Joined April 2024
- Tweets 19
- Following 95
- Followers 117
- Likes 19
3 Photos and videos
Pinned Tweet
Apr 2
Much-delayed release of my tool, the result of some really fun research, especially the Windows kernel stuff!
Apr 2
Relayed NTLM creds are powerful, if you can use them.
@senderend shows why browsers fail through ntlmrelayx SOCKS and introduces ghostsurf to make NTLM-authenticated web apps accessible.
Read more ⤵️ ghst.ly/4tnJOtx
5
24
2,227
Jan 30
Developed a much-needed C2 channel for Mythic with @KingOfTheNOPs during a 24hr hackathon! *.blob.core.windows.net is often one of the only egress methods from more mature client environments.
Jan 30
New from @KingOfTheNOPs @senderend: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents:
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
ghst.ly/3NM0LOR
🧵: 1/2
8
30
2,892
sender retweeted
Jan 16
WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it.
Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions.
Read more ⤵️ ghst.ly/45fPUma
9
172
725
104,071
sender retweeted
3 Dec 2025
3 Dec 2025
SCOM monitors critical systems, but insecure defaults make it a powerful attack vector.
At #BHEU, @unsigned_sh0rt & @breakfix show how to abuse SCOM for credential theft, lateral movement, and domain escalation, plus how to defend it. ghst.ly/4aoggph
3
41
132
19,002
sender retweeted
23 Oct 2025
Credential Guard was supposed to end credential dumping. It didn't.
@bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more ⤵️ ghst.ly/4qtl2rm
11
336
738
137,097
sender retweeted
21 May 2025
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name
If this query hits, you're in.
21 May 2025
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here - akamai.com/blog/security-res…
3
73
263
22,649
28 Apr 2025
Had an amazing time at @BSidesSF this weekend! Super fun and well done CTF, solved quite a few and came agonizingly close on some of the harder ones, including one that remained unsolved by anyone! I was thrilled to run into Erik from @badsectorlabs and talk Ludus.
1
33
15 Jul 2024
As a follow up to my research on a GLPI command injection vulnerability, I've updated the @pdnuclei
template for this CVE to detect the more advanced RCE vectors I researched. The PR is merged and live in the latest version of Nuclei, check it out below!
github.com/projectdiscovery/…
77
3 Jun 2024
Awesome talks, great food, inspiring people, and excellent community building from @SpecterOps last Wednesday! I look forward to the next one.
13 May 2024
📆 Mark your calendar!
We are hosting a BloodHound user group meet-up in the Seattle area on Weds., May 29. Join @_wald0, @JustinKohler10, @harmj0y & @tifkin_ at @AscendBellevue to get the latest on managing Attack Paths, AD CS & Nemesis.
Register 👉 ghst.ly/3UUP5KE
1
44
sender retweeted
21 May 2024
In his new post, @jaredcatkinson examines how changing the implementation of tradecraft can have as much of an impact on detection programs as changing the behavior.
Read more ⤵️ ghst.ly/4bIbFvA
20
53
6,260
21 May 2024
As a follow up to my PrivEsc Server scripts, here's another writeup with some of my most useful shell aliases and functions. These saved me lots of time and repetitive keystrokes on the #OSCP exam, and made my terminal workflow much more fun!
link.medium.com/HNhU5zmXLJb
142
16 May 2024
Check out my OSCP Privilege Escalation Server Scripts to save some time on the exam
#oscp #offensivesecurity
link.medium.com/IJYXoE0uDJb
163
2 May 2024
Here's my in-depth guide to the #OSCP course and exam. Check it out for all the tips and tricks I wish I had when I was studying.
link.medium.com/M2f4v2v1fJb
121
30 Apr 2024
I recently published an exploit script PoC as a result of some really fun research. Check out my in-depth writeup and try it for yourself on my GitHub! #applicationsecurity #appsec #cybersecurity #hacking #offensivesecurity
link.medium.com/DFEaUnj3dJb
67
27 Apr 2024
what a turnout at @bsidesseattle! I thought we got here early... x.com/senderend/status/17842…
39
27 Apr 2024
I'm thrilled to announce that last week, I passed the OSCP exam and got my certification!
Thanks @offsectraining for the learning experience!
#OSCP #offensivesecurity #cybersecurity
1
51
21 Apr 2024
turns out, with enough finesse and research, the LSA will give you what you want if you ask nicely. all without touching LSASS memory! excellent wiki here as well.
github.com/EvanMcBroom/lsa-w…
28
sender retweeted
28 Jun 2023
Today I'm releasing AtlasReaper, a .NET tool designed for red teamers to interact with Confluence and Jira via C2 agents.
Discover secrets and launch targeted attacks.
Check out the blogpost for more details:
medium.com/@werdhaihai/7a90b…
Github Repo:
github.com/werdhaihai/AtlasR…
2
88
214
21,620