Tweets

You blocked @ecstatic_nobel

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ecstatic_nobel

  1. Pinned Tweet
    Aug 1

    has moved and can now be installed directly from within Splunk. New version on the way. 🏁 OSweep™ Don't Just Search OSINT. Sweep it. Splunkbase

    Undo
  2. 22 minutes ago

    Correction: Now, you can detect downloads based on the cookie name seen in the Set-Cookie response header (2nd column colored by value) which seems to increment as new URLs born.

    Show this thread
    Undo
  3. Undo
  4. 2 hours ago

    As of today, the latest URLs are seen with the Set-Cookie response header starting with "5d8" or matching ".+\n5d8.+". I would start looking for "5d9" soon.

    Show this thread
    Undo
  5. 2 hours ago

    Also, strengthen the search by matching the MIME-type and file extension.

    Show this thread
    Undo
  6. 2 hours ago

    Now, you can detect downloads based on the cookie name seen in the Set-Cookie response header (3rd column colored by value) which seems to increment as new URLs born.

    Show this thread
    Undo
  7. 2 hours ago

    Before the new wave seen in March 2019 (1st column colored by value), compromised sites were using well-known cookies names (2nd column colored by value).

    Show this thread
    Undo
  8. 2 hours ago
    Show this thread
    Undo
  9. Retweeted
    5 hours ago

    WARP is here (sorry it took so long) - by -

    Undo
  10. 13 hours ago

    My mood after automating the correlation of 80k+ unique URLs tagged as in order to receive 113k+ historical results to include headers, filenames, and hashes. 🏁

    Show this thread
    Undo
  11. 15 hours ago

    Removing mentions so I'm not spamming people

    Show this thread
    Undo
  12. Sep 23

    Recent reports of URLs are seen with a case-insensitive Set-Cookie response header matching "^5d[78].+" or ".+HttpOnly(\s|\n)5d[78].+". Can we track and block this way?

    Show this thread
    Undo
  13. Sep 23

    Sometimes my delivery in certain situations is way off so I apologize to those that got caught in the crossfire and were left confused.

    Undo
  14. Sep 23

    Does any other app have the ability to search the following sources other than OSweep? - - - - - - -

    Undo
  15. Sep 22
    Undo
  16. Retweeted
    Sep 22

    Two more SpiderFoot modules just merged from , this time for the WhatWeb tool and . SpiderFoot is almost at 170 modules! Want to contribute? Check out the tutorial at

    Undo
  17. Sep 22
    Undo
  18. Sep 21

    If I had the authority, I would let one of those MFers loose. My response to the news once everyone disappeared, "Seek and you shall find."

    Undo
  19. Sep 20
    Undo
  20. Sep 20

    After making the toughest decision of my life, my father sends me a text saying, "A man's heart deviseth his way: but the LORD directeth his steps. Proverbs 16:9". We don't talk much so how did he know to send that today? 🏁🙏

    Undo
  21. Retweeted
    Sep 20

    Packer of latest version totally changed, packer start to use embedded RSA key to decrypt final payload. Emulating failed at the last step.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·