Denis Werner
@NOBBDInterested in IT security, CTFs, penetration testing, adversarial simulation and digital forensics. Once created https://t.co/JfBzrBNxu5 and wrote poems for @ENOFLAG
Similar User
@disclosedh1
@bogdantcaciuc7
@uraniumhacker
@zerocopter
@JR0ch17
@saamux
@princechaddha
@streaak
@niksthehacker
@Parth_Malhotra
@armaancrockroax
@dsopas
@vulnh0lic
@RakeshMane10
@smiegles
Ever wondered what other people submit to @Hacker0x01 ? Check out a list of publicly disclosed bugs here h1.nobbd.de #bugbounty
This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range. volexity.com/blog/2024/11/2… And yet... they got caught doing this!
Hey folks! The 2024 SANS Holiday Hack Challenge Act I has begun! Login here: sans.org/holidayhack. Once you get through orientation, you'll get your badge. Then do the first couple challenges (or skip them) & click on your badge for Act I, thusly:
Great read! 😈
Wow. This Pacific Rim report from @SophosXOps is mind-blowing, detailed, and terrifying. Tracking a threat actor, implanting the device they're doing vulnerability research on, and collecting telemetry/IOCs is an insane 4D chess move. Hats off. news.sophos.com/en-us/2024/10/…
Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. msft.it/6011W3CGX
I like me a "Blue screen of peace" on a Friday morning..
Wow. This Pacific Rim report from @SophosXOps is mind-blowing, detailed, and terrifying. Tracking a threat actor, implanting the device they're doing vulnerability research on, and collecting telemetry/IOCs is an insane 4D chess move. Hats off. news.sophos.com/en-us/2024/10/…
Today was a big day for the United States government and United Kingdom government. The Federal Bureau of Investigation and U.K. National Crime Agency’s (NCA) Cyber Division unveiled a massive, multi-year long investigation which has led to a catastrophic blow to Lockbit…
Inspiring research into race conditions in web applications by @albinowax Lot's of technical details, explanations and ideas for future research
We've just published 'Smashing the state machine: the true potential of web race conditions' by @albinowax! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class: portswigger.net/research/smash…
Trojanized installers for #3CX PBX software are the beginning of the SmoothOperator campaign, a multi-stage attack chain delivering infostealer malware at scale. s1.ai/SmoothOperator
🔒 #CybersecurityAlert 🚨: @CISAGov just released a new Cybersecurity Advisory from a recent Red Team assessment. We identified risks, weaknesses & gaps in a large critical infrastructure org. Learn actions to reduce risk from malicious actors. cisa.gov/news-events/cy…
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. hubs.la/Q01z2t0t0
If you want to do "ethical hacking" you should make sure that what you are doing is actually considered "ethical". Exfiltrating large amounts of sensitive files from victim systems while employing anti-vm techniques sure does make it look otherwise.
JUST IN: In a statement, the creator of counterfeit 'torchtriton' has apologized and stressed that their intent wasn't malicious. They claim collecting sensitive data, including keys and secrets—which they call a "wrong decision," was to better identify victims.
My last blog in 2022 💎 Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams 🎯 What you can learn from scanning adversaries' infra? michaelkoczwara.medium.com/adversaries-in… Happy Hunting and see you next year! 🤘
Great read and summarises the developments around the release of the AD CS whitepaper by SpecterOps last year.
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" posts.specterops.io/certificates-a… . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
Microsoft has discovered Raspberry Robin activity establishing its role in a complex, interconnected malware ecosystem that facilitates human-operated ransomware. Our latest blog details active operations and links to other malware and threat actors: msft.it/6011djXFR
After 18 months #RemotePotato0 has been silently fixed 🥳 The downgrade attack performed in the ResolveOxid2 response (part of DCOM activation) does not work anymore and with the October 22 patch the client always authenticates with level INTEGRITY during the IRemUnkown bind
United States Trends
- 1. Black Friday 579 B posts
- 2. $CUTO 9.652 posts
- 3. #TTPDTheAnthology 11,1 B posts
- 4. #TheOfficialTSTheErasTourBook 10,6 B posts
- 5. Aleppo 140 B posts
- 6. #FridayVibes 6.507 posts
- 7. Syria 179 B posts
- 8. #mnwildFirst N/A
- 9. Assad 109 B posts
- 10. #NativeAmericanHeritageDay N/A
- 11. Golden Cobra N/A
- 12. Poles 12,9 B posts
- 13. Earthworm Jim 2.029 posts
- 14. Merry Christmas 26 B posts
- 15. Good Friday 69 B posts
- 16. FROMIS TOO 2.031 posts
- 17. ISIS 46,3 B posts
- 18. Datsun 14,3 B posts
- 19. TODAY ONLY 84,4 B posts
- 20. George McCaskey 1.077 posts
Who to follow
-
publiclyDisclosed
@disclosedh1 -
Bogdan Tcaciuc
@bogdantcaciuc7 -
Uranium238
@uraniumhacker -
Zerocopter
@zerocopter -
Jasmin Landry
@JR0ch17 -
Samuel
@saamux -
pwnmachine
@princechaddha -
streaak
@streaak -
nikhil(niks)
@niksthehacker -
Parth Malhotra
@Parth_Malhotra -
Armaan Pathan
@armaancrockroax -
SØᴘᴀS
@dsopas -
Yogendra Jaiswal
@vulnh0lic -
Rakesh Mane
@RakeshMane10 -
Olivier Beg
@smiegles
Something went wrong.
Something went wrong.