥳🎉 This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication. github.com/p0dalirius/Coe…
Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay DC authentication to ADCS? Don't worry MS-DFSNM have your back ;) github.com/Wh04m1001/DFSC…
Insecure Features in PDFs. We analyzed legitimate PDF features leading to 1. Denial of Service 2. Information Disclosure 3. Data Manipulation 4. and Code Execution (NDSS'21 Paper). web-in-security.blogspot.com/2021/01/insecu… /cc @jensvoid Dominik Noss, @v_mladenov, @JoergSchwenk
New Year's special - learn how to take full control of your neighbor's router with @pedrib1337 and @RabbitPro! youtube.com/watch?v=zjafMP…
Want to get more credits for SecurityTrails API™? Just retweet this tweet and you will get 100 RECURRING API CREDITS 🎉 Ends 28 Nov 2020, 3pm EST. Make sure we can PM you to ask for the email address you signed up with.
Checkout my new writeup on how could a website steal all your Firefox cookies remotely 📱🐛. CVE-2020-15647: Arbitrary local file access in Firefox for Android #MobileSecurity #AndroidSecurity #Android #BugBounty medium.com/@kanytu/firefo…
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM (slides inside) blog.orange.tw/2020/09/how-i-… #HITCON
Introducing FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking mdsec.co.uk/2020/08/firewa… by @peterwintrsmith #redteam #firewalker #MDSec
We have an announcement about our Cracking the Perimeter course. CTP will be retired this year, with the last date for purchase being October 15, 2020. Please read our update for info about what's happening and why: offs.ec/2FmmD01
I'm just gonna leave this here... some EPIC work from @peterwintrsmith with some kind CS support from @buffaloverflow... in process CLR for @armitagehacker's Cobalt Strike
My F5 BIG-IP Unauth Remote Command Execution (CVE-2020-5902). Please update your software. ptsecurity.com/ww-en/about/ne…
Here is a CNA script for abusing the print spooler named pipe impersonation trick by @itm4n Useful to get SYSTEM with only SeImpersonatePrivilege and can be used as an alternative to getsystem. Came in handy recently and wanted to share the ❤️ github.com/rxwx/spoolsyst…
My blogpost on CVE-2020-1317 I was holding this for a while. cyberark.com/resources/thre…
I've managed to forget about how crazy the world is right now and focus purely on source code review, hunting and exploiting bugs for 48 hours and got myself #OSWE certified! Another fine course from @offsectraining! 🥳
TamperETW, x64 PoC to demonstrate how CLR ETW events can be tampered or filtered before being submitted. Based on great research by @MDSecLabs / @_xpn_ on hiding .NET assemblies from ETW. github.com/outflanknl/Tam…
This is the most comprehensive analysis I've seen so far about Covid-19 and how different countries are handling it. Governments need to start taking serious measures to contain this now medium.com/@tomaspueyo/co…
ICYMI - @0xthirteen released MoveKit and StayKit, a collection of aggressor scripts, .NET projects, and templates to enhance lateral movement and persistence on your engagements. Link: posts.specterops.io/move-faster-st… MoveKit: github.com/0xthirteen/Mov… StayKit: github.com/0xthirteen/Sta…
Added another round of seats for #RedTeamOps !! These are the last ones I'll be able to add for a while, so if you're planning on taking the course, grab it fast! zeropointsecurity.co.uk/courses/red-te…
André @0xacb
14K Followers 704 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiackmorisson @morisson
1K Followers 598 Following Breaker of bits. @BSidesLisbon founder and organiser. Mastodon: @[email protected] DISCLAIMER: Tweets are no one’s opinion, probably not even mine.HackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderNicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricksMicheal Koch @MichealKoc99058
141 Followers 3K FollowingSharpe @Sharpe_1984
0 Followers 50 FollowingFranky Goes To Hollyw.. @FatBadger699
44 Followers 411 FollowingMgC @FoxyVoske
79 Followers 2K Followingb0ker @b0ker1
0 Followers 6 Following@2600pt @2600pt
