You might like
New on the blog: @michaelbarclay_ revives registry-based tradecraft using a telemetry gap in the hive restoration process. The blog also includes PoC code and detection guidance. 📃 preludesecurity.com/blog/rehabilit…
Implemented a number of persistence methods in a BOF. Nothing ground breaking but might be useful to some. github.com/leftp/RegPersi…
Inspired by @TrustedSec article on remotely starting Windows services, enjoy our python unauthenticated EFS trigger developed with @Hypnoze57 Enjoy! github.com/Hypnoze57/rpc2…
Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge. research.google/resources/data… Dataset is available for download at: ▪️console.cloud.google.com/storage/browse… [Login required] ▪️gs://net-ntlmv1-tables
![sekurlsa_pw's tweet image. Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge.
research.google/resources/data…
Dataset is available for download at:
▪️console.cloud.google.com/storage/browse… [Login required]
▪️gs://net-ntlmv1-tables](https://pbs.twimg.com/media/G4B_bWxW4AAdjlR.png)
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm
Remotely enable the EFS service for Win11 systems? No problem with rpcping. Just worked for me from remote with a low privileged user. 🧐
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services. In our new blog, @freefirex2 breaks down the types of service triggers that exist and how they can be activated with little to no code required. trustedsec.com/blog/theres-mo…
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…
What I learned today. Nice - I wasn't aware of the InstallProduct method from PowerShell to fetch a remotely hosted MSI file and subsequently install it. Invoke-WebRequest is one of the more popular methods, at least in our incident response cases. As always, there is more!…
Whenever I see people say the red teaming should only use TI, it seems unusual because if you're mature enough to need a red team, your EDR vendor will likely pick up on many currently known threats in the public eye. At that point, you're stuck modifying things away from what's…
This is so much! 🔥🔥😎 Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate. github.com/warpnet/MS-RPC…
Since several people already asked: the slides from @fabian_bader and myself for @WEareTROOPERS are available! "Finding Entra ID CA bypasses-the structured way". We talked about FOCI, BroCI, CA bypasses, scopes and getting tons of tokens. Check it at dirkjanm.io/talks/
[BLOG] Integrating Tradecraft Garden PIC loaders into Cobalt Strike rastamouse.me/harvesting-the…
While posted jokingly, "Read Teaming" is very much is the reality of the current state of Red Teaming. If you want to learn about why this approach is both highly effective and gaining popularity, check out: deceptiq.com/blog/rise-of-r…
deceptiq.com
Read Teaming: How Modern Attackers Bypass EDR & Security Tools | Deceptiq
Discover why 'Read Teaming' attacks bypass traditional security. Learn how attackers use your own documentation against you and why deception is critical.
WMI Research and Lateral Movement blog.fndsec.net/2024/09/11/wmi… TLDR: In this article, we will go over the WMI technology, the potential attack vectors it opens, some detection pitfalls (from an attacker’s perspective), and how we can enumerate the technology for useful capabilities.…
As promised... this is Loki Command & Control! 🧙♂️🔮🪄 Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki
KrbRelayEx-RPC tool is out! 🎉 Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;) github.com/decoder-it/Krb…
The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: @_splitline_
Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈
Worst fit is a Windows attack surface that exploits the Best-Fit charset conversion feature! This attack provides path traversal, argument injection, and RCE in numerous well known applications! Links in next post👇
every time someone wants help with getting a job in cs and i recommend them a plan or a course they always end up not doing it i've had exactly 1 friend actually follow through and now he works at a large bank you need to do the hard things. the industry is tough. i find that…
United States Trends
- 1. #IDontWantToOverreactBUT N/A
- 2. Thanksgiving 140K posts
- 3. Jimmy Cliff 20.7K posts
- 4. #GEAT_NEWS 1,190 posts
- 5. #WooSoxWishList N/A
- 6. $ENLV 15K posts
- 7. #MondayMotivation 12.5K posts
- 8. Victory Monday 3,626 posts
- 9. Good Monday 49.7K posts
- 10. DOGE 225K posts
- 11. #NutramentHolidayPromotion N/A
- 12. Monad 165K posts
- 13. $GEAT 1,159 posts
- 14. The Harder They Come 2,952 posts
- 15. Feast Week 1,651 posts
- 16. TOP CALL 4,683 posts
- 17. Many Rivers to Cross 2,641 posts
- 18. Bowen 16.3K posts
- 19. $NVO 3,453 posts
- 20. Soles 96.4K posts
Something went wrong.
Something went wrong.