Antonio Cocomazzi

1.8K posts

Antonio Cocomazzi

@splinter_code

offensive security - windows internals | BlueSky: https://t.co/ytvJCoaF2c | Mastodon: https://t.co/hNIHa6L14d

Italy Katılım Ağustos 2016

325 Takip Edilen9.4K Takipçiler

Sabitlenmiş Tweet

Antonio Cocomazzi@splinter_code·3 Kas

The slides of our joint research talk “10 Years of Windows Privilege Escalation with Potatoes” at #POC2023 are out! 👉 github.com/antonioCoco/in… cc @decoder_it

English

148

379

47.7K

Antonio Cocomazzi retweetledi

diversenok@diversenok_zero·6 Mar

> A new Project Zero blog post by James Forshaw projectzero.google/2026/02/gphfh-… Me: Oh hey, I recognize this function! UIAccess + GetProcessHandleFromHwnd / NtUserGetWindowProcessHandle were the core of my CVE-2021-31951 EoP 😋 So some fixes leading to v3 actually date a bit earlier

English

4.1K

Antonio Cocomazzi retweetledi

Insomni'hack@1ns0mn1h4ck·27 Şub

@decoder_it breaks down reflection attacks and their impact on enterprise security in this new talk at #INSO26. Are you interested in how modern authentication flow works? So this talk is for you! Save your spot: ow.ly/cCr450Ykak4 #Infosec #INSO26 #CyberConference

English

1.1K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·25 Şub

Just dropped a short post on why some classic NTLM relay tricks seems to be dead on Server 2025. decoder.cloud/2026/02/25/wha…

English

201

13.4K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·24 Kas

Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅decoder.cloud/2025/11/24/ref…

English

233

20.5K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·29 Eki

Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploitin… 🙃

English

182

16.7K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·24 Eki

Remember the CredMarshalInfo trick? If you hadn’t applied the June 2025 patch, CVE-2025-33073 would have been critical. We know that in NTLM local auth, msg 3 is empty:You can drop sign/seal -> from Domain User to DomainAdmin escalation. 😅

English

225

18.5K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·21 Eki

my simple poc: github.com/decoder-it/pri…

English

3.4K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·21 Eki

Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used. Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.

English

284

19K

Antonio Cocomazzi retweetledi

diversenok@diversenok_zero·25 Mar

Better socket handle visibility coming soon to @SystemInformer 🔥 When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩

English

117

12.3K

Antonio Cocomazzi@splinter_code·10 Eyl

Apply here → sentinelone.com/jobs/?gh_jid=6… Happy to chat if you want to learn more.

English

545

Antonio Cocomazzi@splinter_code·10 Eyl

The role is opened in multiple locations in Europe (we’re hiring across Italy, Spain, Poland, Czech Republic, Slovakia and France), with optional relocation support to Czechia if you'd prefer to move (must be eligible to work in the EU already at the time of applying).

English

573

Antonio Cocomazzi@splinter_code·10 Eyl

I’m hiring Staff Windows Security Researchers to join my XAT (eXploits and Anti-Tampering) team at @SentinelOne! 🔥 👉 sentinelone.com/jobs/?gh_jid=6… More details 👇

English

3.1K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·9 Eyl

In my long history of submissions, I think this is the first time one has been marked as critical😅

English

6.3K

Antonio Cocomazzi retweetledi

Cyber Saiyan | RomHack Conference, Training, Camp@cybersaiyanIT·7 Tem

Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 romhack.io/romhack-confer… #infosec #securityconference

Cyber Saiyan | RomHack Conference, Training, Camp tweet media

Rome, Lazio 🇮🇹 English

11K

Antonio Cocomazzi retweetledi

Andrea P@decoder_it·24 Nis

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

English

150

350

19.5K

Antonio Cocomazzi retweetledi

Microsoft Threat Intelligence@MsftSecIntel·8 Nis

Microsoft has discovered post-compromise exploitation of CVE 2025-29824, a zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS), against a small number of targets. msft.it/6019qIVV9

English

119

302

71.2K

Antonio Cocomazzi retweetledi

Elad Shamir@elad_shamir·9 Nis

NTLM relay is still a major threat and is now even easier to abuse. We just added new NTLM relay edges to BloodHound to help defenders fix and attackers think in graphs. Read my detailed post - the most comprehensive guide on NTLM relay & the new edges: ghst.ly/4lv3E31

English

111

258

21.4K

Antonio Cocomazzi retweetledi

Boris Larin@oct0xor·26 Mar

We (me + @2igosha) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll” securelist.com/operation-foru…

English

282

37.2K

Antonio Cocomazzi retweetledi

Raffaele Sabato@syrion89·26 Mar

Check out our new blog post!

SentinelOne@SentinelOne

🍎🚨🕵️‍♂️ The notoriously elusive macOS malware, ReaderUpdate, is back — stealthier than ever. @philofishal and @syrion89 uncover how ReaderUpdate Reforged blends Go, Crystal, Nim, and Rust into a potent mix. 📄 This new research from SentinelOne exposes how these new variants are spreading and how you can protect your organization. Stay informed. Stay secure. Dive into the research: s1.ai/readup

English

1.6K

Keşfet

@decoder_it @SystemInformer @SentinelOne @2igosha @elonmusk @BarackObama @taylorswift13 @cristiano