Opcode

2.5K posts

Opcode banner
Opcode

Opcode

@opcode_osi

Average Active Directory enjoyer

Katılım Şubat 2022
248 Takip Edilen139 Takipçiler
Sabitlenmiş Tweet
Opcode
Opcode@opcode_osi·
Top 5 on HTB was a huge checkmark on my bucket list. We're so back!
Hack The Box@hackthebox_eu

Let's give it up to the players who took the top spots in Season 10's leaderboard. In an absolute shock, we are seeing some new faces on here! Congrats xtk for going from rank #135 last Season to claiming the top spot. That is a jump for the record books. JaxT way to climb to the leaderboard for your very first time. Based on your history, it looks like you finally found the time to give it your all. And Pyp, you've made it to the top 10 in the winners' circle. Slow and steady wins the race; the top spot is within your grasp. Congrats to everyone who participated. We look forward to seeing you next Season. 🤘

English
4
1
44
1.1K
Opcode retweetledi
klez
klez@KlezVirus·
[TALK] My latest Black Hat Europe talk is now publicly available. If you can look past the painfully obvious anxiety and a speaker who occasionally sounds like his brain has stopped cooperating, you might find something useful. Who knows? youtube.com/watch?v=tOVcSc…
YouTube video
YouTube
English
5
35
141
11.2K
Opcode retweetledi
TrustedSec
TrustedSec@TrustedSec·
The CVE brain your #AI agent has been missing 🧠 In our new blog, @__mez0__ introduces Vulnify, an open-source tool that stitches eight authoritative vulnerability databases into a single offline source of truth for #CVE intelligence. Read it now! hubs.la/Q04p1ZGv0
English
2
18
48
6.9K
Opcode
Opcode@opcode_osi·
@NotDeGhost Aren't KOTHs ideal for LLM usage? I agree with Active Directory for now, but it won't be for long
English
0
0
0
28
Robert Chen
Robert Chen@NotDeGhost·
We think Jeopardy CTFs are dead, and are looking for new ideas: a new style of challenges that allows for a leaderboard indifferent to the presence of AI. As outlined in the blog, we think the AD and KOTH formats are a step in the right direction, although imperfect.
English
5
1
49
4.3K
Robert Chen
Robert Chen@NotDeGhost·
We're launching a $100,000 fund to save CTFs.
Robert Chen tweet media
English
17
108
639
61K
Opcode retweetledi
vx-underground
vx-underground@vxunderground·
> be me > get dm > "is this malware?" > "windows defender went crazy when i tried this video game mod" > download > look inside > not malware There is a function in Windows you can invoke called "GetAsyncKeyState". In simplest terms, this function waits for user input on the keyboard. When a key is pressed down GetAsyncKeyState tells you what was pressed down. GetAsyncKeyState is used frequently with video games. Using this function video games can determine ... what you're pressing. Likewise, GetAsyncKeyState can be used by legitimate software for when a user does a shortcut or something. There is a lot of legitimate use cases for this function. However, GetAsyncKeyState is also abused because GetAsyncKeyState is tells you what key on the keyboard is pressed down, GetAsyncKeyState is used as a way to record what users are typing. Typically the data returned from GetAsyncKeyState is piped to a text file. Other times malware developers may use GetAsyncKeyState to store recorded key strokes in-memory and then send it out externally to a remote computer. Regardless, this video game mod was invoking GetAsyncKeyState and filtering each key press to determine when the mod was triggered. In essence, it was scanning and waiting to determine if it is toggled on or off. Furthermore, after the mod was toggled on or off, it logged when it was turned off for debugging purposes. From Windows Defenders perspective it saw an unsigned and unverified library being arbitrarily loaded into a video game and, once loaded, it was scanning user keys and subsequently writing something to a text file. After bonking this video game mod with a stick we know it's not malware. However, this is a great example of false-positives in anti-malware services because, by all means, this mod does seemingly mimic something a malware payload would do. But it's not malware. It's just a silly video game mod for Baldurs Gate 3
