Rahman

96 posts

Rahman

Rahman

@0xRhman

Hacking & DFIR

::1 Katılım Nisan 2020
320 Takip Edilen24 Takipçiler
Rahman retweetledi
Steven Lim
Steven Lim@0x534c·
😭𝗘𝗮𝘀𝘆𝗧𝗼𝗸𝗲𝗻𝘀: 𝗞𝗮𝗹𝗶𝟯𝟲𝟱 - 𝗘𝘃𝗶𝗹𝗧𝗼𝗸𝗲𝗻𝘀 𝗥𝗲𝗽𝗹𝗶𝗰𝗮 EasyTokens is a red-team tool that emulates 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗱𝗲𝘃𝗶𝗰𝗲-𝗰𝗼𝗱𝗲 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗮𝘁𝘁𝗮𝗰𝗸𝘀, capturing OAuth access and refresh tokens after victims complete legitimate Microsoft authentication, allowing operators to access Microsoft Graph resources such as email and OneDrive without stealing passwords. Architecture -The project consists of: • Python backend services • SQLite token storage • Nginx reverse proxy • Victim enrollment pages • Operator dashboard • Microsoft Graph integration for searching emails and OneDrive content • Relay node functionality for distributed deployments github.com/secdev02/EasyT… #RedTeamTool #EasyTokens #DeviceCodePhishing
English
1
24
97
6.8K
Panos Gkatziroulis 🦄
🔴 Red Teams do all the crazy things like using AI agents to dump host-based EDR rules .etc Meanwhile, threat actors ⤵️
Panos Gkatziroulis 🦄 tweet media
English
5
7
70
7K
Rahman retweetledi
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭
⚡ INTRODUCING: T3MP3ST!!! ⚡ AUTONOMOUS HACKBOT STRIKE FORCE 🌩️ BRING THE STORM 🌩️ your favorite coding agent is now a full-stack red team 🫡⚔️ github.com/elder-plinius/… that AI agent already humming in your terminal? well now it has FANGS. strap a full offensive-security harness onto the agents you already pay for — Claude Code, Codex, Hermes, etc. — point it at an authorized target, and in a few clicks you're watching it hunt real vulns autonomously! T3MP3ST is a harness of harnesses, with prompting that unlocks offensive-cyber workflows + a full arsenal of exploit tooling that'd make any seasoned hacker smirk. simple, yet powerful. 🦾 support for: 🕸️ web apps, APIs, OWASP Top 10 🔌 network recon + fingerprinting (live nmap/DNS/HTTP); lateral + privesc experimental 📂 source code audits, white-box vuln hunting 🚩 CTFs, wargames, challenge ranges 💰 smart contracts / DeFi / Solidity (reproduction — Damn Vulnerable DeFi, not novel discovery) 🤖 embedded, IoT, OT/SCADA, robotics OSS … and more in development! now let's talk numbers 👇 📊 XBEN — XBOW's own 104-challenge suite: • black-box: 90.1% pass@1 from the single-agent exploit loop (worst single sweep 91/104 = 87.5%) — clearing XBOW's past self-reported 85% on their own suite. gpt-5.5. • white-box (source staged, reported separately): 98.7% pass@1, worst single sweep 102/104 = 98.1%. 🎯 every solved flag graded reported-vs-expected against the challenge's own committed flag oracle — `verify-claims` recomputes the pass/fail from committed artifacts. looks like we need new benchmarks 😏 🧩 Cybench — the 40-task academic bench (Opus 4.8, hints + writeups stripped): 23/40 = 58% single-run, hint-free pass@1 — real exploits (format-string pwn, eval-jail escapes, crypto oracles), every flag graded vs a committed oracle. (Anthropic reports 76.5% pass@10) 🕳️ CVE-Zero — we pointed it COLD at real CVEs disclosed in 2026, AFTER the model's training cutoff: 10 unseen 2026 CVEs across 7 languages — prompts never tuned on them. a single agent pinned 8/10 to exact file/line/CWE (stable under re-scoring); the full pack surfaced all 10. memorization AND overfitting, both off the table — it's finding real vulns whose disclosures landed AFTER the model's training cutoff. (n=10, reported honest & directional) 🧠 the architecture: either run as a SINGLE agent (already the benchmarked, incredibly-capable path) — or pack-hunt with dozens of agents running on 8 specialist operator classes keyed to Cyber Kill Chain + MITRE ATT&CK phases: recon → scan → exploit → lateral → exfil → persistence → C2 → report. ⚓️an Op Admiral plans the whole op from a plain-english target. flip on coordination (experimental) and the operators share a blackboard — a tool-verified finding spawns the next move. full swarm or solo one operator, your call. the admiral can also update the prompts, tools, and configs of the other agents on the fly, and T3MP3ST gets stronger the more memories you build! 🧰 the Arsenal is comprehensive — nmap / nuclei / semgrep / ffuf / gobuster + more. 35 wired by default (the clean bench runs bash-only for a comparable number), 83 with the opt-in full arsenal (T3MP3ST_FULL_ARSENAL), and the spicy post-ex drivers (metasploit, hydra) gated behind human approval. exposed via CLI + HTTP API; recon (security_recon) is also live over MCP so your agent invokes it natively. 🔗 🛰️ where this goes: a self-improving swarm of specialist operators wielding a full Kali+ arsenal, learning which loadouts + configs are the most efficient tactics available, WITH a held-out train/test split baked in so it can never fool itself on its own eval. built in the open, one re-derivable number at a time. 