Joined August 2014
- Tweets 115
- Following 80
- Followers 1,174
- Likes 196
21 Photos and videos
Pinned Tweet
5 Apr 2024
🚀I'm finally releasing GraphSpy to the public!🕵️
A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments!
github.com/RedByte1337/Graph…
3
136
380
34,888
May 30
This is exactly why I did not share my research with MSRC before my talk last @defcon, to make a statement against their classic "does not meet the bar for servicing (unless you publish it)" response.
Next DEF CON will be interesting...
May 28
Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point.
This Eclipse guy has really rocked the boat for Microsoft.
3
3
41
2,946
May 30
I even dedicated the first three minutes of my talk to calling them out for these practices.
They came to me afterward and told me I would have gotten at least a $10k bounty if I had reported it. Sure...
youtu.be/z6GJqrkL0S0
1
1
10
698
Apr 14
Just shipped GraphSpy v1.7.0 ✨
Mostly under-the-hood work this time with major refactoring to speed up future development ⚙️
Huge shoutout to n3rada for leading the effort!
More exciting features coming soon 🚀
github.com/RedByte1337/Graph…
1
12
39
2,852
Keanu Nys retweeted
Early Bird Offer for Q2 Bootcamps 2026 is ending soon.
Save 15% on our upcoming Red Team live bootcamps across Azure and Active Directory.
Use code EARLYBIRD15. Offer valid till April 10, 2026.
June 5 - CARTP® Bootcamp
June 6 - CRTP® Bootcamp
June 27 - CARTE® Bootcamp
Secure your seat:
alteredsecurity.com/bootcamp…
#CyberSecurity #RedTeaming #CloudSecurity #InfoSec
2
12
1,808
Keanu Nys retweeted
Apr 7
Join @RedByte1337 and me for the June 2026 bootcamps as we take you through the on-prem and Azure Red team. Very practical and hands-on labs with fantastic learning aids. Bonus - dad jokes and insight (read rant) on state of identity security.
Early Bird Offer for Q2 Bootcamps 2026 is ending soon.
Save 15% on our upcoming Red Team live bootcamps across Azure and Active Directory.
Use code EARLYBIRD15. Offer valid till April 10, 2026.
June 5 - CARTP® Bootcamp
June 6 - CRTP® Bootcamp
June 27 - CARTE® Bootcamp
Secure your seat:
alteredsecurity.com/bootcamp…
#CyberSecurity #RedTeaming #CloudSecurity #InfoSec
1
9
1,076
Keanu Nys retweeted
Mar 27
It was an honour to share what I've been working on on the stream! It was a blast! 🪝🐟
The demo gods were thankfully kind to me. 🙏
P.S. To anyone copying the session cookies character-by-character from the video feed - all the sessions have been invalidated. 🥲
Mar 27
Big thanks to @mrgretzky for a great stream on the latest in MFA bypass attacks with Evilginx and Phishlets 2.0! Each time web developers come up with new ways to secure things, Kuba is right there to find a workaround!
You can watch the recording here:
youtube.com/live/eeauoOYUwoM…
3
9
46
4,254
Mar 11
I recently sat down with @_JohnHammond to record a video about GraphSpy! 😁
We went over the most powerful features GraphSpy has to offer, and even showcased some of the new features that were added lately.
This video is now live on his YouTube channel, so go check it out! 😉
Mar 11
GraphSpy: A Hacker's Tooling Deep Dive, video demos with the creator @RedByte1337! 🤩 Keanu shows me the wild things you can do for post-exploitation in Entra ID -- even adding a physical security key for persistence and a ton of other tricks 🤯 Video: youtu.be/qEtoKC32UoE
2
9
43
9,279
Jan 31
Maximum 16-character password "for security reasons". 🤔
And what I find more surprising is the fact that the "<" character is not permitted either...
Is this some poor attempt at preventing XSS? That would mean the password is displayed in cleartext somewhere on a web page...🤨
1
5
383
Jan 29
I will be teaching the advanced version of the Attacking & Defending Azure Cloud bootcamp once again in February with @AlteredSecurity!
