Andrea P
@decoder_it
Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
قد يعجبك
When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc @splinter_code Our writeup here: labs.sentinelone.com/relaying-potat…
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅decoder.cloud/2025/11/24/ref…
We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇
I'm still wondering why Microsoft didn't apply the same patch in RPC/DCOM that they did in the SMB client to block the CredMarshalTargetInfo abuse (<host>1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA) 🤷
Asking the experts: what would be a good conference in Europe in spring 2026 to submit a talk to?
Brand-new admin protection bypasses by @tiraniddo As usual, awesome work! 💪💪💪 project-zero.issues.chromium.org/issues/4323136… and project-zero.issues.chromium.org/issues/4324396…
Tourism Minister Daniela Santanchè posts an article by @annabelmaud from The Telegraph and suggests that a family moved to Italy to live a better life. Too bad the full article says something completely different. The post has been removed. Nov 8, 2025
Millions on security tools and bureaucratic security, zero on configs: NTLMv1, LM, no signing, no channel binding , full ESC buffet. What’s wrong here?
Italians still keep moving away from Italy. That’s one reason why youth unemployment improved over the last decade (there are just no young Italians left to be unemployed). Germany remains the top destination. HT @maps_interlude
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploitin… 🙃
One of the vulnerabilities I recently reported msrc.microsoft.com/update-guide/v… has been fixed. More details soon :) It’s getting harder and harder to keep finding bugs...my brain isn’t as sharp as it once was 😅
Another good reason to run #PurpleKnight against your AD: Are you missing LDAP/S channel binding? 🔒 Don't let this gap open 😎
United States الاتجاهات
- 1. World Cup 223K posts
- 2. Paraguay 23.2K posts
- 3. FINALLY DID IT 426K posts
- 4. The Jupiter 96.8K posts
- 5. Morocco 63.6K posts
- 6. Croatia 18K posts
- 7. Argentina 198K posts
- 8. Portugal 83.5K posts
- 9. Infantino 58.5K posts
- 10. #USMNT 1,278 posts
- 11. Matt Campbell 9,849 posts
- 12. Group L 12.8K posts
- 13. Ghana 68.6K posts
- 14. Norway 29.2K posts
- 15. Wayne Gretzky 3,654 posts
- 16. Senegal 39.7K posts
- 17. Lauryn Hill 10.4K posts
- 18. Iowa State 8,426 posts
- 19. Warner Bros 216K posts
- 20. #Mundial2026 31.3K posts
قد يعجبك
-
x86matthew
@x86matthew -
Elad Shamir
@elad_shamir -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
S3cur3Th1sSh1t
@ShitSecure -
Matt Hand
@matterpreter -
Lee Chagolla-Christensen
@tifkin_ -
Marcello
@byt3bl33d3r -
Rasta Mouse
@_RastaMouse -
Antonio Cocomazzi
@splinter_code -
SkelSec
@SkelSec -
mpgn
@mpgn_x64 -
Ryan Cobb
@cobbr_io -
Adam Chester 🏴☠️
@_xpn_ -
an0n
@an0n_r0 -
spotheplanet
@spotheplanet
Something went wrong.
Something went wrong.