@lowercase_drm profile picture
drm @lowercase_drm

@AlmondOffSec but mostly shilling for #pywerview

Joined March 2022
  • Tweets 256
  • Following 88
  • Followers 777
80 Photos and videos
Pinned Tweet
drm@lowercase_drm
13 Feb 2025
Choose your poison 🦋 bsky.app/profile/lowercasedr… 🐘 mastodon.social/@drm (still posting here too)
1
2,124
(near) Instant dumping of the Bitlocker VMK using @SipeedIO #SLogic16U3 and #ngscopeclient 🥰. Full disclosure: i know nothing about C , filter was fully vibe coded (with a Claude free plan)
5
28
2,279
drm retweeted
🕳@sekurlsa_pw
Jun 6
Padding Oracle in MS-BKRP (BackuprKey RPC) “decrypt DPAPI v2/v3 domain backup blobs via distinguishable error codes on the DC's BackuprKey endpoint.” You need the masterkey in users roaming dir: Roaming\Microsoft\Protect\<SID>\<GUID> Creds: Bad-Jubies github.com/Bad-Jubies/Exploi…

Exploits/MS-BKRP_padding_oracle_decrypt.py at main · Bad-Jubies/Exploits

This is a collection of proof-of-concept exploits for various targets. - Bad-Jubies/Exploits

github.com
1
26
78
4,573
drm@lowercase_drm
16 Apr 2025
Recently sniff a SPI bus for the first time (with and without PIN) on a Lenovo T470. It's quite fun, event with a DSLogic! s/o @en4rab for SPITkey.
For the Lenovo T470, a SPI flash shares the SPI bus with the TPM

ALT For the Lenovo T470, a SPI flash shares the SPI bus with the TPM

4
8
22
2,700
more replies
Dell 7450: VMK sniffed on the WSON flash (UC2), clock is 25Mhz. Added to vmk.lol 🫡
1
102
HP Probook 440 G5: TPM sniffed on the BIOS flash (SOIC 8)
63
drm retweeted
Stu Kennedy@NoobieDog
May 20
github.com/NoobieDog/TPM-Sni… Continues to grow! Loads more laptops added to the repo that are extractable! Dell Lattitude 5430 and 5440! @lowercase_drm @en4rab

GitHub - NoobieDog/TPM-Sniffing: A repo for TPM sniffing greatness

A repo for TPM sniffing greatness. Contribute to NoobieDog/TPM-Sniffing development by creating an account on GitHub.

github.com
3
20
68
5,706
Please, be advised that someone is using a forked repo of my KingCastle python script to spread LUA malware. What a time to be alive. User: Ramdhankola Repo: KingCastle 🌻
146
drm retweeted
Nightmare Eclipse@ChaoticEclipse0
May 12
Two more zerodays - deadeclipse666.blogspot.com/…

9
119
480
65,851
Asked Claude to code a small site for the @NoobieDog repo about TPM sniffing. It was a fun exercice (even with a free tier claude account haha). vmk.lol
7
308
drm retweeted
MDSec@MDSecLabs
Mar 26
In our latest post, researcher @craigsblackie documents attacks against the Dell UEFI firmware that enable DMA attacks against TPM-only bitlockered devices mdsec.co.uk/2026/03/disablin…
3
51
156
12,865
drm retweeted
Almond OffSec@AlmondOffSec
Mar 20
A private @Burp_Suite Collaborator instance is an essential for pentesting sensitive environments, but managing TLS for it can be a pain. Today we release a Certbot plugin that automates Let’s Encrypt wildcard certificate renewals for private instances. github.com/AlmondOffSec/cert…

GitHub - AlmondOffSec/certbot-plugin-burpcollaborator: Certbot plugin for authentication using Burp...

Certbot plugin for authentication using Burp Collaborator - AlmondOffSec/certbot-plugin-burpcollaborator

github.com
3
11
551
Based on prior research by @Jonas_B_K, @harmj0y, @PyroTek3, @_dirkjan, @gentilkiwi and prior work from @SAERXCIT and many impacket contributors!
Almond OffSec@AlmondOffSec
Mar 10
Are one-way trusts really one way? @lowercase_drm sums up how the TDO password lets you turn a one-way AD forest trust into bidirectional access, and releases a new tool to remotely extract these secrets. offsec.almond.consulting/tru…
2
13
47
8,197
I was bored to type the same commands each time I started a new internal pentest. So here comes KingCastle. This script does not perform any attacks, consider it as a cheat sheet, to quickly see low hanging fruits. github.com/ThePirateWhoSmell…
3
69
307
16,972
drm retweeted
Almond OffSec@AlmondOffSec
Feb 27
Team member @sigabrt9 was able to bypass Apache FOP Postscript escaping to reach GhostScript engine. offsec.almond.consulting/byp…
5
19
1,378
The Sword made its way to France 🗡️ @GiliYankovitch
1
1
233
drm retweeted
Almond OffSec@AlmondOffSec
Feb 17
Team member @myst404_ identified a privilege escalation in WAPT caused by a DLL hijacking issue, which was promptly fixed by the vendor. Patched in version 2.6.1. Changelog: wapt.fr/fr/doc/wapt-changelo…
5
22
1,241
Merged in main 🎉 Happy hacking!
RedTeam Pentesting@RedTeamPT
5 Jun 2025
Newer Windows clients often enforce signing ✍️ when using SMB fileshares. To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by @lowercase_drm. github.com/fortra/impacket/p…
1
16
1,730
drm retweeted
RedTeam Pentesting@RedTeamPT
Jan 30
Originally, Microsoft did not enforce their own specs for validated writes at all and only checked if a KeyCredentialLink is already present. Now they require a CustomKeyInformation field with the "MFA Not Required" flag to be present and the last logon timestamp to be absent.
2
3
15
2,074
drm retweeted
Nic Losby@Blurbdust
Jan 15
The blog with how to use the rainbow tables for Net-NTLMv1 is finally live! cloud.google.com/blog/topics… My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created. content.burningrivercybercon…
6
87
223
37,970
Load more