Ecstatic Nobel

@ecstatic_nobel

Hope is nature's veil for hiding truth's nakedness. 🏁

Stockholm, Sweden
github.com/ecstatic-nobel
Joined December 2018
105 Photos and videos Photos and videos

Tweets

You blocked @ecstatic_nobel

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ecstatic_nobel

  1. Pinned Tweet
    Aug 1

    has moved and can now be installed directly from within Splunk. New version on the way. 🏁 OSweep™ Don't Just Search OSINT. Sweep it. Splunkbase

    4 retweets 7 likes
    Undo
  2. 22 minutes ago

    Correction: Now, you can detect downloads based on the cookie name seen in the Set-Cookie response header (2nd column colored by value) which seems to increment as new URLs born.

    Show this thread
    Show this thread
    Undo
  3. 2 hours ago

    CC:

    3 likes
    Show this thread
    Show this thread
    Undo
  4. 2 hours ago

    As of today, the latest URLs are seen with the Set-Cookie response header starting with "5d8" or matching ".+\n5d8.+". I would start looking for "5d9" soon.

    1 reply 1 retweet 3 likes
    Show this thread
    Show this thread
    Undo
  5. 2 hours ago

    Also, strengthen the search by matching the MIME-type and file extension.

    1 reply 1 retweet 1 like
    Show this thread
    Show this thread
    Undo
  6. 2 hours ago

    Now, you can detect downloads based on the cookie name seen in the Set-Cookie response header (3rd column colored by value) which seems to increment as new URLs born.

    2 replies 3 retweets 3 likes
    Show this thread
    Show this thread
    Undo
  7. 2 hours ago

    Before the new wave seen in March 2019 (1st column colored by value), compromised sites were using well-known cookies names (2nd column colored by value).

    1 reply 3 retweets 2 likes
    Show this thread
    Show this thread
    Undo
  8. 2 hours ago

    This new wave affects 125+ web server platforms and versions.

    1 reply 2 retweets 3 likes
    Show this thread
    Show this thread
    Undo
  9. Retweeted
    5 hours ago

    WARP is here (sorry it took so long) - by -

    24 replies 60 retweets 132 likes
    Undo
  10. 13 hours ago

    My mood after automating the correlation of 80k+ unique URLs tagged as in order to receive 113k+ historical results to include headers, filenames, and hashes. 🏁

    1 reply 2 likes
    Show this thread
    Show this thread
    Undo
  11. 15 hours ago

    Removing mentions so I'm not spamming people

    Show this thread
    Show this thread
    Undo
  12. Sep 23

    Recent reports of URLs are seen with a case-insensitive Set-Cookie response header matching "^5d[78].+" or ".+HttpOnly(\s|\n)5d[78].+". Can we track and block this way?

    1 reply 12 retweets 20 likes
    Show this thread
    Show this thread
    Undo
  13. Sep 23

    Sometimes my delivery in certain situations is way off so I apologize to those that got caught in the crossfire and were left confused.

    Undo
  14. Sep 23

    Does any other app have the ability to search the following sources other than OSweep? - - - - - - -

    1 retweet 3 likes
    Undo
  15. Sep 22

    🏁

    2 likes
    Undo
  16. Retweeted
    Sep 22

    Two more SpiderFoot modules just merged from , this time for the WhatWeb tool and . SpiderFoot is almost at 170 modules! Want to contribute? Check out the tutorial at

    20 retweets 41 likes
    Undo
  17. Sep 22

    After someone enables a new rule without giving you a heads up...

    0:44
    How big is that fish 🎣
    1 retweet 2 likes
    Undo
  18. Sep 21

    If I had the authority, I would let one of those MFers loose. My response to the news once everyone disappeared, "Seek and you shall find."

    The Area 51 gate gathering.
    Show this thread
    1 retweet
    Undo
  19. Sep 20

    Yeah yeah yeah. I bought it. So what! And if you don't know, now you know...

    1 reply 3 retweets 2 likes
    Undo
  20. Sep 20

    After making the toughest decision of my life, my father sends me a text saying, "A man's heart deviseth his way: but the LORD directeth his steps. Proverbs 16:9". We don't talk much so how did he know to send that today? 🏁🙏

    Undo
  21. Retweeted
    Sep 20

    Packer of latest version totally changed, packer start to use embedded RSA key to decrypt final payload. Emulating failed at the last step.

    17 retweets 30 likes
    Undo

@ecstatic_nobel hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·