Daniel
@0x64616e
Followers
2K
Following
134
Media
50
Statuses
2K
To the monsters we're the monsters.
Germany
Joined September 2021
RT @SpecterOps: Cookie theft has evolved. 🍪. Over the last year, stealing cookies on Windows devices has changed significantly for Chromium….
specterops.io
Explore how cookie theft has evolved in Chromium browsers with the shift from DPAPI to App-Bound encryption. This post breaks down modern cookie stealing techniques via COM, remote debugging, and...
0
75
0
RT @rebane2001: i've finally got a new blogpost out!!. this one talks about modern CSS, it's new features, and practical real world uses. a….
lyra.horse
An overview of what makes modern CSS so awesome.
0
45
0
RT @quarkslab: You finally pwned the Holy Confluence server. What now? Create a user? Reset a password? .🚨Best way to trigger an alert.What….
0
15
0
RT @IAMERICAbooted: I suspect authentication method downgrades may cause havoc in 2026, similar to what @mrgretzky says. Here's a handy da….
0
5
0
RT @j_zere: Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover". You can read….
zere.es
Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were...
0
107
0
RT @haider_kabibo: I found that using RegQueryMultipleValuesW to read sensitive registry values bypasses nearly all the EDRs I tested. Alon….
0
49
0
RT @CICADA8Research: Hi Friends! We continue our series of articles about RPC and impacket. In the second part, we looked at tools that can….
cicada-8.medium.com
How to find a RPC server on the system and how to secure that : )
0
34
0
RT @sapirxfed: New Entra CTF by @wiz_io 🫡.I tried it and it's so fun!!!.
cloudsecuritychampionship.com
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
0
7
0
RT @cyb3rops: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 | by Kevin Beaumont. .
doublepulsar.com
A look into what action Netscaler customers need to take ASAP.
0
97
0
RT @SpecterOps: In today’s installment of #BloodHoundBasics from Carlo Alcantara: Labels and Tags. 🏷️. With the Privilege Zones feature, la….
0
1
0
RT @RedByte1337: @Cyb3rMonk Yes, I had a call with Microsoft yesterday. They have indeed taken quite drastic measures here and decided to….
0
7
0
RT @garethheyes: I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now explo….
0
84
0
RT @YuG0rd: BadSuccessor is dead… or is it?. The patch for CVE-2025-53779 fixed the priv-esc. While no longer a vulnerability, the tactic s….
akamai.com
Read about Microsoft’s patch for BadSuccessor — a vulnerability in Windows Server Active Directory — and learn why its underlying mechanics still matter.
0
32
0
RT @_dirkjan: It seems there now is a BOF implementation of ADSyncDecrypt to dump Entra ID connect creds 👀.
github.com
The ADSyncDump BOF is a port of Dirkjan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencies. - Paradoxis/ADSyncDump-BOF
0
83
0
RT @netbiosX: Request device ticket/token using the device's MSA
github.com
Request device ticket/token using the device's MSA - dirkjanm/DeviceToken
0
11
0
RT @lowercase_drm: Need more testing but now, the TGS request raises a generic Kerberos error . RIP 👼. #CVE-2025-53….
0
11
0
RT @TwoSevenOneT: #malware."clipup.exe" in System32 is very powerful. It can destroy the executable file of the EDR service 😉. Experimentin….
0
105
0
RT @IAMERICAbooted: eDiscovery Manager.eDiscovery Admin.Compliance Administrator.Information Protection.Insider Risk Management.Data Securi….
0
8
0