Maxime Thiebaut
@0xThiebaut
308 Permanent Redirect Location: https://infosec.exchange/@0xThiebaut 🇧🇪🕊🇺🇦
You might like
Received the NVISO #Innovation Coin joining a growing hall of fame 🎉 If you’re looking to work with #SANS legends, we’re #hiring in every field! Come have a chat & drink: nviso.eu/jobs 🍻
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service discovery features. NVISO has identified zero-day exploitation in the wild beginning mid-October 2024. All details - blog.nviso.eu/2025/09/29/you…
New blog post! Title: Hunting Chromium Notifications | By @0xThiebaut (Maxime Thiebaut) Link: wp.me/p84lDr-4sj #ThreatHunting #Phishing #Chromium #Chrome #Edge #Forensics
New blog post! Title: MEGAsync Forensics and Intrusion Attribution | By @0xThiebaut (Maxime Thiebaut) Link: wp.me/p84lDr-4FS #Forensics #MEGAsync #LockBit #Python #Statecache
Respectfully, your proposal does break encryption. I am happy to spend as much time as you need reviewing in as much detail as you are comfortable with exactly how it breaks encryption, and why this is so dangerous.
Let me clarify one thing about our draft law to detect online child sexual abuse #CSAM. Our proposal is not breaking encryption. Our proposal preserves privacy and any measures taken need to be in line with EU privacy laws.
ScriptBlock Smuggling is a new technique, developed by @_Hubbl3 & @Cx01N_ that allows that allows for the spoofing of PowerShell security logs & bypasses AMSI without the need for reflection or memory patching. Learn all about in our new blog post! bc-security.org/scriptblock-sm…
Tune in now!
Join us today at 4:00 pm ET (8:00 pm UTC) at the #RansomwareSummit to discuss the "Evolution of Ransomware Tactics in 2023 - Insights from The DFIR Report" Shout-out to our analysts (@_pete_0 & @0xThiebaut) who have been working on this presentation for months!
We're closing out today's #RansomwareSummit w/ @_pete_0 & @0xThiebaut exploring the evolving landscape of #ransomware tactics and strategies, providing actionable insights for bolstering #cybersecurity defenses. Register Free to Join / Access Recordings: sans.org/u/1soB
At #RansomwareSummit, @_pete_0 & @0xThiebaut will explore the evolving landscape of #Ransomware tactics and strategies, providing actionable insights for bolstering #Cybersecurity defenses. Register for Free Live Online: sans.org/u/1soB
New blog post! Title: Covert TLS n-day backdoors: SparkCockpit & SparkTar | by NVISO Incident Response Link: wp.me/p84lDr-4w7 #Forensics #ReverseEngineering #CVE #Ivanti #PulseSecure
From ScreenConnect to Hive Ransomware in 61 hours ➡️Initial Access: ScreenConnect ➡️Defense Evasion: BITS Jobs, Embedded Payloads ➡️Lateral Movement: Impacket, RDP, SMB ➡️C2: ScreenConnect, Atera, Splashtop, Cobalt Strike, Metasploit ➡️Exfil: Rclone thedfirreport.com/2023/09/25/fro… 1/X
Awesome article, and here is the tool that came with it put together by @0xThiebaut: github.com/0xThiebaut/PCA… Works like a charm; I used it more than once 🙂
IcedID & Qakbot's VNC Backdoors: Dark Cat, Anubis & Keyhole blog.nviso.eu/2023/03/20/ice…
Got the account locked because of DMCA. 🤦♂️ Forget to screenshot the step after the first screenshot, but anyway, it did not include which tweet got reported and by who, should check emails it said. So going to check now...
A Truly Graceful Wipe Out ➡️Initial Access: Email > TDS > Truebot download ➡️Credentials: LSASS & Registry Dump ➡️Persistence: Scheduled Task ➡️C2: Truebot, FlawedGrace, Cobalt Strike ➡️Exfiltration: FlawedGrace ➡️Impact: MBR Killer thedfirreport.com/2023/06/12/a-t… 1/X
A new report will be out June 12th by @Kostastsale, @svch0st & @0xThiebaut! This report will have a few things we haven't covered before, you won't want to miss it! Want to receive an email when we publish the report? Subscribe below thedfirreport.com/subscribe/
🔎 IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole A summary of #VNC #backdoor capabilities @0xThiebaut reconstructed from network traffic. 👀 Screenshots, videos and clipboard data at blog.nviso.eu/2023/03/20/ice… #Malware #PCAP #Reversing
A few weeks ago Microsoft released #CVE_2022_41120, a “Microsoft Windows #Sysmon Elevation of Privilege Vulnerability” reported by @filip_dragovic . With the #vulnerability and original #PoC released, I can now share the first time I #diff'ed a patch. thiebaut.dev/articles/diffi…
Here is PoC for CVE-2022-41120 github.com/Wh04m1001/Sysm…. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
Brc4 v1.2.2/5 was leaked by MdSec and is circling the internet. I am tracking it over the past few weeks. MdSec uploaded the whole package to VT which was cracked by a Russian group Molecules, and now used by TAs which will most likely create an irrepairable damage. blog incoming
United States Trends
- 1. #BUNCHITA 1,297 posts
- 2. #SmackDown 43.5K posts
- 3. Tulane 4,039 posts
- 4. Aaron Gordon 2,929 posts
- 5. Supreme Court 178K posts
- 6. Giulia 14.2K posts
- 7. Russ 13K posts
- 8. Connor Bedard 2,517 posts
- 9. #TheLastDriveIn 3,354 posts
- 10. Podz 2,735 posts
- 11. #OPLive 2,231 posts
- 12. Caleb Wilson 5,525 posts
- 13. #TheFutureIsTeal N/A
- 14. Northwestern 4,908 posts
- 15. Memphis 15.8K posts
- 16. Frankenstein 73.4K posts
- 17. Scott Frost N/A
- 18. Rockets 20K posts
- 19. Justice Jackson 5,055 posts
- 20. Isaiah Hartenstein 1,014 posts
You might like
-
Zach
@svch0st -
Myrtus
@Myrtus0x0 -
Kostas
@Kostastsale -
Wietze
@Wietze -
Kyle Cucci
@d4rksystem -
NVISO
@NVISOsecurity -
Mehmet Ergene
@Cyb3rMonk -
Reverse Engineering and More
@re_and_more -
Jane
@Jane_0sint -
proxylife
@pr0xylife -
The Haag™
@M_haggis -
Joe Desimone
@dez_ -
[email protected]
@tas_kmanager -
Matthew
@embee_research -
Sekoia.io
@sekoia_io
Something went wrong.
Something went wrong.