v3ga
@v3ga_hax
Followers
1K
Following
15K
Media
851
Statuses
9K
Human / Adversary Simulant / OffSec Researcher / Professional Thief / SwAG / H1 Researcher / cr0ws / Opinions are my own. https://t.co/vrWwKkYo2s
Chaos
Joined October 2009
Made another 30 second thrash song about pills. https://t.co/enTjZRyhLk
#grindcore #thrash ##sandiegothrashcore
0
0
0
Lol "ZDI has marked all 13 issues as zero-day vulnerabilities, given Ivanti’s failure to release fixes in accordance with responsible disclosure deadlines." https://t.co/zK9MQYcgvo
cyberinsider.com
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
2
45
132
🚨 BREAKING: Chicago residents are now following ICE vehicles, honking horns and shouting warnings to alert immigrants before raids begin. This is what community defense looks like — ordinary people refusing to stay silent while federal power targets the vulnerable.
6K
16K
96K
Zabbix RCE, CVSS 9.9 The flaw allows non-admin user accounts with default User roles or any role that permits API access to exploit the vulnerability https://t.co/6aH1HJhhEh
securityonline.info
Security researcher Alejandro Ramos has published a detailed technical analysis and proof-of-concept (PoC) exploit code for CVE-2024-42327
0
2
2
The dumbest person you know is currently being told “You're absolutely right!” by ChatGPT
13
41
222
I started partying when I was 15 and have not stopped since. It is the right choice. Party now and party always. You will not regret it.
not partying in your 20s is stupid good luck finding anyone in your 30s or 40s when you've only grinded for 10 years straight everyone will already be past their peak party phase for everyone who wants to comment that partying is not worth it, that just means you don't know
7
4
61
🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection. I've created a #nuclei script to detect vulnerable instances at scale: https://t.co/tgEvGaFAJh
3
67
336
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
zerosalarium.com
EDR-Freeze exploits the vulnerability of WerFaultSecure to suspend the processes of EDRs and Antimalware, halting the operation of Antivirus and EDR
0
41
181
Another beautiful FortiWeb WAF RCE ! Putting the vendor aside, this is one of those cool cases that combines a couple of otherwise overlooked and simple primitives into something lethal. CVE-2025-52970: https://t.co/7Npnke3MLJ
Special recognition goes to security researcher @0x_shaq from https://t.co/mt7EJpG0qz for discovering and responsibly disclosing CVE-2025-52970. You can read their detailed technical analysis and proof-of-concept research here: https://t.co/5Pe4wa5hiJ (🧵6/6)
1
30
147
I kinda love those developers who rely on WAF rules too much. • /res-api/<ID>/status → 200 OK • /res-api/<ID>/qwertyasdf → 404 • /res-api/<ID>/ → 403 Forbidden • /res-api/<ID>/?anyparam → 200 OK
14
50
568
ByteCaster 🔥 – my new tool for payload encryption, obfuscation, and conversion to byte arrays. https://t.co/vqCrSVeRO1 - 14 output formats: C, Rust, C#, Nim, Go... - AES-256, RC4, XOR supported - IPv4Fuscation, MACFuscation, base64/32 #malware #redteam #security #infosec
6
65
353
A list of LSASS dumping techniques. From utilizing built-in commands, to minidump API and Shtinikering. A good post by Jonathan Bar Or (@yo_yo_yo_jbo). Source: https://t.co/R0YwBigki3
#redteam #blueteam #maldev #malwaredevelopment
0
80
329
Win32_Process has been the go to WMI class for remote command execution for years. @0xthirteen explores a new WMI class that functions like Win32_Process and offers further capability. Read more ⤵️
specterops.io
TL;DR: Win32_Process has long been the go-to WMI class for remote command execution. In this post we cover MSFT_MTProcess — a newer WMI class that functions like Win32_Process but also offers...
0
34
134
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:
dirkjanm.io
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise...
143
903
3K
Something something soc2 something...
0
1
2
If you want to go straight to reading the poc: https://t.co/vIGEWsUEiL
github.com
Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 - BitsByWill/ksmbd-n-day
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) https://t.co/Cbk9MBo91v Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!
0
17
105