IT Guy
@T3chFalcon
Followers
14K
Following
14K
Media
271
Statuses
4K
Offensive Security Engineer
Navigating Digital Labyrinth
Joined November 2022
Simulated a Chollima-style npm backdoor based on @S3N4T0R_0X0 PoC. The moment npm install runs⦠you're compromised. Defender? Silent. Victim? Distracted by a fake frontend challenge. Breakdown: https://t.co/nPF8gu18Ya
#MalDev #RedTeam #APT
8
11
53
Should I ? π
@T3chFalcon Can you stop making these tweets please? They're making me feel uncomfortable.
7
0
13
Itβs nearly impossible to scrub them all surgically without breaking the OS. Windows is a diary that writes in permanent marker.
13
22
213
Here's something wild: Your laptop knows exactly how much data every single app has sent to the internet. Itβs called the System Resource Usage Monitor (SRUM). Windows logs the network usage of every process for the last 30-60 days to a database (SRUDB.dat). Forensics teams
23
149
1K
Did You Know? Uninstalling an app doesn't delete the proof that you ran it. Windows keeps a Ghost File for every program you execute to speed up loading times. Itβs called Prefetch. Located in C:\Windows\Prefetch, these .pf files log: The exact Date & Time you ran it. The
69
622
4K
11.5k? π³ But we're still celebrating 10k ππβ€οΈ
I remember when getting to 1000 followers felt impossible. Today, we are a community of 10,000. Thank you for trusting me with your timeline. π For those I haven't met yet: I'm @T3chFalcon, a Red Teamer obsessed with Offensive Security & Tradecraft. I spend my days simulating
5
1
46
The rabbit hole has no bottom. Once you start looking for the tracking mechanisms, you realize everything is designed to leave a breadcrumb.
23
66
578
Hollywood lied to you about "Ransom Notes." You think printing a letter keeps you anonymous? It doesn't. Your printer is a snitch. Almost every color laser printer secretly embeds invisible yellow dots on the page called the Machine Identification Code (MIC). It encodes:
The Printer Dots.
405
2K
15K
NO. We're just getting started ππ
Bro letβs just βfeelβ safe please ππ
5
0
53
You think running "Portable Chrome" or "Hacker Tools" from a USB drive keeps you invisible. It doesn't. The second you plug that drive in, Windows logs the Volume Serial Number to the Registry. When the Forensice analyst (or Feds) audit that machine, they see: Device
113
274
3K
I remember when getting to 1000 followers felt impossible. Today, we are a community of 10,000. Thank you for trusting me with your timeline. π For those I haven't met yet: I'm @T3chFalcon, a Red Teamer obsessed with Offensive Security & Tradecraft. I spend my days simulating
19
8
253
πββοΈ
Cybersecurity Guys please quote with your Spotify wrapped I wanna see your music taste
0
4
49
Bro had to send me a mail πππ Why Phones Are Worse 1. The "Cloud Sync" Nightmare Your laptop keeps the WiFi list on its hard drive. Your phone syncs it to the Cloud. Apple: Syncs via iCloud Keychain. Android: Syncs via Google Backup. Even if you smash your phone with a
You probably werenβt told this, butβ¦ Your laptop is keeping a travel diary of everywhere you have been for the last 5 years. Itβs called WLAN-AutoConfig. Every time you connect to WiFi, Windows logs: SSID (the network name) BSSID (the routerβs MAC) Timestamp of the connection
18
41
243
Congrats. Instead of a hidden binary Registry key, your 'evidence' is stored in a plain text file. var/log/syslog var/lib/NetworkManager .bash_history Forensics teams love you guys. They don't even need a hex editor to read your life. They just use cat. π
0
3
80
Congrats. Instead of a hidden binary Registry key, your 'evidence' is stored in a plain text file. var/log/syslog var/lib/NetworkManager .bash_history Forensics teams love you guys. They don't even need a hex editor to read your life. They just use cat. π
@T3chFalcon I use Linux.
80
92
1K
Open Command Prompt (Admin) and run: netsh wlan delete profile name=* That wipes it clean. But unless you script that to run on shutdown, the diary starts writing again tomorrow. π
4
15
165
Open Command Prompt (Admin) and run: netsh wlan delete profile name=* That wipes it clean. But unless you script that to run on shutdown, the diary starts writing again tomorrow. π
How do I clear it?
13
53
495