Live, hands-on Azure red team training with realistic labs to sharpen both your Offensive and Defensive skills! 🔥
🔗 alteredsecurity.com/carte-bo…
2
9
611
Jan 17
GraphSpy just hit 1000 ⭐ on GitHub!
What started as a personal side project is now used by pentesters around the world. Never imagined this as my first project, especially not in under 2 years. 🤯
I silently pushed v1.6 right before the holidays with powerful new features 😉
4
5
31
2,787
Jan 17
Check out the new features under the Release Notes section:
🔗github.com/RedByte1337/Graph…
6
14
1,107
27 Nov 2025
Wow, this almost passed by without me noticing👀
This is not how I envisioned GraphSpy to be covered in a @_JohnHammond video, but then again, it was only a matter of time before malicious actors used it.
You just hope it is used for more good than bad when creating these tools.
22 Nov 2025
Uncovered screen recordings from threat actors! 👀 Real footage of cybercriminals using anti-detect browsers and infostealer malware logs for session hijacking, and another using GraphSpy to read their Entra ID victim's emails in Outlook! 💀 Video: youtu.be/vX7JcpRqbEk
1
9
1,691
16 Aug 2025
Thanks to everyone who joined my DEFCON33 talk!🎉
For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube:
youtu.be/z6GJqrkL0S0
16
146
531
53,254
16 Aug 2025
I will be sharing more in-depth details and the tools/scripts I created to set up some of these attacks in a blog post very soon!
24
2,313
A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome.
🇳🇱@_dirkjan @John_Fokker
🇮🇹@Van1sh_BSidesIT
🇫🇷@christophetd @fr0gger_ @kalimer0x00
🇧🇪@RedByte1337
🇨🇿@marektoth
🇬🇧@_mattmuir @johnnyspandex @buffaloverflow
many others
3
5
34
7,481
19 Jul 2025
I just noticed that the domain enumeration technique with the Autodiscover endpoint is suddenly not working anymore.
This is what tools like @DrAzureAD's AADInternals (Get-AADIntTenantDomains) used to allow unauthenticated enumeration of all domains linked to an Entra ID tenant.
6
16
86
10,611
Keanu Nys retweeted
19 Jun 2025
Grab a seat for one of @AlteredSecurity's three popular Red Team classes at @BlackHatEvents
Azure Attacks Advanced (In-Person) - Break an Azure environment with focus on evasion and opsec.
AD Attacks Advanced (Virtual) - Learn to break an enterprise environment with all Server 2025 machines.
Azure Attacks Beginner (Virtual) - Get started with Cloud Red Team for Azure.
alteredsecurity.com/training…
7
11
6,905
12 Jun 2025
GraphSpy just got scarily powerful!🔥
🤖Automated device code entry
🖥️Post-comprimise automation (device registration, WinHelloForBusiness, ...)
🍪PRT Cookies
⚒️Cross-tool support
❤️🔥The sponsor branch is now live for early access: github.com/sponsors/RedByte1…
🧵More info below
1
32
105
6,516
12 Jun 2025
⚒️ 𝑪𝒓𝒐𝒔𝒔 𝒕𝒐𝒐𝒍 𝒔𝒖𝒑𝒑𝒐𝒓𝒕 — Import/Export device certificates, Primary Refresh Tokens, and WinHello keys to easily switch between your favorite tools (e.g. roadtools, AADInternals, pytune, ...) while keeping track of all your certificates/tokens/keys in GraphSpy.
1
3
1,714
12 Jun 2025
❤️🔥 If you want to support the development of GraphSpy and get early access to new features, check out the 𝐬𝐩𝐨𝐧𝐬𝐨𝐫 𝐩𝐚𝐠𝐞 here: github.com/sponsors/RedByte1…
Thanks to @infosecnoodle and @q8fawazo for already supporting GraphSpy before this public announcement. ❤️
6
526