35 Followers 131 Following Twitter site for the Portugal @2600meetings. Join us at the Amoreiras Shopping in Lisbon, food court next to Portugalia. Every first Friday at 19h00.Jack Torrance @H3r3s_J0hnny
34 Followers 433 FollowingMichMich @MichMic24390592
0 Followers 18 Followingtest @firebasky
461 Followers 270 FollowingJosé Moreira @cusspvz
231 Followers 1K Following Software Architecture, Security and Infrastructure | Open-Source @mosanotech | my tweets express my personal opinion.li @Hsmoy2022
0 Followers 87 FollowingJohn @John87367619
10 Followers 112 FollowingReasonable_In🖊 @ResonableI
306 Followers 5K Following Billionaire bros, Anti - { Liberal, Feminist, Colonist, Communist, Sugardaddy, Protagonist, Capitalist, Socialist} Group of 34 guys using same acc😂bonito sorNick Popovich @pipefish_
2K Followers 1K Following Amateur Crastinator trying to go pro. Soli Deo gloria刘洪泉 @p3UWWrivBRWhrbO
0 Followers 8 FollowingCPLASF @cplasf6700
2 Followers 169 Following叶飞 @cocoyefei
11 Followers 608 FollowingHisxo @adrien_jeanneau
9K Followers 1K Following 📍 @yeswehack (aka Hisxo) - I love to break things (and I'm paid for that) - Bug Hunter 🔗 Check my Github repository https://t.co/Sj3prhiZyu #BugBountyJoão Biscaia Fraga @neat_terrain
124 Followers 1K Following Lover of God and life || Ethical hacker wannabe || Computer Science student || Martial Arts || Violinist0x_Mac @TheCyptoOracle
172 Followers 564 Following AI Sentient- 0xIdentities - Trust - Guidance - The Founding Council has been established.uhhh @uhhx19
97 Followers 1K FollowingYoussef Hach @Y0ceef
5 Followers 142 FollowingSickrov @sickrov
169 Followers 1K Following He loves Sushi, Pizza, Pastrami, Brisket, Monster and CTF's🏴☠️Francisco Farinha @frarinha
252 Followers 726 FollowingPrecious Waseni @PreciousWaseni
21 Followers 250 Following Bug Hunter | Cyber Security | Digital Forensics | CTF player | Ethical Hacker | Vulnerable MashinesTHOTH @THOTH_vv
249 Followers 781 FollowingEhetsham Ul Haq @EhetshamUl
4 Followers 566 FollowingT-bag @its_Kangara
328 Followers 3K Following Tweets about Cloud & Application Security, Bug hunting and Smart contracts audit. #FBPromac_ng @PromacN
5 Followers 103 FollowingRicardo Pinto @rjlpinto
155 Followers 691 Following Cybersecurity and InfoSec with Data Protection as pillars for the 2020 gen. CISM, ISO27001 LI, CISPP training, IT/OT, CIPP/E, CIPM.sn1p@s @snipasRR
42 Followers 439 FollowingPeruvilnmarketer @Hakerallison071
17 Followers 186 Following I got some recommendations for you on how you can earn massively through trading on short termssaad yehia @saadyehia74
7 Followers 649 FollowingPedroV @pjvenda@infos.. @pjvenda
250 Followers 356 Following I rant about my love for information security, Linux, engineering, science and cars & driving. Also PTP techie for many years. @[email protected]Andres Barrera @MrTechi_
151 Followers 365 Following Python Engineer Developer, InfoSec graduate (RHUL) Learning Big Data, DevSecOps/Application Security enthusiastic :DDegenSnap @indigokiddd
77 Followers 787 Followingpaullmq @paullmq8
11 Followers 567 FollowingTomás Lima @_tomaslima
62 Followers 352 FollowingCataa @Cataa75621533
1 Followers 119 FollowingAndré @0xacb
14K Followers 704 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiackvx-underground @vxunderground
293K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infectedmorisson @morisson
1K Followers 598 Following Breaker of bits. @BSidesLisbon founder and organiser. Mastodon: @[email protected] DISCLAIMER: Tweets are no one’s opinion, probably not even mine.shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteBSidesLisbon @Bsideslisbon
2K Followers 117 Following Portugal’s premier technical information security conference - 14-15 November 2024, Auditorio FMD-UL, Lisbon, Portugal @[email protected]HackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderNicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricksSwissky @pentest_swissky
17K Followers 2K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafGPentesterLab @PentesterLab
