mRr3b00t
@UK_Daniel_Card
Followers
92,540
Following
7,326
Media
66,509
Statuses
351,232
真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialist
London, Vauxhall
Joined April 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rio Grande do Sul
• 147269 Tweets
Boeing
• 126570 Tweets
Madonna
• 126523 Tweets
Nathan
• 115745 Tweets
Irak
• 66029 Tweets
Bhuvi
• 32793 Tweets
Marselino
• 24548 Tweets
Bruno Mars
• 23199 Tweets
#CHETOT
• 22128 Tweets
#الاهلي_ضمك
• 19339 Tweets
Guinea
• 18448 Tweets
زياد
• 18049 Tweets
Ange
• 16392 Tweets
Ernando
• 15728 Tweets
Canna
• 15469 Tweets
ALGS
• 13427 Tweets
Guillaume Meurice
• 12856 Tweets
Brasília
• 12345 Tweets
Sundowns
• 11032 Tweets
Pinned Tweet
Finally this MacBook Pro has a good OS installed on it 🫡
906
404
11K
You connect a device (Bluetooth) on a Mac and it pings an http server at Apple…
111
230
5K
god look at what they make you aspire to....
4 hours in a fucking coffee shop..
Seriously I can't think of anywhere worse to work.
1) it's not private
2) it's noisy
3) Tea at the cyber bunker is > anywhere else
4) mouse, keyboard + screen
5) xbox/consoles
6) family
7)
What stops you from working 4 hours straight in a coffee shop?
2K
107
3K
153
141
4K
Wait till people see what runs on planes/submarines 🤣
Be careful, elite cyber seals hide everywhere! Like the hordes of hackers on trains they lurk everywhere ;)
56
183
3K
reminder when you install windows it instantly has ERRORS in the event log...
this is no different in Server 2025
40
82
2K
twitter have rolled out audio calls on twitter using STUN.
Be warned if you call someone the recipient (and anyone in the traffic path) can see your egress IP.
Apple private relay does not cover this.
56
572
2K
################################
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
################################
now.. first questions...
how many devices in your enterprise do you have running a vulnerable version of SSH?
How many of these are internet
35
298
1K
Ok today we are inside the perimiter
We have options:
> LDAP/ADDS (TCP 389,636,3268,3269)
> Find the printers and continue the human printer war! TCP 9100,9101
> Look for network devices (SSH, HTTP and TELNET) 22,80,443,8443,23)
> Look for services like email (SMTP TCP 25)
>
44
231
1K
you wonder why no one takes security seriously??
it's because dick heads run around telling people shit like this... what the fuck is wrong with people....
67
59
1K
wanna see how most networks are?
we have found an exposed RDP server on the public internet.... we are going to fire a load of authentication attempts at the server!
hydra -l administrator -P /usr/share/wordlists/rockyou.txt -t 4 -I rdp://target
how long till we get caught?
42
166
1K
*looks at pineapple default guest address range*
13
44
1K
Mac life is odd 🤣
I basically have to RDP into a windows box to actually do actual work. The Mac is like the most expensive thin client in the fucking world 🤣
119
61
1K
XZ Uitls backdoor TLDR:
1) we don' know who did it (from a human pov) - we know the GitHub account that was used.
2) this was caught by a ninja and it didn't deploy to loads of stuff. Some linux distros like KALI managed to get infiltrated (the backdoor works on x86/x64 Linux
43
132
1K
COBALT STRIKE SERVER IP LIST
############################
139.9.41.156
39.105.4.90
115.159.50.50
141.98.81.98
192.227.234.140
106.54.228.198
159.203.67.15
20.163.176.140
119.91.195.178
106.52.244.189
124.223.200.131
80.85.154.37
107.173.15.230
123.60.74.61
40.77.86.17
53
133
942
Ok gang shall we talk about network discovery? When I say network, in this sense I mean environment: servers, pc devices, printers, switches, routers, firewalls etc etc
22
46
932
Everyone’s always talking about how to break into cyber security… I’m sitting here like how da fuck do I get out 🤣🤣🤣🤣🤣🤣🤣🤣
56
56
846
You walk into your kids bedroom and see this… what dot you do?
271
44
832
ISO27001
on the face of it - it's really sensible stuff....
so what's wrong with it?
50
149
839
I am getting to a point where I’m going to just say:
Orgs need to learn how to patch anything within 48 hours.
