︎ ︎ @0xocdsec Twitter profile

Pinned Tweet

︎ ︎

1 year

In this blog, we will discuss how to write a C2 implant for the modern era. We will look at the history of offensive techniques and the progress of defence. We then move into discussing some key...

web.archive.org

3

36

142

Last Seen Profiles

@cimolice

@ayumkr3

@ASMR_Amy

@bokeplokalmalam

@musumechai1022

@BHBReanimated

@CTC_Productions

@CherevGidon

@Jl0082021

@saeriex

@zuri_oli

@em

@darma_elda

@golfinghub

@janda_ndeso

@postedebochado

@TsusakiYuu6806

@WestonandTeston

@taykrome

@chelseacutler

@Lindsey02174019

@aphrodithj

@insyria

@stw_pdg

@btm_fem

@TIRA37MA

@NengnengHijau

@stw_pdg

@baduizmash

@haku_shiseido

@BamwmnKhal82987

@DekaneyWildcats

@DoubleDragonXP

@RsiS94210

@40hays

@RedactiveAI

︎ ︎

@0xocdsec

16 days

@fs0c131y Hot influencer girls thend to be the #1 opsec killers 🙄

16

48

3K

︎ ︎

@0xocdsec

4 months

@WindowsLatest This is beyond questionable for health care environments

4

21

1K

︎ ︎

@0xocdsec

2 years

@TechEmails 40 hours of non-remote work. His company is 0 attractive to anyone skilled.

25

12

675

︎ ︎

@0xocdsec

11 months

@visegrad24 A chasing dog looks different I think he was just trying to say hello : (

12

3

499

︎ ︎

@0xocdsec

7 months

Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1) by Sam Rothlisberger

Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1)

Havoc C2 is a modern and malicious post-exploitation framework that has quickly become one of many peoples’ favorite open-source C2s. Its features offer everything you need to complete a pentest or…

link.medium.com

3

176

515

︎ ︎

@0xocdsec

6 months

@Family_viralvid @isntayo @InternetH0F dood she breaks that windshield did you see that? 😭

5

1

397

︎ ︎

@0xocdsec

2 months

@seldo because valley tech people have nothing to do with auditors that do checkboxes and skip others when crowdstrike is running

3

4

342

︎ ︎

@0xocdsec

5 months

@stats_feed Donald

5

0

274

︎ ︎

@0xocdsec

7 months

@Snowden Sucks not being allowed to say whatever one thinks, doesn't it?

3

2

260

︎ ︎

@0xocdsec

10 months

lol

6

25

263

︎ ︎

@0xocdsec

6 months

@lobbycontrol Darf man spekulieren, dass das über Drittleute aus Ländern kommt, die kein Interesse an Demokratie haben?

4

3

259

︎ ︎

@0xocdsec

5 months

Chinese hackers been sitting inside German Volkswagen Group networks from 2010-2015 hunting for electromobility, impacting everything up until today

Sven Herpig

@z_edian

5 months

Chinesische Botschaft in Berlin: Die Behauptung, dass die chinesische Regierung Hackergruppen einsetze, um Cyberangriffe durchzuführen, sei "empörend". lol...

1

7

28

8

80

231

︎ ︎

@0xocdsec

6 months

@Karl_Lauterbach Gut gemacht Karl. Das Ganze hat der Demokratie auch gut getan und gezeigt welche Parteien am liebsten keine Demokratie hätten.

4

1

219

︎ ︎

@0xocdsec

3 months

@vxunderground @GossiTheDog - Images are stored in APPDATA directory, administrative privileges not required to access storage 😂

6

2

209

︎ ︎

@0xocdsec

7 months

Right now I am cloning a 476.9 GiB SSD to another one via NVME clone stuff I found on Amazon. I am doing ~ 234 MB/s via dd if=/dev/_one of=/dev/_two bs=4M status=progress && sync ETA is ~ 34 minutes So yeah, evil maid style one well placed distraction / lunch break /

stacksmashing

@ghidraninja

7 months

Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun (42.9 seconds)

65

906

5K

11

24

183

︎ ︎

@0xocdsec

9 months

If you haven't seen this 1 hour talk recorded 1 month ago - highly recomended. Even shows how to adjust the shellcode to bypass defender (and many others?) Ace the OSEP Exam with Sliver Framework via @YouTube