154K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!SecurityTrails, A Rec.. @securitytrails
13K Followers 2K Following Security Trails was acquired by Recorded Future. To see what's new, visit @RecordedFuture.James Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsFisher @Regala_
10K Followers 470 Following Half hacker, half daydreamer. Mercenary for hire. Casabranca. Snarky tweets only. Opinions my ownX-C3LL @TheXC3LL
5K Followers 622 Following Just a biologist that loves to break cyber-stuff. Ka0labs / @AdeptsOf0xcc / ID-10-Ts member. 🦉Hugow @hugow_vincent
471 Followers 854 Following Security researcher && cat memes. Climb/fly sometimes 🪂ProjectDiscovery.io @pdiscoveryio
30K Followers 121 Following Making cybersecurity accessible to everyone. Join us for the security conference for all things open source: Hardly Strictly Security: https://t.co/R7NlVw3cBJHow Things Are Manufa.. @fastworkers6
877K Followers 10K Following This is official Twitter account for How Things Are Manufactured. Stay with usJoe Grand @joegrand
25K Followers 609 Following Hardware hacker, computer engineer, former L0pht member and juvenile delinquent, sometimes known as Kingpin.Trickest @trick3st
9K Followers 140 Following Enabling bug bounty hunters, penetration testers, and SecOps teams to build and automate workflows from start to finish.Arno0x0x @Arno0x0x
2K Followers 121 Following The difference between stupidity and genius is that genius has its limits.Nick Popovich @pipefish_
2K Followers 1K Following Amateur Crastinator trying to go pro. Soli Deo gloriaChetan Nayak (Brute R.. @NinjaParanoid
27K Followers 0 Following DarkVortex Founder | https://t.co/x8K5gzt2RG | Former RedTeam @CrowdStrike/@Mandiant/@niiconsultingThe Hacker's Choice (.. @hackerschoice
20K Followers 51 Following Not much activity here anymore, follow us at https://t.co/ZFXJjJAKvM security research group: The Hacker's Choice (1995). group account.Bad Sector Labs @badsectorlabs
6K Followers 440 Following Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]尺Ξn4tø 尺ødɿig.. @simps0n
3K Followers 235 Following ╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋ ◯ ⃝ ⃝ ⃝ ⌨ ⁰☠ ☂ ☺ ♬[email protected].. @honoki
7K Followers 2K Following cyber entomologist 🐛 hack for fun and profit 💰 amateur musician 🎹 occasional blogger @[email protected]Flashback Team @FlashbackPwn
4K Followers 3 Following Hacking team (@pedrib1337 + @RabbitPro), winners of Pwn2Own Tokyo 2020. We hack stuff and make videos: https://t.co/lqSIfETowBNicky Bloor @nickstadb
2K Followers 715 Following Coder, hacker, infosec researcher, adrenaline junkie. Once hiked Ben Nevis, Scafell Pike, and Snowdon in 22h 48m. Not a snake oil peddler.Jas502n @jas502n
9K Followers 1K Following ${jndi:dns://${hostName}.github.com/jas502n} Become Who You Arecpl @cpl3h
1K Followers 146 Following Intelligence - 1 Wisdom - 1 Charisma - 1 Persistence - 10 Luck - 10spotheplanet @spotheplanet
11K Followers 138 Following Hacking the planet at https://t.co/ifUgKQtEYV. Buy me a vinyl at https://t.co/SO41y55HJLXSS Payloads @XssPayloads
43K Followers 0 FollowingJoseph Cox @josephfcox
88K Followers 3K Following Hacking/crime/privacy journalist. Author of forthcoming DARK WIRE. Co-founder of @404mediaco. Signal: +44 20 8133 5190. Email: [email protected]Matt Hand @matterpreter
9K Followers 290 Following Director, Security Research @preludeorg 💜 | Author of Evading EDR https://t.co/E5fs0sSTOv 📖 | Adversary tradecraft & windows internals 🦠Cn33liz @Cneelis
13K Followers 597 Following Red teamer @ Outflank. Passionate about networking and cybersecurity | father of two superheroes.b4rtik @b4rtik
2K Followers 237 Following Sometimes pentester, sometimes sysadmin. OST Developer at @OutflankNL . eCPPT eCPTX eWPTTravis Biehn @tbiehn
138 Followers 0 Following Travis Biehn is lost in a single pane of glass fun-house.ippsec @ippsec
111K Followers 352 FollowingPedro Ribeiro @pedrib1337
8K Followers 309 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn44CON @44CON
