You might like
See your network shares the way attackers do. 👀 Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale. @podalirius_ unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Think your Active Directory has “a few” service accounts? Think again. I wrote a super quick blog post on discovering (potential) service accounts via a PS script, how to clean them up, and some monitoring best practices when admins are misusing them. medium.com/@Debugger/we-h…
Article super intéressant sur les silos d'authentification Windows 👊
Un administrateur local sur une machine compromise peut extraire les secrets d’authentification stockés dans LSASS et, potentiellement, compromettre tout le domaine. 👉 Les silos d’authentification AD offrent une réponse efficace 📖 blog.login-securite.com/les-silos-daut…
Come to see how we discovered and analyzed CVE-2025-33073 with my colleague @yaumn_ at Hexacon today !
📢 NTLM reflection is dead, long live NTLM reflection: Story of an accidental Windows RCE by Wil (@wil_fri3d)
Update on the NTLM reflection attack: ctjf discovered that SMB signing enforcement does NOT protect against the NTLM reflection attack🛡 Cross-protocol relaying is still possible, even with mitigations in place. Only patching your system fully mitigates the vulnerability! 1/4🧵
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
A detailed description of the R&D process with its ups and downs, a great deep dive into Windows internals to try to remotely enable the Web Client service. Great work 👏
Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. @0xthirteen breaks down the service startup mechanics, plus the protocols and technologies. ghst.ly/41QT7GW
Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. @0xthirteen breaks down the service startup mechanics, plus the protocols and technologies. ghst.ly/41QT7GW
If you want to quickly check whether the guest account is enabled, you can now do it with NetExec. This is not enabled by default you need to set the custom flag check_guest_account in your nxc.conf file. Maybe one day it will be set to true by default 🪂
gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.
You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. cymulate.com/blog/zero-clic…
Session enumeration is only possible with admin privileges? That is a problem of the past thanks to the new --reg-sessions core functionality of NetExec, made by @toffyrak🔥
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…
Added a small Quality of Life improvement to NetExec: When the target allows null authentication the host banner automatically displays this info now🚀
In this blog post I explain the fundamental building blocks, vocabulary, and principles of attack graph design for BloodHound: specterops.io/blog/2025/08/0…
hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…
It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…
To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…
Okta chained with Azure with auto MFA subscription for Okta and frame-buster bypass to perform Bitb ! Evilginx is really nice to setup custom phishing campaign whatever the environment is... Phishlet available here : github.com/OtterHacker/Ok…
United States Trends
- 1. $APDN $0.20 Applied DNA N/A
- 2. $SENS $0.70 Senseonics CGM N/A
- 3. $LMT $450.50 Lockheed F-35 N/A
- 4. yeonjun 267K posts
- 5. #CARTMANCOIN 1,960 posts
- 6. Broncos 68K posts
- 7. Raiders 67.2K posts
- 8. Bo Nix 18.7K posts
- 9. #iQIYIiJOYTH2026 1.29M posts
- 10. Geno 19.4K posts
- 11. daniela 56K posts
- 12. Kehlani 11.5K posts
- 13. #Pluribus 3,153 posts
- 14. Sean Payton 4,884 posts
- 15. #PowerForce 1,067 posts
- 16. #NOLABELS_PART01 115K posts
- 17. Danny Brown 3,339 posts
- 18. John Wayne 1,098 posts
- 19. Tammy Faye 1,675 posts
- 20. Kenny Pickett 1,528 posts
You might like
-
Elad Shamir
@elad_shamir -
Charlie Bromberg « Shutdown »
@_nwodtuhs -
mpgn
@mpgn_x64 -
Will Schroeder
@harmj0y -
S3cur3Th1sSh1t
@ShitSecure -
DirectoryRanger
@DirectoryRanger -
Rémi GASCOU (Podalirius)
@podalirius_ -
SpecterOps
@SpecterOps -
Swissky
@pentest_swissky -
Lee Chagolla-Christensen
@tifkin_ -
topotam
@topotam77 -
🥝🏳️🌈 Benjamin Delpy
@gentilkiwi -
Matt Hand
@matterpreter -
Bad Sector Labs
@badsectorlabs -
LuemmelSec
@theluemmel
Something went wrong.
Something went wrong.