Ace the OSEP Exam with Sliver Framework

www.bishopfox.com - Penetration testers are perpetual learners, constantly adapting and evolving. To excel in ethical hacking, one must master the art of emu...

www.youtube.com

1

51

164

︎ ︎

@0xocdsec

3 months

@HumansNoContext they saw it and continue 😂

1

146

︎ ︎

@0xocdsec

5 months

@FFmpeg @Microsoft @MicrosoftTeams @verge @askhalid the best part is they wanna avoid xz backdoor but do 0 funding either and then act like no it is not the funding

0

2

141

︎ ︎

@0xocdsec

1 year

Russian 0day market just offered 20 mill for a full chain. That's like x2.5 of what I'm used to oO

Operation Zero

@opzero_en

1 year

Due to high demand on the market, we're increasing payouts for top-tier mobile exploits. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions). — Android RCE/LPE/SBX/full chain — The same. As always, the end user is a non-NATO country.

34

149

600

6

25

131

︎ ︎

@0xocdsec

3 months

@Byron_Wan It is always funny when people do that while being on another corner of the planet. I mean they surely must know how beautiful it is at home which is why they aren't there.

4

1

131

︎ ︎

@0xocdsec

1 year

The moment finally after a bunch of debugging pfSense, Packer, Terraform and Ansible natively deploys on my Proxmox @M4yFly @orangecyberdef <3

4

21

126

︎ ︎

@0xocdsec

1 year

@officejjsmart

0

4

113

︎ ︎

@0xocdsec

10 months

@phuckfilosophy Sorry to hear this, but that OnlyFans link in your bio is kinda sus for me.

11

0

109

︎ ︎

@0xocdsec

9 months

Now my little Rust project for is at 103 lines of code. (51 lines of code) and (52 lines of code). No fancy evasion needed so far, I'll try to get TLS working next.

3

10

104

︎ ︎

@0xocdsec

1 month

@SpatDeMontpetit @rshereme Fresh news, Dagestan Chess Championship on August 2

Chess Player Suspended After Allegedly Poisoning Her Rival

A chess player has been suspended by the Russian Chess Federation and is reportedly facing time in jail after she allegedly tried to poison her rival near the chess board during a tournament.

www.chess.com

2

10

104

︎ ︎

@0xocdsec

1 year

Little nasty #RedTeam trick to disrupt SIEMs that, (responsibly set up will have TLS & validation certificates & chains) on. 1) Check the host certificates of the box you land on - "openssl x509 -in $certificate.crt -text -noout" - Look what is getting verified against 2) If

1

13

94

︎ ︎

@0xocdsec

11 months

@HackRead Confirmed by @DailyMailUK

Facebook's own account is 'hacked'

A flurry of unusual posts were put online from the social media giant's official Facebook account.

www.dailymail.co.uk

2

24

78

︎ ︎

@0xocdsec

2 months

@SoniaCuff The higher the skill level the less you need to do

2

92

︎ ︎

@0xocdsec

11 months

@NoContextHumans Internet censorship, social credit system?

6

0

84

︎ ︎

@0xocdsec

3 months

@hakluke Great vuln to pwn at cons

2

0

88

︎ ︎

@0xocdsec

7 months

@signalapp "(you will still need a phone number to sign up for Signal). "

7

0

86

︎ ︎

@0xocdsec

11 months

Two weeks after the official release, Cobalt Strikes 4.9.1 are📈

4

10

79

︎ ︎

@0xocdsec

11 months

Allegedly #ThreatSec claims to have breached and disabled the entire Palestinian Gaza ISP infrastructure of @CyberSleuth1 @N4hualH @DailyDarkWeb

6

17

83

︎ ︎

@0xocdsec

2 years

0

27

83

︎ ︎

@0xocdsec

8 months

@igorsushko I was already wondering why he has so much less wrinkles on his forehead than usually

