Constantin
@HackmichNet
Windows security novice ... Always try to learn something new ... Happy hacking
You might like
Extracting #Azure Access Tokens from various processes like #Word, #Excel, #PowerShell and many more. github.com/HackmichNet/Az…
The Azure AD Broker plays a key role in Entra ID sign-in & token handling, but how well do we really understand it? @winternl_t unpacks its on-disk cache, how to decode it, & the security implications. 🔐 ghst.ly/4oTR4v5
Check out our new blog post on instrumentation callbacks (ICs). In this first part of this blog series, we’re discussing an undocumented feature of Windows: instrumentation callbacks (ICs). You will learn how ICs are implemented and how you can use them to log and spoof syscalls…
KrbRelayEx: Manipulating DNS entries to take over the Domain GitHub: github.com/decoder-it/Krb… KrbRelayEx is a program that intercepts and forwards Kerberos authentication requests (AP-REQ tickets) to carry out man-in-the-middle attacks.
New Titanis release => github.com/trustedsec/Tit… Mostly Kerberos enhancements: - S4U2self and S4U2proxy - Change/Set password - Generate crypto key on command line ASN.1 saw some major changes to pave the way for some upcoming enhancements
![codewhisperer84's tweet card. Be sure to check the new Authentication Guide for an overview of the different authentication scenarios. Enhancements Kerberos S4U2self and S4U2proxy ([MS-SFU]) S4U with user certificate Renew...](https://pbs.twimg.com/card_img/1985382973940604928/qPYJpELx?format=jpg&name=orig)
ADCSDevilCOM 📍 A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB…
Today, I am releasing the COM-Fuzzer. Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. github.com/warpnet/COM-Fu…
AdminSDHolder: the AD security feature everyone thinks they understand but probably don't. 😬 @JimSycurity went to the source code to debunk decades of misconceptions — including ones in Microsoft's own docs. Read more ⤵️ ghst.ly/3Lpmjzv
Technical Writeup: version.dll Sideloading, Proxying, and Hooking github.com/kas-sec/versio…
I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…
''Yet Another DCOM Object for Command Execution Part 1'' #infosec #pentest #redteam #blueteam sud0ru.ghost.io/yet-another-dc…
Tools such as PsExec.py from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour. With RustPack, you can easily create…
Forget common backdoors — a DLL hijack in Windows Narrator can grant SYSTEM-level persistence at login. In our new blog, @Oddvarmoe shows how attackers abuse accessibility features and what defenders should monitor. Read now! trustedsec.com/blog/hack-cess…
Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access? github.com/kfallahi/Under… 400 lines Powershell - easy peasy ❤️🔥
NTLM Password Changer - A PowerShell utility that changes Windows account passwords through the native Samlib.dll API, the same low-level library used by Windows itself for SAM and NTLM account management. github.com/kfallahi/NTLMP…
Last month, @d_tranman and I gave a talk @MCTTP_Con called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft. Check out the slides here: github.com/bohops/COM-to-… Recording should be released soon.
BYOVD to the next level (part 1). exploiting a vulnerable driver (CVE-2025-8061) TLDR; This blog post is about how to abuse a vulnerable driver to gain access to Ring-0 capabilities. blog.quarkslab.com/exploiting-len…
Exhaustive search and flexible filtering of Active Directory ACEs github.com/cogiceo/DACLSe…
Ever wanted to exhaustively list every ACE your user has on AD objects? Well, it’s now possible with DACLSearch. Whether for security research or making sure you didn't miss an interesting ACE, this tool is for you. 🔗 Repo link : github.com/cogiceo/DACLSe…
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm
United States Trends
- 1. #BUNCHITA 1,299 posts
- 2. #SmackDown 43.5K posts
- 3. Tulane 4,056 posts
- 4. Aaron Gordon 2,968 posts
- 5. Giulia 14K posts
- 6. Supreme Court 178K posts
- 7. Russ 13.1K posts
- 8. #TheLastDriveIn 3,379 posts
- 9. Connor Bedard 2,542 posts
- 10. Podz 2,742 posts
- 11. #OPLive 2,231 posts
- 12. #TheFutureIsTeal N/A
- 13. Caleb Wilson 5,541 posts
- 14. Northwestern 4,908 posts
- 15. Memphis 15.8K posts
- 16. Frankenstein 73.8K posts
- 17. Scott Frost N/A
- 18. Rockets 20K posts
- 19. Justice Jackson 5,072 posts
- 20. Isaiah Hartenstein 1,049 posts
Something went wrong.
Something went wrong.