intuentis0x0

@[email protected]
20 Followers
122 Following
83 Posts

CTI Analyst | Threat Hunter
based in europe

Opinions are my own

bsky.apphttps://bsky.app/profile/intuentis0x0.bsky.social
reddithttps://www.reddit.com/user/intuentis0x0/
Mediumhttps://medium.com/@intuentis0x0
xhttps://x.com/intuentis0x0
intuentis0x0Apr 7

@badsectorlabs thanks for the work all the time. It was always fun and highly appreciated to have the new LWiS.

Source: https://blog.badsectorlabs.com/taking-a-break-2026-04-06.html

Taking a Break - 2026-04-06

😮‍💨

Bad Sector Labs Blog
intuentis0x0Jan 21
Kevin BeaumontJan 20

lol https://seclists.org/oss-sec/2026/q1/89

telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.

If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes

In telnetd for a decade 💀

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

intuentis0x0Dec 7
Inspirational Skeletor💀Dec 7
intuentis0x0Nov 6
@wynnchel hey buddy, had a chat with our friend several days ago. He told me that you look more into that CTI stuff. I found this, maybe it's a good ressource atm for you. The pdf is a good one:
https://www.group-ib.com/landing/operationalizing-cti/
intuentis0x0Sep 30, 2025
Show threadThe DFIR ReportSep 29, 2025
And we just dropped the full report too:
📄 https://thedfirreport.com/2025/09/29/from-a-single-click-how-lunar-spider-enabled-a-near-two-month-intrusion/
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion

Key Takeaways The intrusion began with a Lunar Spider linked JavaScript file disguised as a tax form that downloaded and executed Brute Ratel via a MSI installer. Multiple types of malware were dep…

The DFIR Report
intuentis0x0Aug 29, 2025

Come over this pretty interesting arcticel about Windows Defender Application Control (WDAC) policies to disable EDR agents. Very interesting. Also the first research regading this is worth a look.

https://beierle.win/2025-08-28-A-Nightmare-on-EDR-Street-WDACs-Revenge/

#threatresearch

A Nightmare on EDR Street: WDAC's Revenge

Jonathan Beierle
intuentis0x0Aug 1, 2025
cR0w   Aug 1, 2025
#directoryTraversalMemes
intuentis0x0Jun 27, 2025

This article does a good job of explaining why CTI isn't just for blue teams and why red teams can also benefit from good CTI analysts. I agree with many (though not all) of the points made here. CTI for red teams is a topic that’s discussed far too rarely.

https://blog.zsec.uk/offensive-cti/

#cti #redteam

intuentis0x0Jun 23, 2025

This tool deserves the naming of a "swiss army knife".

https://github.com/lefayjey/linWinPwn

#RedteamTools

GitHub - lefayjey/linWinPwn: linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools - lefayjey/linWinPwn

GitHub
intuentis0x0Jun 23, 2025
@wynnchel have a great time with some great people out there. :) maybe we should have a CON on our own, this summer ;)