7

0

78

︎ ︎

@0xocdsec

6 months

@visegrad24 why does that sound familiar? 🤔

3

1

78

︎ ︎

@0xocdsec

1 year

@_JohnHammond Lots of EDRs still free

2

1

77

︎ ︎

@0xocdsec

3 months

@HumansNoContext Karma and he will be that fish in his next life

11

0

78

︎ ︎

@0xocdsec

8 months

If you are testing against EDRs it probably makes sense to not only check the top tier western products, but also check Russian and Asian solutions. What makes me think this? Since ~ 24 hours I am thinking it wasn't coincidence that minimalist 100 LoC RustShell was only picked up

5

8

78

︎ ︎

@0xocdsec

10 months

@mullvadnet Saving people a click

1

3

77

︎ ︎

@0xocdsec

4 months

@nixcraft The joy on the face he has on stealing all the data 😇

0

75

︎ ︎

@0xocdsec

10 months

@CraigHRowland @simplylurking2 @r00tkillah Here is some more : ) 1) ``` echo "L3Vzci9iaW4vd2hvYW1p" | base64 --decode | sh ``` 2) ``` echo "47 117 115 114 47 98 105 110 47 119 104 111 97 109 105" | awk '{ for (i=1; i<=NF; i++) printf "%c", $i; print "" }' | sh ``` 3) ``` echo "00101111 01110101 01110011 01110010 00101111

4

13

70

︎ ︎

@0xocdsec

4 months

@igorsushko Dood made sure to have enough vodka for the day

0

2

70

︎ ︎

@0xocdsec

8 months

@Mandiant Hi, I am ultra curious about 2 things: 1) How exactly did they pwn the account? 3rd party things? 2) And what did they leave behind? 🍿

MG

@_MG_

8 months

@vxunderground 🍿

1

2

67

5

66

︎ ︎

@0xocdsec

13 days

@harris_wins you know what he wants to do it's the same all dicators do

5

2

66

︎ ︎

@0xocdsec

2 months

@TheRecord_Media I would find it more interesting if he had it with him or not. If he didn't have it with him he had help.

4

3

64

︎ ︎

@0xocdsec

10 months

@vxunderground Red Team engagement, send to customer

2

0

66

︎ ︎

@0xocdsec

2 months

@RpsAgainstTrump she is a lawyer she can totally delete him in ways of no mercy

5

1

63

︎ ︎

@0xocdsec

4 months

@deepetanwar @HumansNoContext she is like

0

60

︎ ︎

@0xocdsec

10 months

I made it finally. Should release something with his name someday : )

12

0

62

︎ ︎

@0xocdsec

1 year

@beckonlisp @nixcraft Pay walls?

1

0

60

︎ ︎

@0xocdsec

7 months

did someone say forti?

CVE-2024-23109 - GitHub Advisory Database

An improper neutralization of special elements used in an...

github.com

1

11

58

︎ ︎

@0xocdsec

6 months

@Karl_Lauterbach Da wird eine ordentliche Mehrheit hinter ihnen stehen sieht man ja auch an der Abstimmung?

3

0

58

︎ ︎

@0xocdsec

1 year

@nexta_tv You can find her stuff here: if you are into academia you wanna look up the journals, then draw conclusions, usually some are pay2win, while others are not,(some need money). PhD students need to publish a certain amount, it is called "Publish or perish".

5

1

51

︎ ︎

@0xocdsec

7 months

@lauriewired It is called it also works very well with biases and self reflection

Availability heuristic - Wikipedia

en.wikipedia.org

1

2

57

︎ ︎

@0xocdsec

7 months

@vxunderground Me guessing ex exmployee got frustrated, happened a bunch of times this part of the industry

3

0

57

︎ ︎

@0xocdsec

1 year

@Shit_Posting_HQ @SamRamani2

3

56

︎ ︎

@0xocdsec

4 months

@jstrosch Put it on a usb stick and forget it on the street

4

0

57

︎ ︎

@0xocdsec

1 year

@trunarla

GitHub - Shpota/github-activity-generator: A script that helps generate a rich GitHub Contribution...

A script that helps generate a rich GitHub Contribution Graph for your account 🤖 - Shpota/github-activity-generator

github.com

2

3

52

︎ ︎

@0xocdsec

10 months

TAs using my script?

babysteps - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

Paul Melson

@pmelson

10 months

Obfuscated PowerShell that decrypts another AES-encrypted PowerShell script that drops #Redline Stealer from Discord's CDN.

