Andrea P
@decoder_it
Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
Bạn có thể thích
When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc @splinter_code Our writeup here: labs.sentinelone.com/relaying-potat…
Another good reason to run #PurpleKnight against your AD: Are you missing LDAP/S channel binding? 🔒 Don't let this gap open 😎
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
In my long history of submissions, I think this is the first time one has been marked as critical😅
BadSuccessor is dead… or is it? 👀 It's more than a bug, it's a technique. Microsoft patched CVE-2025-53779, but analysis by @YuG0rd shows that while the patch closed the door, an attacker can get in through the keyhole in some scenarios. Read more: akamai.com/blog/badsucces…
In Windows 2025 / 24H2 MS updated lsasrv.dll with new Neg...Ex() functions, signaling the introduction of a "NTLM-less'" feature 🤔
Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…
Am I the only one who finds all the Entra/Azure/O365/etc.. sec stuff so boring? Every time I promise myself I’ll finally dig deep and take it seriously… I give up halfway. I really need help finding the right motivation.😅
Excellent research by my colleague @RedPanda4Good, exploring the path from golden gMSA to golden dMSA :)🔥
Golden dMSA: One key to rule them all Just found a new flaw in Windows Server 2025's dMSAs that lets attackers brute-force ALL managed service account passwords with 1024 attempts. This research builds on the awesome research Golden gMSA (@YuG0rd ). semperis.com/blog/golden-dm…
Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 romhack.io/romhack-confer… #infosec #securityconference
Regarding #CVE-2025-33073 fixing NTLM/Kerberos reflection attacks via SMB: the patch only covers SMB clients. The "CredMarshal" trick still works on RPC and HTTP. But those protocols sets the unverified target flags, which block exploitation. So, is reflection dead? Let’s see…
At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…
semperis.com
New nOAuth Abuse Alert: Entra Cross-Tenant Saas Apps at Risk
Think nOAuth abuse is old news? We wish. Our recent testing shows that nearly 10% of apps in the Microsoft Entra Gallery remain vulnerable.
Looks like the patch for #CVE-2025-33073 might not fully resolve the issue... curious to see where this leads
No disrespect to Linus Torvalds, but this guy is the greatest geek alive 🫡 Created UNIX in 1971 when he was 28 years old. Created Go in 2009 when he was 66 years old😲 He also developed the B programming language (which led to C), created UTF-8 encoding (making international…
Attention @kalilinux users! In the coming day(s), apt update is going to fail for pretty much everyone. The reason? We had to roll a new signing key for the Kali repository. You need to download and install the new key manually: offs.ec/4lUEtak
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…
Call for Papers for #Romhack2025 is still open! If you have cool research to share, don’t hesitate to submit. The perfect setting for great talks, great company, and a chance to visit the "Città Eterna". cfp.romhack.io/romhack-2025/c…
United States Xu hướng
- 1. Chiefs 94.2K posts
- 2. Brian Branch 5,280 posts
- 3. Mahomes 28K posts
- 4. #TNABoundForGlory 46.3K posts
- 5. #LoveCabin N/A
- 6. LaPorta 9,735 posts
- 7. Goff 12.9K posts
- 8. #OnePride 6,152 posts
- 9. Bryce Miller 3,979 posts
- 10. Kelce 14.7K posts
- 11. Butker 8,137 posts
- 12. #DETvsKC 4,654 posts
- 13. #ALCS 10.2K posts
- 14. Dan Campbell 2,624 posts
- 15. Mariners 46.4K posts
- 16. Gibbs 5,506 posts
- 17. Pacheco 4,769 posts
- 18. Baker 52.3K posts
- 19. Collinsworth 2,769 posts
- 20. Tyquan Thornton 1,179 posts
Bạn có thể thích
-
x86matthew
@x86matthew -
Elad Shamir
@elad_shamir -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
S3cur3Th1sSh1t
@ShitSecure -
Matt Hand
@matterpreter -
Lee Chagolla-Christensen
@tifkin_ -
Marcello
@byt3bl33d3r -
Rasta Mouse
@_RastaMouse -
Antonio Cocomazzi
@splinter_code -
SkelSec
@SkelSec -
mpgn
@mpgn_x64 -
Ryan Cobb
@cobbr_io -
Adam Chester 🏴☠️
@_xpn_ -
an0n
@an0n_r0 -
spotheplanet
@spotheplanet
Something went wrong.
Something went wrong.