Many moons ago at UK large org I used to be able to patch the entire fleet largely at will within hours/days sometimes. (Depending upon the patch type)
The process
41
47
788
Some cool tools to use for Threat Intelligence:
33
164
758
mostly people run:
> BURP (a java app)
> NMAP (is compiled for every OS under the SUN!)
> Metasploit (works on MAC, Windows, Linux)
> a c2 framework (java)
> a c2 framework plus a web browser
> web browser (they all work on all OSs)
> Python
> WINRM/SSH/RDP
> VSCODE
> DOCKER
> A
16
97
691
Things the general public need to worry about: password re use and lack of MfA
Things they don’t need to worry about: juice jacking
19
16
700
APT 41 / BARIUM
Known to run:
"whoami.exe"
also launched via wmiexec (HOW DARE THEY!)
Better tell them they would be fired from a red team , I'm sure they will cry about that.... /S
Our industry is very odd.....
32
96
688
CMD PROMPT (find out whoami)
whoami
whoami /all
set
echo %username%
tasklist /v
cmd %username%
dsregcmd /status
klist
cmd.exe /c echo %username%
Powershell (whoami)
[Environment]::UserName
$env:USERNAME
gci env:* | sort-object name
ls env:USERNAME
gci env:USERNAME
gci env:*
ls
29
96
675
OMG LOL
someone tried to send me an email which spoofed....
MY OWN ADDRESS...
LULZ how stupid!
but also....
Let's take a look!
26
70
664
things I find in the wild... (vulnerabilities through misconfiguration)
I quite often see Windows DNS servers misconfigured to allow zone transfers from any host.
28
118
642
Helpdesk is the best starting point in infosec imho.
When people don’t do this they skip a fuck ton of cyber and business reality (imho)
72
69
652
Everything is a cyber attack until it’s dave changing the router config or a supply chain update 🤣
Anyone have an idea as to why 3/4 of all weather radar stations nationally are down? Coincidental timing with a major severe weather outbreak happening.
Another cyber attack? 🤔 🇨🇳 🇷🇺 🇮🇷
6
4
16
49
48
644
Russian actor using this IP:
182.172.56.199
do you know what gave them away?
their language setting in their browser ;)
pew pew
from Britian with love ;)
🇬🇧❤️
15
44
616
Today I was super excited to be awarded not just one, but two challenge coins from the
@NCSC
!
Thanks
@ollieatnowhere
and the teams at
@NCSC
,
@GOVUK
and
@Hacker0x01
!
105
17
638
most orgs don't have a CISO
most orgs don't have a SOC
most orgs don't have EDR
most orgs don't have a Sec Team
33
80
622
Oh no! Another organisation has just been a victim of ransomware what should I do? Let's post a list of things that people should do!
1. Risk Assessment - Identify vulnerabilities and threats specific to the hospital's environment.
2. Security Policies and Procedures - Enforce
29
125
603
DO NOT RUN THIS
while ($true) {
Start-Process powershell -ArgumentList "-NoExit"
}
72
42
601
lastpass breach update:
46
194
580
STOP TELLING PEOPLE SECURITY IS EASY! IT IS FUCKING NOT EASY!
65
54
563
you walk into work, you press CTRL + ALT + DELETE
you see this! what do you do?
#Ransomware
#Cyber
#Incidents
318
50
542
Security keys are shit reason 2!
This won’t display a keyboard for me to enter the PIN code.
93
27
544
How much does big tech spy on you? A fucking lot is probably a good starting point…
47
70
528
LULZ
@SwiftOnSecurity
This is what the notice said: "As a product itself, Wireshark is more vulnerable to attacks than most other programs due to literally hundreds of developers programming the code. We're addressing the high number of installations that lead to vulnerabilities."
65
13
315
23
45
527
I just completed this from the DOD
There's more useful stuff here:
49
39
521
wtf
@Microsoft
are you on drugs?
Looks like outright ads might be coming to the Start Menu in Windows 11, not just the usual recommendations / tips / shortcuts / etc.
After enabling experiment 48797684 the text in Settings changes slightly to accommodate for this 😐
23
37
199
79
45
501
if you look at the CISA stats:
~88% of pwnage is from the attacker having a set of credentials that work... (phishing, brute force or theft etc.)