2

10

59

1

4

53

︎ ︎

@0xocdsec

6 months

@Richter_Mueller @hanfverband Sehe ich genauso Provokationen sind nur unnötige Mittel die von den Legalisierungsgegnern gekonnt dokumentiert und ausgenutzt werden. Bitte den Sieg still, friedlich und unprovokativ geniessen - um Ihn auch für die nächsten Jahre zu sichern.

2

0

53

︎ ︎

@0xocdsec

3 months

@DebugPrivilege My bet safer than any other tech job

3

0

52

︎ ︎

@0xocdsec

10 months

@vxunderground What will the Kermits with big cucumbers and Russian muscular guys dressing as girls do now?

2

1

48

︎ ︎

@0xocdsec

6 months

@igorsushko I was wondering which border they coulda reached faster on escape and just asked here

9

3

50

︎ ︎

@0xocdsec

5 months

Rumors seem true

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

5 months

@dazzyddos I found some interesting leaked recorded videos for the Malware On Steroids workshop from 2021 with your name on the GoogleMeet attendance which are up for sale on various websites. Curious to know why you leaked it inspite of me providing discount when you said you

2

3

47

5

4

49

︎ ︎

@0xocdsec

5 months

@LiveOverflow nation state actors are usually quite shy I believe

4

0

47

︎ ︎

@0xocdsec

6 months

In case you wanna know how I defend my infrastructure against 0 days, you can find my config files here.

GitHub - emdnaia/OpenOCD: My config files for rolling entire infrastructures behind OpenBSD...

My config files for rolling entire infrastructures behind OpenBSD gateways which can only be accessed if on whitelists. - emdnaia/OpenOCD

github.com

0

12

48

︎ ︎

@0xocdsec

9 months

@nixcraft Thanks for this post, because you made me look up this behavior change, and it makes a lot of sense I remember a very stupid situation on a FreeBSD router years ago because the interfaces switched configurations for everything set after a reboot.

2

0

47

︎ ︎

@0xocdsec

1 year

@ThePrimeagen No wonder, it wasn't allowed get live in Europe because they knew it:

Why is Threads banned in Europe? Personal data usage restricts app in EU

Bad news for Meta’s Threads app in Europe - it won’t be offered in the EU anytime soon, it appears. The app, from the creators of Facebook, is seen as direct competition for Twitter.

www.sportskeeda.com

0

2

47

︎ ︎

@0xocdsec

7 months

@svpino Open Source be like

0

46

︎ ︎

@0xocdsec

5 months

@Markus_Soeder Doch die Grünen wollen wir. Was wir nicht wollen ist ein Zensurstaat den es schon woanders gibt in dem sämtliche Rechte auf Daten, Privatsphähre und Meinungsfreiheit verlohren gehen. Denn genau das machen Populisten mit autokrativen Ideen, komplette Kontrolle und Geld verdienen

1

3

45

︎ ︎

@0xocdsec

6 months

@NATO

Patriot with attitude problem

@ScottBu98883067

6 months

When Finland joined NATO, I was blocked by MFA Russia. I posted a pic and asked Fellas to share it for me. Now Sweden has joined Nato, and I'm blocked AGAIN. Will some kindly Fellas post this photo to them for me?

264

2K

8K

1

4

42

︎ ︎

@0xocdsec

5 months

I hate being stuck on a CTF I could also make malware in that time

3

43

︎ ︎

@0xocdsec

5 months

@NsSchussler Gibt es in anderen Ländern tatsächlich, ist in Deutschland unerwünscht. Hier ist kritisches Denken und Hinterfragen nicht das Ziel sonden schnell selektieren und mallochen.

3

0

42

︎ ︎

@0xocdsec

3 months

@SamRamani2 Did he not throw out all of his generals lately? Does this even make sense?

5

1

42

︎ ︎

@0xocdsec

1 year

@lauriewired Very cool finding. Also the fact it understands that is pretty cool.

1

42

︎ ︎

@0xocdsec

2 months

@visegrad24 How can the attacker know at this point, that there will be no cops around him to react, plus he has plenty of time? To figure that out just by himself? A random guy

4

3

42

︎ ︎

@0xocdsec

1 year

@dmissp @NahamSec @defcon Someone replied 30 minutes ago in that reddit with the answer "I can tell you the device is a raspi-micro with an external long range BLE adapter running a custom python app pushing out Apple BLE advertisements. I was not in Vegas this week. But I did take the rig out for a

1

7

41

︎ ︎

@0xocdsec

6 months

@visegrad24 Ah they want Georgia

1

0

38

︎ ︎

@0xocdsec

4 months

@SmokeAwayyy If our species was smart it would be kindness as a currency. Daily good deeds in exchange for AGI compute.

