Mohamed M.Fouad

I created this PDF including in-depth technical details about NFC technologies and how they relate to physical security assessments. #nfc #rfid #CyberSecurity #Pentesting #redteam #BugBounty #physicalsecurity github.com/Flash162011/NF…

In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

[CVE-2024-21096] mysqldump rce : ) learn form defcon32

Important Annonucement: @BuguardLLC offers free migration from #Israel security products. We invite all the #Arabian solutions providers to collaborate. #CyberSecurity

بضم صوتي لصوت أخي @Voulnet لو تعرف أي شركة اسرائيلية او بتدعم اسرائيل في مجال أمن المعلومات ياريت تكتبها وتعمل منشن لحساب محمد. زي ما بيبلغو عن الموظفين الداعمين لفلسطين لشركاتهم فا يلا بقي نقلبها بنفس نظام اللعب القذر

@0x4148 Congratulations 🎉

Passed Offsec Experienced Penetration Tester (OSEP) certification exam. Seems like Twitter has an issue with the new rex OS([CW][PE]|EP) ¯\_(ツ)_/¯

Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.). Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.

Liquid Intelligent Technologies has acquired a Cairo-based cloud and cyber security provider, Cysiv MEA in bid to boost its African presence. dlvr.it/SlDc5w

It's 2023, CrackMapExec can now dump DPAPI credentials as a core feature !🚀 This is possible thanks to the work of @_zblurx and his library dploot ! He also added a module to dump firefox passwords 🔥 Pushed on @porchetta_ind v5.4.5 Bruce Wayne 🪂 No excuse, DA everytime, 🔽

HoaxShell Beta - Integrated with RevShells.com - A new collection of payloads with some unique concepts has been added by @t3l3machus - More features, and automatic payload generation is coming soon! - - #infosec #cybersecurity #bugbountytips #CTF

APT-29 (Cozy Bear) Adversary Simulation Progress... #redteam #adversary #APT29 #MITRE #CALDERA #cybersecurity

@5yx Congratulations 🎉

Bloodhound python from @_dirkjan is now integrated to CrackMapExec as a core feature 🔥 ▶️ cme ldap <ip_dc> -u user -p pass --bloodhound Enjoy this one, more juicy features to come soon 💪 Pushed on @porchetta_ind thanks to the sponsors as always 🪂

After FIN6 Adversary Simulation I did another Russians APT-28 (Fancy Bear) Adversary Simulation. From Initial Execution -> Persistence -> defense evasion -> credential access (Kerberoasting) -> lateral Movement -> Data Exfilteration. linkedin.com/posts/mohamed-…

APT-28 (Fancy Bear) Adversary Simulation Progress... From Initial Execution -> Persistence -> defense evasion -> credential access (Kerberoasting) Still lateral movement and data exfiltration... #redteam #adversary #APT28

Woah the new versions of jadx allow you to generate pure @fridadotre snippets from Java functions. Pretty useful when RE Android apps. Here's an example of what it generates: #BugBounty tip

🪄 Introducing HTTPie AI, a new way to interact with APIs 👉 httpie.ai

@Lemonitup You're welcome

@Flash162011 Thanks!

I did a short demo for 70% of FIN6 APT adversary simulation TTPs on a local AD environment from discovery to data exfiltration assuming a breach with an initial foothold inside the domain. #redteam #FIN6 #infosec #adversary #Mitreattack #APT #informationsecurity

@Lemonitup It's Mitre CALDERA framework

@Flash162011 Which platform is this? I can’t find anything about it on google.