Cybercrime is largely stealing credentials....
lot's of "IT people" say stuff like:
well sure if you have
24
100
487
why don't linux, windows and Apple Mac's alert you in the gui (if you are logged in) if someone fails to sign in to an remote session? e.g. RDP, SSH, WINRM, SMB etc?
it would be so useful if they did this (tm)
75
31
457
Things you can do that aren't a "red team" or "pentest":
> OSINT
> Asset Discovery
> Business Analysis
> Configuration Reviews
> Control Reviews
> Audits
> Health Checks
> Research
> Detection Engineering
> Detection Testing
> Attack Surface Mapping
> Attack Surface Reduction
>
14
66
448
I am sad. :(
This shall pass. But feels like I’ve been hit by a bus. Life is very not fun sometimes, but also life is also amazing and wonderful. The duality of the world!
So much joy/hope yet also the innevitable end.
I wish for a miracle but I know they don’t exist.
I wish
133
9
455
There's about 60K CITRIX NETSCALERS/GATEWAYS online in the world according to Shodan
CVE-2023-3519
10
76
437
@jackoregankenny
Yeah it might be. But this occured on a Mac that’s not logged into iCloud and uses a local account.
2
0
436
China.... is a country that despite being.(IMHO) the biggest cyber threat actor home in the world, often seems to fly under the convo radar....
the last report said about 6000 state hackers...
6000 hands on keyboard people...
CHINA can beat EVERY OTHER COUNTRY in the world
38
58
440
Why does the infosec world talk like:
> Everyone has a SOC (They don't)
> That their own orgs posture is perfect (it's not!)
> That they don't have problem with resources, budget, skills (they do)
Most orgs:
> Don't have a security person
> Don't have a SOC
> Don't have a
40
58
434
OMG I want
32
32
435
Can anyone tell me why the public WiFi with an attacker in it is unsafe?
I can read all the targets traffic metadata but I can’t read their traffic.
Anybody? The ASD say it’s not safe but I’m not really sure why…..
If you can show me an attack that will do something let me
169
43
430
I don’t understand all these ‘I’m never working with Windows’ or I’m not learning Windows people... most corps run Windows endpoints and have the majority of windows servers... how are you meant to be able to help secure a corp if u don’t know how this works????
44
45
424
china has deployed a MASSIVE CISCO ASA honeypot network... so i've removed CN from the graph. you can see if in he second image
15
63
421
vuln scanners are useful. this is way fucking simpler than running nmap and a load of other tools if you just want to get a broad understanding of an environment.
I think people really over simplify how this world works...
you need to understand context, objectives and
26
42
404
Would people be interested in a guide/paper to hacking/securing Windows Server 2016/2019? I'm writing one and wondered what the interest would be? A few of my friends in the community struggle with securing/pwning Windows compared to Linux based systems)…
27
69
403
BREAKING NEWS: CYBERCRIMINALS use COMPUTERS to do CYBERCRIME! standby for more CYBER THREAT INTELLGIIIGIGIGIENECE
25
41
393
ok tweeps, we have a mass exploitation scenario which appears to have targeted: Cisco IOS XE Software Web Management User Interface
(the HTTP server)
This has installed an implant:
which can be detected by running:
curl -k -X POST
16
150
401
If you asked me to defend a network without EDR or at least a SIEM I would probably laugh and say... good luck!
22
34
390
schtasks /create /tn "Task Name" /tr "C:\path\to\program.exe" /sc onstart /ru SYSTEM
21
81
389
Cyber newbs question: What OS is the target likely running?
117
18
374
You work in a SOC:
you have a user on the 5th Jan log in from London using Chrome.
On the 7th Jan they sign in from France using Firefox.
Is this an authorized or unauthorized logon?
177
30
382
Infosec people: it’s ok to accept risk!
It’s called a choice! You do this all the time in life. You could be run over when crossing the road.
You still cross roads.
You don’t get a tank to cross the road because a risk may occur (well ok it depends)
Risk is very hard to be
42
38
381
behind all the cool there's hard work, teamwork and a spreadsheet....
real life cyber security isn't flashy, its not 1337, its hard work.
18
47
366
fuck my friend just lost his battle with cancer ☹️☹️☹️☹️☹️☹️
177
6
354
FYI
MDE's sensor picks up MDNS requests....
this means that if you have a laptop in basically any network there's a map of assets being collected....
20
36
353
This person is a massive knob head!
Anyone that wants to belittle people for working in desktop support can gladly have some of my time….
Oh they also are blaming the shipping incident on a cyber attack!!
#Cringe
107
4
361