Javier Correa (@_zodi4c_) 's Twitter Profile
Javier Correa

@_zodi4c_

Red team pentester and CTF player - OSCE³ | OSCP | OSWP | eWPTXv2 🧩

ID: 2375633372

linkhttps://zodi4cx.github.io/ calendar_today06-03-2014 16:53:20

271 Tweet

355 Followers

293 Following

Louis Dion-Marcil (@ldionmarcil) 's Twitter Profile Photo

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a &lt;base&gt; tag with a fake domain + left-to-right mark (U+200E) 
Links in &lt;a&gt; tags will show the fake domain, but open the real domain. 
No need to buy .zip! :) Convincing #phishing #redteam
Pedro Ribeiro (@pedrib1337) 's Twitter Profile Photo

Pulling SYSTEM out of Windows GINA 🪟: a 0day vuln giving pre-auth SYSTEM shell on domain computers managed by ManageEngine ADSelfService Plus

ippsec (@ippsec) 's Twitter Profile Photo

The video on setting up an Android VM, Installing the Burp Certificate in the System Store, and proxying application traffic through BurpSuite is live now! Additionally, I go over using Frida to defeat certificate pinning. youtu.be/xp8ufidc514

Javier Correa (@_zodi4c_) 's Twitter Profile Photo

Recently, I've been playing around with Rust and I decided to take on the challenge of porting some of #mimikatz functionality to understand how it does its magic ✨ I've written an entry-level post about how the Minesweeper module works. Check it out! zodi4cx.github.io/posts/breaking…

LaurieWired (@lauriewired) 's Twitter Profile Photo

Want to leak your password through a mispredicted ASM routine? Run this on a Zen 2 Processor: vcvtsi2s{s,d} xmm, xmm, r64 vmovdqa ymm, ymm jcc overzero vzeroupper overzero: nop Tavis Ormandy uncovered a flaw "Zenbleed" (CVE-2023-20593) in

Want to leak your password through a mispredicted ASM routine? 

Run this on a Zen 2 Processor:

vcvtsi2s{s,d}   xmm, xmm, r64
    vmovdqa         ymm, ymm
    jcc             overzero
    vzeroupper
overzero:
    nop

Tavis Ormandy uncovered a flaw "Zenbleed" (CVE-2023-20593) in
vx-underground (@vxunderground) 's Twitter Profile Photo

With Web Environment Integrity in Chromium (Chrome, Opera, Edge) it'll allow websites to determine whether a visitor is a human or a robot based off of hardware fingerprinting. It is designed to enhance ad delivery capabilities.

The Citizen Lab (@citizenlab) 's Twitter Profile Photo

🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE. We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group’s #Pegasus #spyware. citizenlab.ca/2023/09/blastp…

Cienci@ULL (@cienciaull) 's Twitter Profile Photo

El primer taller del Laboratorio Virtual, Conecta Cienci@ULL es sobre computación cuántica y es impartido por los investigadores José Daniel Escánez y Javier Correa 🧪🖥️👨‍🔬

El primer taller del Laboratorio Virtual, Conecta Cienci@ULL es sobre computación cuántica y es impartido por los investigadores José Daniel Escánez y Javier Correa 🧪🖥️👨‍🔬
Octoberfest7 (@octoberfest73) 's Twitter Profile Photo

Found a user-level persistence opportunity when Steam.exe (the game platform) is installed. On boot, it runs "vulkandriverquery64.exe" which tries to load a missing DLL that can be placed in a user-writable location within %PATH%. #redteam #malware #cybersecurity #pentesting

Found a user-level persistence opportunity when Steam.exe (the game platform) is installed. On boot, it runs "vulkandriverquery64.exe" which tries to load a missing DLL that can be placed in a user-writable location within %PATH%. 
#redteam #malware #cybersecurity #pentesting