You might like
One compromised Microsoft Entra ID or Azure account can lead to a full tenant takeover. Our new framework ranks roles by risk and adds strong MFA + secure admin workstations to protect the most critical accounts. Read the whitepaper: bit.ly/47GbPTU
WDAC Managed Installers explained: Instead of trusting individual files, trust the process that installs them (ConfigMgr, Intune, etc.) Files get NTFS Extended Attributes → WDAC trusts them → No explicit rules needed Limitations & gotchas in our new blog 👇…
Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access? github.com/kfallahi/Under… 400 lines Powershell - easy peasy ❤️🔥
All of the #ActiveDirectorySecurityTips I posted here are now located on ADSecurity.org adsecurity.org/?tag=activedir…
Quick wins for hardening Active Directory that actually move the needle… (Not in any particulate order) 1. Run Locksmith and fix all findings 2. Make sure all admin accounts have unique, strong passwords 3. Use fine-grained password policies 4. Remove unnecessary accounts…
Excellent work as always, and wow 🤯 what a vulnerability
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).…
Powerful KQL Operators You Didn't Know You Needed rodtrent.substack.com/p/powerful-kql… #MustLearnKQL #KQL #KQLMysteries
Passwordless RDP Authentication for On-Prem Servers with Smart Cards (FIDO2 Security Key) dlvr.it/TL60BH
Windows Internals Crash Course, by @mrexodia youtu.be/I_nJltUokE0
youtube.com
YouTube
Windows Internals Crash Course
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role: github.com/badsectorlabs/…
⚡️ Loki C2 just leveled up! 🍄🧙♂️ 🔗 Agents can now link to each other, and across platforms! 🔗 No internet? No problem. Chain them, pivot deep, and keep moving! @XForce @IBM @IBMSecurity Check out the new release here: github.com/boku7/Loki
Looking to extend your phishing-resistant MFA deployment to remote desktop connections? We have published some great guidance covering several different scenarios so you can understand what support looks like with those authentication flows - learn.microsoft.com/en-us/entra/id…
This isn’t a Microsoft problem. It’s not an ANY.RUN problem either. It’s a problem when orgs accept the risk of submitting confidential data using API keys tied to free accounts – which by default create public submissions. If you do that, you’re basically…
🚨 Important: False positive from MS Defender XDR has led to 1,700+ sensitive docs being shared publicly via #ANYRUN alone. A couple of hours ago we saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ANYRUN's sandbox. After research, we've discovered that…
Two new ASR rules are now generally available: ◽Block rebooting machine in Safe Mode ◽Block use of copied or impersonated system tools learn.microsoft.com/en-us/defender…
Must read this analysis of EntraID critical roles from an attacker's perspective because they enable (by Elli Shlomo, based on Merril Fernando diagram): - Initial Privilege Escalation: Compromising a low-profile role like Application Administrator or Password Administrator can…
🚨 Microsoft Warns: Fake Booking[.]com Emails Deploying Malware! Hackers are using a new social engineering trick—ClickFix—to target the hospitality sector. Victims unknowingly copy-paste a command that launches data-stealing malware. ⚠️ How the scam works: 🔹 Fake…
![TheHackersNews's tweet image. 🚨 Microsoft Warns: Fake Booking[.]com Emails Deploying Malware!
Hackers are using a new social engineering trick—ClickFix—to target the hospitality sector. Victims unknowingly copy-paste a command that launches data-stealing malware.
⚠️ How the scam works:
🔹 Fake…](https://pbs.twimg.com/media/Gl7kVTuWsAAVL0l.png)
United States Trends
- 1. Daboll 37K posts
- 2. Pond 238K posts
- 3. Schoen 19K posts
- 4. Schoen 19K posts
- 5. Veterans Day 21.7K posts
- 6. Giants 73K posts
- 7. Joe Burrow 5,786 posts
- 8. Go Birds 11.7K posts
- 9. Zendaya 8,455 posts
- 10. Joe Dirt N/A
- 11. Dart 23.6K posts
- 12. Kim Davis 13K posts
- 13. #jimromeonx N/A
- 14. Marines 62.8K posts
- 15. Hanoi Jane 1,044 posts
- 16. #ROBOGIVE 1,124 posts
- 17. Johnny Carson N/A
- 18. Marte 3,695 posts
- 19. Jeffries 41.5K posts
- 20. Semper Fi 12K posts
Something went wrong.
Something went wrong.