Dave Cossa (@g0ldengunsec) 's Twitter Profile
Dave Cossa

@g0ldengunsec

Adversary Simulation @xforcered / Frequent reader of the first page of Google results / Occasional reader of the second page of Google results

ID: 911042349761024001

linkhttps://blog.redxorblue.com/ calendar_today22-09-2017 01:39:57

749 Tweet

2,2K Followers

250 Following

Dirk-jan (@_dirkjan) 's Twitter Profile Photo

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Luke Turvey (@turvsec) 's Twitter Profile Photo

I just released Flareprox 🔥 A Cloudflare based Fireprox alternative that allows you to route HTTP traffic through Cloudflare, to gain mostly unique IP Addresses, to avoid detection and blocks.

I just released Flareprox 🔥

A Cloudflare based Fireprox alternative that allows you to route HTTP traffic through Cloudflare, to gain mostly unique IP Addresses, to avoid detection and blocks.
codewhisperer84 (@codewhisperer84) 's Twitter Profile Photo

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

SpecterOps (@specterops) 's Twitter Profile Photo

Lateral movement getting blocked by traditional methods? werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG

SpecterOps (@specterops) 's Twitter Profile Photo

What happens when the User-Account-Restrictions property gets misconfigured? Spoiler: It's not good. From account compromise to full domain takeover, Garrett breaks down why this permission set is more dangerous than most realize. ghst.ly/4mKgycH

Shawn (@anthemtotheego) 's Twitter Profile Photo

Can’t say enough great things about Offensive AI Con. The people, the conversations, the vibes were unmatched. Can’t wait to see everyone again next year and excited to see the progress we all make in the offensive community.

dinosaurlover38 (@_dinolover38) 's Twitter Profile Photo

CVE-2025-23282 is going to debut tomorrow at Hexacon in our talk "CUDA de Grâce" w/ chompie, but you can try CVE-2025-23332 now! Tweetable Python PoC: ``` import fcntl fcntl.ioctl(open('/dev/nvidiactl'),218,0) ```

dreadnode (@dreadnode) 's Twitter Profile Photo

Can we eliminate the C2 server entirely and create truly autonomous malware? On the Dreadnode blog, Principal Security Researcher Max Harley details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation

Can we eliminate the C2 server entirely and create truly autonomous malware?

On the Dreadnode blog, Principal Security Researcher <a href="/0xdab0/">Max Harley</a> details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation
Chris Thompson (@retbandit) 's Twitter Profile Photo

Getting some downtime in EU post-Offensive AI Con . Thank you to all the community, sponsors, co-organizers, and speakers that helped make it such as amazing first year! A few more days to relax, then it’s back to the grind, exciting things coming!

Getting some downtime in EU post-<a href="/OffensiveAIcon/">Offensive AI Con</a> . Thank you to all the community, sponsors, co-organizers, and speakers that helped make it such as amazing first year! A few more days to relax, then it’s back to the grind, exciting things coming!
TrustedSec (@trustedsec) 's Twitter Profile Photo

Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services. In our new blog, freefirex breaks down the types of service triggers that exist and how they can be activated with little to no code required. trustedsec.com/blog/theres-mo…

S3cur3Th1sSh1t (@shitsecure) 's Twitter Profile Photo

Remotely enable the EFS service for Win11 systems? No problem with rpcping. Just worked for me from remote with a low privileged user. 🧐

Remotely enable the EFS service for Win11 systems? No problem with rpcping. Just worked for me from remote with a low privileged user. 🧐
Logan Goins (@_logangoins) 's Twitter Profile Photo

I feel like Yuval Gordon's briefly mentioned new dMSA account takeover mechanism in his last blog didn't get enough attention. A new account takeover mechanism is on the horizon. I wrote a blog detailing it, releasing with a new BOF I wrote called BadTakeover specterops.io/blog/2025/10/2…

Andrea Pierini (@decoder_it) 's Twitter Profile Photo

Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used. Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.

Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used.
Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.