Assuming this all works out, the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare. This technique also survives twitter's thumbnailer :Ppic.twitter.com/P0Owq9abRC
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I'll post my source code soon™ (It's a bit of a mess at the moment, split across multiple hacky python scripts...)
Fun fact: Just before this tweet got popular, I had 666 followers. It was an omen...
had to replace unzip&&unrar with unzip;unrar for unknown reason
Haha, thanks - I did notice just after I'd posted it, but I didn't think anyone else would actually notice
&& doesn't work because unzip returns an error code (because of a warning about junk data at the start, lol)
So glad you posted on SBE's stream - this honestly made my day - so simple and the impact is perfect - i hope you some day release this steg or say how you made it. Took me 30 min to find you again!
So on a Linux instance a call to twitter kind of stands out, I can alert on that. On a Windows client, even with proxy logs, this will not be easy to distinguish from normal twitter. 7zip and Winrar are kind of unusual there, though, and the machine learning flagged those procs.pic.twitter.com/lhGDNtxmuo
Wow. Amazing David, I still can't believe how you pulled this off!pic.twitter.com/CweLnl7m9F
Is this some kind of elaborate social engineering technique to trojan all of us?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.