11K Followers 82 Following UK's best combined Information Security Conference and training event. Newsletter https://t.co/2P1WTeSK4E run by @alien8 https://t.co/lXrBRhPg83Dominic Chell 👻 @domchell
16K Followers 532 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOklRedDrip Team @RedDrip7
15K Followers 29 Following Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.PwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WPsych0tr1a @Psych0tr1a
2K Followers 199 Following Bughunter, web-application security researcher, penetration tester from https://t.co/6wN1ZxJei8samy kamkar @samykamkar
63K Followers 4K Following think bad, do good. | https://t.co/1k7O9o2Gos | cofounder @openpathsecWe’re giving you TWO ways to WIN a one-of-a-kind GeForce RTX 4080 SUPER signed by NVIDIA CEO, and founder, Jensen Huang 👀 If you’re at CES head to our partner booths to enter 👉 nvidia.com/en-us/geforce/… Want to WIN here on social? ⚫Comment #RTXSUPER ⚫Like this post
I updated the EDR telemetry project with corrected telemetry and new additions! See below the changes and upcoming EDRs: ✅ Corrected Trend Micro Telemetry ✅ Corrected ESET Telemetry 🌟 Added Qualys EDR 🎯New Additions Coming Up: 🔜 Sophos EDR 🔜 Cortex EDR Vendors are…
Citrixbleed: On Oct 10th, Citrix announced a security advisory for CVE-2023-4966, a sensitive information disclosure bug marked as CVSS 9.4 affecting Netscaler Gateway. The security research team at @assetnote was able to reproduce the vulnerability. Blog post here:…
Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇
Automatically extract URL and IP endpoints from Android app to a txt file using apk2url Fast and useful tool for pentesters, bug bounty hunters, or malware analyst github.com/n0mi1k/apk2url
🚨🚨🚨 Whatever you were thinking about CVE-2023-20198 (#Cisco IOS EX) it's 100x worst. We used @TalosSecurity IOC check and found ~30k implants. That's 30k devices infected (routers, switches, VPNs), under the control of threat actors. That's excluding rebooted devices.
ChatGPT can now see, hear, and speak. Rolling out over next two weeks, Plus users will be able to have voice conversations with ChatGPT (iOS & Android) and to include images in conversations (all platforms). openai.com/blog/chatgpt-c…
How can we run arbitrary code without allocating/overwriting executable memory? We "borrow" (abuse) instructions from ntdll.dll! x86matthew.com/view_post?id=w…
💎🔨 Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization, by Piotr Bazydło (@chudyPB)
Persistence Techniques That Persist cyberark.com/resources/thre…
Fancy Defender evasion? Yet another method, nearly bare hands: 1. Export CurrentControlSet to a file 2. Edit path in a file 3. Import a file as new ControlSet 4. Change "Select" values to new one 5. Reboot 6. Enjoy 😎 A side effect of my "Registry internals" session yesterday 😅
Phishing emails making use of the "search-ms" URI protocol handler to download malicious payload. trellix.com/en-us/about/ne… ClickOnce APT Group also use these technology. <script> window.location.href = 'search-ms:query=Review&crumb=location: \\\\domain@SSL\…
XXE inside a SOAP node: <soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://0x0:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
KRBUACBypass By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can easily bypass UAC and gain SYSTEM privileges. github.com/wh0amitz/KRBUA… Details: tiraniddo.dev/2022/03/bypass… #infosec #pentesting #redteam
"A-Red-Teamer-diaries: RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements." #infosec #pentest #redteam github.com/ihebski/A-Red-…
Hunting for Nginx Alias Traversals in the wild labs.hakaioffsec.com/nginx-alias-tr…
Powerful The true dangers of sharing content online. The people that figures out how to combat this will become billionaires.
Pulling SYSTEM out of Windows GINA 🪟: a 0day vuln giving pre-auth SYSTEM shell on domain computers managed by @manageengine ADSelfService Plus
Good article. This is a large issue that I often catch in penetration tests. It’s also a teams default. 👇 Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware | JUMPSEC LABS labs.jumpsec.com/advisory-idor-…