offsec @mcdonalds // DRIVE IMPACT OR GTFO
Joined September 2021
- Tweets 325
- Following 173
- Followers 43
- Likes 9,884
14 Photos and videos
"C:\Program Files\Google\Edrgay\EDRGay.exe" as an EDR killer filename - like there’s no other name in their dictionary haha😂
virustotal.com/gui/file/eeef…
virustotal.com/gui/file/2d89…
1
4
53
3,855
ziggooner retweeted
Apr 12
what the hell is hatsune miku doing at belmont
ALT a hatsune miku cosplayer walking by the belmont red/purple/brown line station in lake view, chicago
28
238
3,930
78,020
ziggooner retweeted
Mar 11
Dunno about you but I always run @SpecterOps certify from non-domain-joined systems.
It freaked me out that SID resolution would not work.
That is because LSA is used, which won't work in runas sessions.
Now it does SID resolution via LDAP queries:
github.com/GhostPack/Certify…
1
14
152
6,672
ziggooner retweeted
Today I pushed a majorly overdue feature to #x64dbg Automate and its MCP, remote debugging! Analysis targets can be isolated while driving x64dbg over the network. Full functionality is available over the wire.
Also, Linux client support 🐧🎉
19
146
6,836
🤢🤢🤢 KALI SLOP LINCOX
Mar 10
Kali & LLM: Completely local with Ollama & 5ire: We are extending our LLM-driven Kali series, where natural language replaces manual command input. This time however, we are doing everything locally and offline. We are using our own hardware and not… kali.org/blog/kali-llm-ollam…
60
🙏
69
ziggooner retweeted
Add this to your threat risk assessment and smoke it
there's an AWS outage in me-central-1 because it got bombed
7
23
434
33,600
sentence is too light
Feb 24
Peter Williams, the former Trenchant exec who stole zero-day exploits from his employer and sold them to a Russian exploit buyer, was sentenced today to 7 years and 3 months in a hearing that was partially closed to the public zetter-zeroday.com/trenchant…
37
chicago goat
295 W Montrose Harbor Drive at 7am - shovel ready if lake is iced over
41
wrote a quick script to help with generating draugr function hook definitions for usage in crystal palace loaders
github.com/ziggoon/draugrgen
cc @_RastaMouse
1
5
20
1,971
ziggooner retweeted
22 Aug 2025
13
258
1,947
108,223
hahaha this is sick
3 Apr 2025
Red Team Ops by @SpecterOps teaches Cobalt Strike while you’re being hunted by a bot that will callout and respond to bad OPSEC to reenforce good tradecraft. Wonderful course but I am bias because I work here.
ALT Cerberus bot calling out bad OPSEC due to using PSExec and having default spawnto in malleable C2.
2
285
crypto😭😭😭😭😭
171
ziggooner retweeted
21 Feb 2025
21 Feb 2025
FOUR EDRS!?! How expensive is that?!
8
11
117
21,777