RT
Joined June 2016
- Tweets 1,100
- Following 193
- Followers 402
- Likes 1,539
2 Photos and videos
Vylegzhanin Daniil retweeted
Apr 4
Welcome to the red team world…. where blue chastised us for hoarding TTPs 😂😂
Knowledge getting distilled by LLMs, creates the illusion that R&D is getting cheaper or easier. While its the opposite in fact. Sharing "methodologies" or certain kind of "outputs" (like engines, complete working tooling, etc) is now harder than ever if you are in the R&D space be it blue or red.
It was already hard tbf, but now the time has shrunk and value perception has changed :D
So, while sharing detections rules, snippets of tooling and things in between is still valid and should happen imo. other things should be kept close :)
5
5
77
11,438
11 Sep 2025
Shared a note about the issue I discovered during the weaponization of auditd persistence on macOS
blog.offensive.af/posts/audi…
5
11
922
Vylegzhanin Daniil retweeted
2 Sep 2025
We've just pushed details on our latest #Nighthawk release (Sivako) nighthawkc2.io/sivako/ - including async BOF support, native kerberos and more 🔥 vimeo.com/1115201393?share=c…
5
22
87
28,208
Exploring the WDAC Microsoft Recommended Block Rules: kill.exe
kill.exe is an interesting SDK #lolbin. Instead of loading unsigned code through deserialization or through some script host trampoline magic, kill.exe appears to bypass WDAC b/c it is vulnerable to buffer overflow
2
49
129
7 May 2025
Infosec twitter is something
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave. Anything else to tackle with ABE? 🤔
4
312
Vylegzhanin Daniil retweeted
21 Mar 2025
So I wanted to collate a bunch of different attacks you can perform via ServiceNow that we've used pretty regularly, but for which there doesn't seem to be much out there publicly.
21 Mar 2025
Stumbled on ServiceNow during a red team? If not you might want to check our latest post on Red Teaming with ServiceNow by @__invictus_ mdsec.co.uk/2025/03/red-team…
4
11
76
8,905
V8 Sandbox escape/bypass/violation and VR collection
github.com/xv0nfers/V8-sbx-b…
3
84
321
42,890
24 Dec 2024
Nothing feels better than finishing a year with a high integrity callback on the high value server running under privileged account.
2
1
20
1,521
6 Sep 2024
Spent last two weeks working with Binary Ninja and finally can put ida to the bin. Awesome product, solid plugin support (lighthouse available!), 10/10
2
6
379
18 Aug 2024
Rip webdav motw bypass, was part of some nice exec chains, burnt as cve-2024-38213 by zdi. Unlucky that won't be able to use it for my next gig but had some good time.
5
472
Vylegzhanin Daniil retweeted
9 Aug 2024
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confu…
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
38
649
1,890
232,586
Vylegzhanin Daniil retweeted
7 Aug 2024
ICYMI: Apeman, a tool designed to simplify the understanding of permissions & potential Attack Paths within an AWS environment for both attackers & defenders, is now live!
@hotnops is at #BHUSA digging into the tool now - join him at Arsenal Station 3 to learn more.
7
15
2,070
Vylegzhanin Daniil retweeted
7 Aug 2024
OST's Stage1 C2 is now Outflank C2, an optimised, OPSEC focused custom C2 framework with:
•Native implants for Windows, macOS and Linux
•Dynamic code exec
•Proxying support
•Peer-to-peer C2 between all three implants
Get more info at bit.ly/4cgw8rl
32
117
23,997
Vylegzhanin Daniil retweeted
30 Jul 2024
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-f…
32
255
856
170,613
19 Jul 2024
CS ml engine finally figured out that nowadays windows is a malware
3
181
Vylegzhanin Daniil retweeted
24 Jun 2024
New blog post "Google: Stop Burning Counterterrorism Operations"
My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it.
poppopret.org/2024/06/24/goo…
63
129
539
480,691
Vylegzhanin Daniil retweeted
14 Jun 2024
Nighthawk 0.3 is finally in customer hands - now to write the blog post! Big thanks to @modexpblog @peterwintrsmith and @x86matthew for all the hard work, stay tuned for more details
3
15
100
12,564
20 May 2024
"exploit" lmao
"reported the issue to Foxit Reader"
🤡🤡🤡
14 May 2024
Check Point Research has identified an unusual pattern of behavior involving PDF exploitation targeting users of Foxit Reader. Our latest publication details multiple campaigns taking advantage of this exploit, from E-crime to Espionage groups.
research.checkpoint.com/2024…
1
2
534