7

2

39

︎ ︎

@0xocdsec

1 year

@krainboltgreene @markrussinovich Imagine doing 8 hours of work in 2, solving community issues nobody has the ressources for, independent of any language - while getting paid for it.

4

0

37

︎ ︎

@0xocdsec

6 months

@UK_Daniel_Card I scrolled to the bottom

1

0

38

︎ ︎

@0xocdsec

1 year

@Maks_NAFO_FELLA

0

37

︎ ︎

@0xocdsec

11 months

@vxunderground Sounds like a typical dev to me. That legend made emacs, gcc, gdb, gmake, Linus wouldn't have gotten there without his toolchain.

1

37

︎ ︎

@0xocdsec

10 months

@MalDevAcademy students, like the premade VMs offered by the devs, but prefer to run them on #Proxmox ? Here's how: All you need to do is extract the vmdk, convert it to a usable qcow2 format and attach the new disk: 1) wget the iso to your Proxmox under

2

5

37

︎ ︎

@0xocdsec

6 months

@hanfverband

0

34

︎ ︎

@0xocdsec

6 months

@vxunderground You are aware they are owned by ByteDance Ltd. a Chinese internet technology company headquartered in Beijing

16

0

37

︎ ︎

@0xocdsec

1 year

@sentdefender

0

35

︎ ︎

@0xocdsec

2 months

@vxunderground conservatives suck

3

0

35

︎ ︎

@0xocdsec

1 year

@hackinarticles @KevinNaughtonJr The file exension is missing lol -_- it is HelloWorld, not HelloWorld.c

3

0

34

︎ ︎

@0xocdsec

7 months

Guess the vendor

BleepingComputer

@BleepinComputer

7 months

Chinese hackers infect Dutch armed forces network with malware - @serghei

3

133

236

4

5

35

︎ ︎

@0xocdsec

8 months

From an OPSec PoV, why are people using DNS resolution for their C2 redirectors, when we are aware that those need to get resolved, with better orgs potentially using multiple (logging) resolvers per threat group, potentially even anomaly detection? Might just as well just

8

2

34

︎ ︎

@0xocdsec

9 months

@x0rz For me the most shocking thing is that they do not seem to care about budget at all, like they do not seem to care to blow 20-30 mill per security researcher I feel. Like okay budget, but this budget? And they can also afford multiple mistakes while getting away with it, just

3

1

33

︎ ︎

@0xocdsec

7 months

I am here to preserve knowledge. Find my account find the forks. I have multiple accounts forking off eachother and pulling locally. See a cool Open Source project? Fork it instantly and locally clone it. You also support the authors like that. Don't let the $$ people or

DSAS by INJECT

@DevSecAS

7 months

Dear friends. We again received a BAN on our GITHUB ACCOUNT. Because of the rules policy. We are very sorry. #GitHub #DSAS

3

0

5

6

3

32

︎ ︎

@0xocdsec

5 months

@maxmoerseburg Der größte Aprilscherz ist Aussagen zu machen die sich selbst widersprechen und dabei noch zu denken man würde dafür wiedergewählt werden : D Zensurleute sind grade generell nen bisschen out.

0

33

︎ ︎

@0xocdsec

1 year

@rootsecdev I reported that guy / repo when we found out on here on Twitter to GH. They reacted quicker than I expected.

0

30

︎ ︎

@0xocdsec

7 months

@firefox All we need is native dark mode without an extension plz

1

0

32

︎ ︎

@0xocdsec

10 months

@HumansNoContext Idk why you uploading someone with down syndrome, poor guy can't change this. Sad people.

8

0

29

︎ ︎

@0xocdsec

2 years

@whitecyberduck They should revert that decision, the entire industry is shifting right now, and even the biggest names in AI are advertising and using it, and they should not stay behind. If they don't change it now, they will sooner or later anways.

3

1

31