vx-underground tweet media
English
47
152
4.2K
149.6K
Opcode retweetledi
Abdul Mhanni
Abdul Mhanni@abdo_mhanni·
During an engagement, and in an effort to bypass Crowdstrike, I figured out a new method to locally privilege escalate when having code execution as a Microsoft Virtual account using only a LoLbin(certreq) and some AD-CS magic. I was successfully able to compromise the target with Crowdstrike present without needing to use potatoe class exploits. I wrote a blog about it here! abdulmhsblog.com/posts/iammachi…
English
4
79
368
18.4K
Opcode retweetledi
ret2src
ret2src@ret2src·
Escalating from On-prem to Entra through MITM Attacks My colleague @0x64616e just published his latest research on lateral movement between on-premises Active Directory and Entra through DNS hijacking. Check it out: ➡️ securitylog.sva.de/2026/offsec/es…
English
2
64
186
32K
Opcode retweetledi
bynario
bynario@bynar_io·
Now that Canonical has fully patched CVE-2026-31694, we're sharing our code (along with a lil demo) for the FUSE LPE 🐧 Source @ github.com/BynarIO/pocs/t…
English
7
31
104
12.2K
Opcode retweetledi
vx-underground
vx-underground@vxunderground·
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDID unique to each device > GDID only change if OS wiped > Stokes GDID 6755467234350028 > GDID reported internet activity to Microsoft > GDID showed Stokes using Ngrok > GDID reported Stokes IP address > GDID showed Stokes web activity > GDID showed timestamps of web activity > GDID mapped with video game activity > GDID showed games played > GDID undocumented > GDID only mentioned in one MSDN document > Azure UCDOStatus > Azure Monitor Logging
vx-underground tweet media
English
255
1.4K
10.9K
1.3M
Opcode retweetledi
blasty
blasty@bl4sty·
more phresh linux LPE sl0pday being dropped at github.com/sgkdev (736b380e28d0) w00t w00t
English
6
21
121
10.2K
Opcode retweetledi
Toffy
Toffy@toffyrak·
GPOHound v1.1.0 is out! 🎉 This release adds the "sysvol", "ldap", and "parse" modules, along with several bug fixes and improvements. For more details: github.com/cogiceo/GPOHou…
Toffy tweet media
English
2
60
261
13.6K
Opcode retweetledi
Abdul Mhanni
Abdul Mhanni@abdo_mhanni·
Wrote a new blog about caveats with tools detecting(or mis detecting) relay exploit primitives against http(ESC8) and MSSQL endpoints. Kept noticing issues in tools reporting the absence or presence of vulns that I thought others may have noticed too abdulmhsblog.com/posts/pitfalls…
English
2
22
60
10K
Opcode retweetledi
Gynvael Coldwind
Gynvael Coldwind@gynvael·
AREA41 just published the recording from my pretty unusual talk: "Hacker Goes Speedrunning: Beating A 25 Hour Game In Under 2 Minutes" youtube.com/watch?v=OkL6RK… Enjoy!
YouTube video
YouTube
English
0
7
30
5.1K
VXUG Giveaways
VXUG Giveaways@vxgiveaways·
New giveaway alert Our friends at @synthient wanted to giveaway some goodies for you nerds 2x Synthient Researcher Accounts - $40k 4x Claude Pro 1 Year Subscriptions - $400 6x Twitter Premium 1 Year Subscriptions - $600 If you want to enter this giveaway please do the following Like the post, Comment what you want and why, and follow both @synthient and @vxgiveaways Goodluck to all, picking winners next week
English
159
30
228
24.8K
Opcode retweetledi
Alex Neff
Alex Neff@al3x_n3ff·
Onelogon: Taking over Active Directory Accounts via Netlogon🔑 We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵
Alex Neff tweet mediaAlex Neff tweet media
English
9
193
690
78.5K
Opcode retweetledi
Squidbleed
Squidbleed@Squidbleed·
The Squidbleed website is now live. A dedicated hub for CVE-2026-47729, technical breakdowns, vulnerability research, and future updates. Explore the story behind the 29-year-old bug. squidbleed.xyz A Calif Research Project. 🦑
English
13
7
45
16.4K