Andrea P
@decoder_it
Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
Może Ci się spodobać
When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc @splinter_code Our writeup here: labs.sentinelone.com/relaying-potat…
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅decoder.cloud/2025/11/24/ref…
We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇
I'm still wondering why Microsoft didn't apply the same patch in RPC/DCOM that they did in the SMB client to block the CredMarshalTargetInfo abuse (<host>1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA) 🤷
Asking the experts: what would be a good conference in Europe in spring 2026 to submit a talk to?
Brand-new admin protection bypasses by @tiraniddo As usual, awesome work! 💪💪💪 project-zero.issues.chromium.org/issues/4323136… and project-zero.issues.chromium.org/issues/4324396…
Tourism Minister Daniela Santanchè posts an article by @annabelmaud from The Telegraph and suggests that a family moved to Italy to live a better life. Too bad the full article says something completely different. The post has been removed. Nov 8, 2025
Millions on security tools and bureaucratic security, zero on configs: NTLMv1, LM, no signing, no channel binding , full ESC buffet. What’s wrong here?
Italians still keep moving away from Italy. That’s one reason why youth unemployment improved over the last decade (there are just no young Italians left to be unemployed). Germany remains the top destination. HT @maps_interlude
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploitin… 🙃
One of the vulnerabilities I recently reported msrc.microsoft.com/update-guide/v… has been fixed. More details soon :) It’s getting harder and harder to keep finding bugs...my brain isn’t as sharp as it once was 😅
Another good reason to run #PurpleKnight against your AD: Are you missing LDAP/S channel binding? 🔒 Don't let this gap open 😎
United States Trendy
- 1. FIFA 186K posts
- 2. FINALLY DID IT 426K posts
- 3. The Jupiter 96.6K posts
- 4. The WET 107K posts
- 5. Infantino 40.9K posts
- 6. Matt Campbell 8,047 posts
- 7. Lauryn Hill 10K posts
- 8. The BONK 241K posts
- 9. Warner Bros 195K posts
- 10. Morocco 51.6K posts
- 11. Iowa State 7,177 posts
- 12. Kevin Hart 5,832 posts
- 13. Rio Ferdinand 3,464 posts
- 14. $MAYHEM 2,849 posts
- 15. Hep B 11.6K posts
- 16. #NXXT_AI_Energy N/A
- 17. #FanCashDropPromotion 2,894 posts
- 18. #USMNT N/A
- 19. HBO Max 76.8K posts
- 20. Group D 9,824 posts
Może Ci się spodobać
-
x86matthew
@x86matthew -
Elad Shamir
@elad_shamir -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
S3cur3Th1sSh1t
@ShitSecure -
Matt Hand
@matterpreter -
Lee Chagolla-Christensen
@tifkin_ -
Marcello
@byt3bl33d3r -
Rasta Mouse
@_RastaMouse -
Antonio Cocomazzi
@splinter_code -
SkelSec
@SkelSec -
mpgn
@mpgn_x64 -
Ryan Cobb
@cobbr_io -
Adam Chester 🏴☠️
@_xpn_ -
an0n
@an0n_r0 -
spotheplanet
@spotheplanet
Something went wrong.
Something went wrong.