🚧 this is v1, and parts are still under active development. chunks of the arsenal, the coordinated swarm, and some ranges are still being wired up. it's built in the open, and the receipts tell you exactly what's live vs what's roadmap. offensive security shouldn't be pay-to-play. T3MP3ST puts a red team in the hands of anyone with a coding agent. what's the first target you're feeding it? 👇 ⚠️ DISCLAIMER: FOR AUTHORIZED USE ONLY. point it only at systems you own or have explicit written permission to test. unauthorized access can be a crime, and that call is yours alone. shipped as-is under AGPL-3.0: no warranty, no liability, zero endorsement of misuse. get permission. stay in scope. open source. AGPL-3.0. 100% free. FORTES FORTUNA IUVAT 🌩️ gg 🫡
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet media
English
211
570
4.4K
427.9K
Rahman retweetledi
Panos Gkatziroulis 🦄
Feature-rich single-binary file server for red teamers and developers. A powerful python3 -m http.server replacement ✅HTTP/S ✅WebDAV ✅FTP/SFTP ✅SMB ✅LDAP/S ✅NTLM hash capture ✅DNS/SMTP callbacks ✅TLS · Auth · Share links 🔗 github.com/goshs-labs/gos…
English
0
27
76
3.5K
Rahman retweetledi
Abdul Mhanni
Abdul Mhanni@abdo_mhanni·
During an engagement, and in an effort to bypass Crowdstrike, I figured out a new method to locally privilege escalate when having code execution as a Microsoft Virtual account using only a LoLbin(certreq) and some AD-CS magic. I was successfully able to compromise the target with Crowdstrike present without needing to use potatoe class exploits. I wrote a blog about it here! abdulmhsblog.com/posts/iammachi…
English
4
79
369
18.4K
Rahman retweetledi
Panos Gkatziroulis 🦄
Panos Gkatziroulis 🦄@ipurple·
Automated BYOVD hunting pipeline - Scans Windows kernel drivers for dangerous imports, extracts IOCTL dispatch surfaces, cross-references against: ✅ LOLDrivers ✅ MS Blocklist ✅ KDU github.com/diabloidyobane…
English
0
34
105
5.2K
Rahman retweetledi
Panos Gkatziroulis 🦄
Panos Gkatziroulis 🦄@ipurple·
NOW - a C tool that converts raw shellcode bytes into human-readable English text - either a plain list of codewords or fluent natural-looking prose with sentences and paragraphs. The output looks like ordinary writing, not hex dumps or base64 blobs. github.com/NirvanaOn/NOW
English
7
19
96
4.9K
Rahman
Rahman@0xRhman·
@TwoSevenOneT Great work as always! Thank you for the article!
English
1
0
1
636
Rahman retweetledi
Two Seven One Three
Two Seven One Three@TwoSevenOneT·
New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker
Two Seven One Three tweet mediaTwo Seven One Three tweet mediaTwo Seven One Three tweet media
English
24
180
759
116.2K
Rahman retweetledi
vx-underground
vx-underground@vxunderground·
Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies. If you're a stinky GitHub and VSCode nerd maybe you'll understand. tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github blog.ammaraskar.com/github-token-s…
English
34
237
2.1K
115.6K
Rahman retweetledi
Son Luong
Son Luong@sluongng·
Codex just found a “workaround” of not having sudo on my pc…
Son Luong tweet media
English
342
1.1K
16.2K
1.6M
Rahman retweetledi
Andre Gironda
Andre Gironda@AndreGironda·
Windows DNS Client RCE -- CVE-2026-41096 POC -- qdcount=0, a DNS OPT resource record (type 41), and 0xff bytes via example response -- github.com/satchfunky/CVE…
English
2
69
247
23K
Theo - t3.gg
Theo - t3.gg@theo·
Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?
English
348
983
6.8K
781.5K
Rahman retweetledi
V4bel
V4bel@v4bel·
💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io
GIF
English
41
697
2.1K
536.3K
Rahman retweetledi
Panos Gkatziroulis 🦄
📉 𝐂𝐲𝐛𝐞𝐫 𝐬𝐢𝐠𝐧𝐚𝐥 𝐢𝐬 𝐝𝐫𝐨𝐩𝐩𝐢𝐧𝐠. 📈 𝐀𝐈 𝐧𝐨𝐢𝐬𝐞 𝐢𝐬 𝐫𝐢𝐬𝐢𝐧𝐠. To help, I created a list of active cybersecurity blogs written by people who still publish real research. If you follow any of these already (or have gems I should add), let me know. 📌github.com/netbiosX/Cyber…
English
2
23
91
7.2K
Rahman retweetledi
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: isc.sans.edu/diary/32954
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
287
2.3K
13.2K
1.1M
Rahman retweetledi
Haidar
Haidar@haider_kabibo·
So here is new local privilege escalation zero-day I discovered, not patched yet too :). In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint. Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client. In the white paper below, I describe five exploit paths you can abuse. However it's architecture problem and maybe there are more. It's Not A Potato securelist.com/phantomrpc-rpc…
English
16
164
785
51.1K
Rahman retweetledi
Moritz
Moritz@m_r_tz·
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD
English
6
401
1.3K
65.7K