You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
CVE-2020-1590 EOP mini writeup So basicly this is just a rerun of the first EOP submission i did where i realised I was doing something novel. CVE-2020-0863-https://twitter.com/buffaloverflow/status/1242497902850854912 …
See:
https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/ …
https://twitter.com/jonasLyk/status/1240392954507919360 …
Thanks for sharing, both! 
pic.twitter.com/D63aoBXdMC
Diagnostic tracking service will in SYSTEM security context copy xml files from C:\Users\user\AppData\Local\Packages\http://Microsoft.Windows .ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\ to C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\
back then I redirected the copy source folder to the namedpipe device. Because the named pipe file system allows directory listings it will try and copy a named pipe with .xml extension But named pipes can have ..\ in the name
So when that is used as filename in the copy operation we escape the intended dirs and end up copy my payload into system32.
Along comes the projected file system- again allowing us to specify invalid filenames in directory listings.https://twitter.com/jonasLyk/status/1265551125593362432 …
So, rince and repeat- There is probaly more ways to do this. Like webdav? You can probaly fake such file names easily with that
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
