ACE Responder(@ACEResponder) 's Twitter Profileg
ACE Responder

@ACEResponder

Practice threat hunting & detection engineering in a real SIEM with real attacks. Join us and become the best.

ID:1560366242426494977

linkhttp://aceresponder.com calendar_today18-08-2022 20:41:40

602 Tweets

10,5K Followers

231 Following

ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 weeks ago

How pass the ticket 🎫 with constrained delegation works.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

3 weeks ago

How unconstrained delegation 🎫 is abused to escalate privileges.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

3 weeks ago

How attackers steal Primary Refresh Tokens and access cloud resources.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

4 weeks ago

How the SSHD backdoor works.



Based on Anthony Weems POC

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

How the silver ticket attack works 🎫

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

⚡New Defender module on ACEResponder.com!

Have you ever wondered how to get the most out of BloodHound as a defender? Learn to turn AD chaos into opportunities with Cypher queries.



aceresponder.com/learn/bloodhou…

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

💎How the diamond ticket attack works.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

The Windows startup process sequence.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

Animated attack path for the Midnight Blizzard (Nobelium) attack against corp environment.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

📢 New Analyst module on ACEResponder!

Investigating Entra ID Attacks



aceresponder.com/learn/entra-id

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

Windows lateral movement via RPC.

Windows lateral movement via RPC. #ThreatHunting #DFIR
account_circle
chebuya(@_chebuya) 's Twitter Profile Photo
chebuya
@_chebuya

1 month ago

How I discovered a pre-auth XSS vulnerability in NorthStar C2 (CVE-2024-28741) allowing an attacker to execute commands on NorthStar C2 agents
Thank you ACE Responder and ocdsec for the inspiration
blog.chebuya.com/posts/discover…
github.com/chebuya/CVE-20…

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

How Azure device code phishing works.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

1 month ago

Some Windows Event IDs and how they help defenders.

Some Windows Event IDs and how they help defenders. #ThreatHunting #DFIR
account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 months ago

How the Illicit Consent Grant attack works.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 months ago

How the PetitPotam 🦛 attack is used to take over domain controllers.

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 months ago

📢 New Challenge: Locked Up

Your domain is infected with ransomware. Take on a unique attack path in this beginner-friendly challenge.



aceresponder.com/challenge/lock…

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 months ago

How WMI lateral movement works 🖥️⚡️🖥️

account_circle
ACE Responder(@ACEResponder) 's Twitter Profile Photo
ACE Responder
@ACEResponder

2 months ago

Our ROTJ exploit is still in the running for taking down LockBit. 🤞

aceresponder.com/blog/exploitin…

account_circle