Пастухов Алексей

28 posts

Пастухов Алексей

Пастухов Алексей

@ssteelfactor

Katılım Mayıs 2026
22 Takip Edilen5 Takipçiler
Пастухов Алексей
@vkrajacic Absolutly, С n program management, especially memory, it is like a blade. In inexperienced hands, it's dangerous; in experienced - it's a local tactical weapon
English
0
0
2
520
Vjekoslav Krajačić
Vjekoslav Krajačić@vkrajacic·
I still use C and manual memory management. Not because it's fun (although it is, especially while learning), but because it's faster. Writing assembly is probably reserved for hardcore optimizers, but reading assembly is still a valuable skill that every programmer can benefit from.
Antonio Sarosi@antoniosarosi

Before C, someone writing assembly would say "hand-writing" assembly is fun. Before Java someone would say manually allocating memory in C is fun. Just accept that coding has been abstracted and it will not come back, the minimum building block now is architecture components.

English
20
25
642
28.6K
Пастухов Алексей
@Sarthak4Alpha 1.printf() must return int-value, missing validation; 2. missing "\n" as C11's standart requires; 3. declaration of " int main(){return 0;} " is permitted but not entirely correct from an ideological standpoint.
English
1
0
1
1.2K
Sarthak
Sarthak@Sarthak4Alpha·
99.9% of software engineers can't find the bug in this code.
Sarthak tweet media
English
94
15
303
48K
🕳
🕳@sekurlsa_pw·
Quick 'n dirty BloodHound ecosystem overview. The different ingestors, collectors, analysis tools. There might be things missing. gist.github.com/gitgotgitgotit…
🕳 tweet media
English
4
34
113
16.8K
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
I spent countless nights thinking about it, I did everything to make you happy, what did I do to deserve such cruelty ?
Nightmare Eclipse tweet media
Microsoft Security Response Center@msftsecresponse

Today, we're proud to recognize the Top 100 Microsoft 2026 Most Valuable Researchers (MVRs). Security researchers play a critical role in helping protect customers by identifying and reporting vulnerabilities across Microsoft products and services. We're grateful for their partnership and the impact they have made over the past year. Congratulations to this year's Top 10 MVRs: 🥇C46F3708A45EF0041BD0A49DDAEA0E25 🥈ShinHyuiq & Alan Pang 🥉cherrypick 4. Brad Schlintz (@nmdhkr) 5. wtm (@wtm_offensi) 6. Asaf Cohen (XBREACH.AI) 7. bccc95a61a3cc79d7b2c4423c808f744 8. Felix B. 9. 142a423e2574abf10d65eba46891ca5e 9. Anonymous This year, we updated the MVR leaderboard to rank researchers based on total bounty awards, creating a clearer connection between recognition and security impact. We also introduced Special Mentions to recognize researchers who submitted valid vulnerability reports during the recognition period, regardless of leaderboard ranking. See our blog for the complete list of the Top 100 MSRC 2026 Most Valuable Researchers and the top researchers by bounty program: microsoft.com/en-us/msrc/blo… Thank you to every researcher who partnered with us this year to help protect customers worldwide.

English
60
124
2.3K
85.7K
Пастухов Алексей
Nice, but. "Hygiene" findings are underrated, the issues that never become an attack path but still rot the foundation. What gets me sad: the whole conversation lives at the graph layer : what BloodHound can and can't see. Almost nobody looks one level down, at the raw directory, it id very disappointed, the security descriptors, the ACE masks, the foreign SIDs sitting in the delegation attribute. That's the floor where hygiene actually lives, and you only see it if you read it directly.
English
0
0
0
32
SpecterOps
SpecterOps@SpecterOps·
We're back w/ another #BloodHoundBasics from Jacob Jackson! ⤵️ One of my favorite parts of BloodHound Enterprise is the Hygiene findings. Not every security issue shows up as an attack path but that doesn't make it any less important. 🧵: 1/3
SpecterOps tweet media
English
3
2
9
2.5K
Пастухов Алексей
Nice work, SoaPy transport's clean. But the stealth's in the ADWS protocol, not the tool, run remotely it still lands in Event 1644 + 9389 Sysmon hit. github.com/ssteelfactor-o… the broader, opposite bet: not a layer over ADWS/SoaPy but native Windows internals directly, read-only, detectable by design.
English
0
0
1
71
Пастухов Алексей
Пастухов Алексей@ssteelfactor·
ETAC it's cool but it's basically just hiding parts of one big shared graph from people who shouldn't see them. The thing I like about my project Kestrel is you skip all that -one small read-only tool, normal user, one environment, one local file etc. Nobody's to lock anything down after, because you only ever see what you could already see. You lose the big cross-environment picture, but you get a way simpler setup
English
0
0
0
9
SpecterOps
SpecterOps@SpecterOps·
In today’s #BloodHoundBasics from Carlo Alcantara, we cover Environment Targeted Access Control (ETAC) for Enterprise users. Read-Only & User roles now support environment-based visibility via the “Manage Users” page. Simply select which environments each user can access. 1/2
SpecterOps tweet media
English
2
1
8
2.8K
Пастухов Алексей
Have been digging into two of COM’s most obscure mechanisms: the Running Object Table (ROT) and the Global Interface Table (GIT). Not from the usual API surface, but from the inside: object layout, memory patterns, allocator footprints, and how Windows actually keeps these pieces alive. If you work with low-level Windows internals, COM, reverse engineering, or debugging strange cross-apartment behavior, this may be interesting. Notes and articles: ssteelfactor-oss.github.io #WindowsInternals #COM #ReverseEngineering #MalwareAnalysis #Debugging #WinAPI #LowLevel #WindowsDev
English
0
0
0
47
Пастухов Алексей
Пастухов Алексей@ssteelfactor·
Groups resolved by RID, not by name. Domain Admins = DomainSID + 512. Works on EN/RU/DE/any language domain. No hardcoded "Domain Admins" string. No locale dependency. This is how BloodHound does it. Took a while to figure out. #WindowsSecurity #RedTeam #Kestrel
English
0
0
0
24
Пастухов Алексей
Пастухов Алексей@ssteelfactor·
Kestrel v0.1-v0.3: → ADWS endpoint detection (port 9389/TCP per DC) → Computer topology via SPN decoding → Delegation risks: unconstrained / constrained / S4U2Self → LAPS coverage (legacy + Windows LAPS 2023+) → Stale computers via lastLogonTimestamp → ACL edge extraction via IDirectoryObject → Transitive group membership via LDAP_MATCHING_RULE_IN_CHAIN All passive. All read-only. Zero packets to target hosts. #WindowsSecurity #RedTeam #Kestrel #COM
English
0
0
0
16
Пастухов Алексей
Пастухов Алексей@ssteelfactor·
Direct COM vtable calls in C: IDirectorySearch *pSearch = 0; ADsGetObject(path, &IID_IDirectorySearch, &pSearch); pSearch->lpVtbl->ExecuteSearch(pSearch, filter, attrs, n, &h); From the wire: authenticated LDAP bind + paged search. Exactly what every domain workstation produces. #WindowsSecurity #C #BloodHound
English
0
0
0
12