你可能會喜歡
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy: exploit.ph/des-is-useful.…
This release is probably going to be one of our biggest and most impactful! Kudos to the team @peterwintrsmith @modexpblog @s4ntiago_p @GigelV41464 @saab_sec 🙌
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
Happy to finally share a new blog with @exploitph on our work revisiting the Kerberos Diamond Ticket. ✅ /opsec for a more genuine flow ✅ /ldap to populate the PAC 🆕 Forge a diamond service ticket using an ST We finally gave it a proper cut 💎 huntress.com/blog/recutting…
Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been working on for the past couple months. This dives into DCOM Interfaces that enable remote ETW trace sessions without dropping an agent to disk. Includes a detailed…
My #SOCON2025 talk is now live for those interested in credential guard research. youtu.be/9U_7u849yQQ?fe…
youtube.com
YouTube
Unguarding Microsoft Credential Guard | SO-CON 2025
fwiw, you can speed up cracking RC4 kerberoast tickets by requesting the ticket from the AS without a PAC
Mine and @_dirkjan's @defcon talk, Abusing Windows Hello Without a Severed Hand went live yesterday. We discuss both privileged and unprivileged Windows Hello abuse. Hope you all enjoy it. youtu.be/mFJ-NUnFBac?fe…
youtube.com
YouTube
DEF CON 32 - Abusing Windows Hello Without a Severed Hand - Ceri...
Spent some time updating the TelemetrySource project. - Updated mappings for the Threat-Intelligence provider - Added a folder for the Threat-Intelligence provider + added a README A lot more updates coming soon! Project link: github.com/jsecurity101/T…
Happy Friday! I have gotten a lot of questions around ETW Patching as of late. I decided to write a blog on understanding ETW Patching, check it out! jsecurity101.medium.com/understanding-…
Wow did not have “be in a book” for my 2024 🤯🤩 Thank you Denis Isakov! Thank you @exploitph for always including me in the journey of Kerberos with you 💜!
Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below. Link: github.com/jsecurity101/P… 1/x
Today I am releasing a whitepaper and new tool (ADOKit) as part of my @XForce research I will be presenting at @BlackHatEvents #BHEU on Wednesday. Links are below 🔗 Whitepaper: ibm.com/downloads/cas/… Tool: github.com/xforcered/ADOK…
Working on a new tool that will be ready soon. One thing I can say from the research.... if your environment leverages Windows Hello without TPM's, DO NOT allow the default setting of a digit only based pin. Windows stores the pin length and can be brute forced in seconds.
While I'm at it, I've published the PoC tool used in @4ndr3w6S, @jsecurity101 and my post: trustedsec.com/blog/the-clien… It's just a quick PoC but maybe someone will find it interesting: github.com/0xe7/EventSnip…
Finally updated my RitM tool with the DES TGT session roasting code if anyone is interested. Reminder, this isn't intended to be attack-ready code! github.com/0xe7/RoastInTh… The attack is described in detail in my DES post (currently pinned to my profile).
Like the opsec of NightHawk but missing Aggressor-like scripting functionality? Check out DayBird, an extension I built for NightHawk to allow for automation of operator workflows and initial check-in actions via C# plugins. b:securityintelligence.com/x-force/extend… gh:github.com/xforcered/DayB…
Happy to finally share our slide deck/demo videos from our @texascyber talk, “You DISliked DCSync? Wait For NetSync!” Thank you x3000 to @MindsEyeCCF, for help with the fantastic slides, & my co-presenter/friend/mentor/research partner @exploitph 🤗 github.com/4ndr3w6/Presen…
Continuing with Part 1- @4ndr3w6S and I take a look at the remainder of the attributes on the Hacker Recipies chart. Take a look! And get ready for Part 2! This is a series after all 😎
Part 1B of our new #blog series by @mega_spl0it and @4ndr3W6S is out now! Continue diving into Active Directory (AD) attribute-based detections as they complete stepping through the Hacker Recipes flow chart to identify where an adversary may be hiding. hubs.la/Q0256Z7V0
Continuing on our deep exploration of DACL abuse based detections, @4ndr3w6S and I take a look at object abuses with PowerMad. Remember, just because it may be banal, doesn't mean it doesn't have value! Many common attributes are great environmental baselineing tools!
In Part 2 of our new #blog series by @mega_spl0it and @4ndr3W6S, they build detections for additional attributes, this time focusing on those that can be modified using the #PowerMad tool. Read it now! hubs.ly/Q025hFdr0
Part 3 is out!! @4ndr3w6S and I cover several attributes that are, in our opinion, lesser known. However, some of these had some incredibly interesting attacks/detections. Check it out! And thanks for joining us on this journey! 😁
In the third and final installment of our #blog series by @mega_spl0it @4ndr3W6S DACL-based detections are built, identifying attacks that focus on obscure or lesser-known AD Attributes that fall outside of the scope of Parts 1 and 2. Read it now! hubs.la/Q025N0lk0
trustedsec.com
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
Configuring a SACL to prevent unauthorized changes to Active Directory attributes, enabling auditing and monitoring for potential attacks, and detecting…
United States 趨勢
- 1. #wednesdaymotivation 7,664 posts
- 2. Gold Glove 2,713 posts
- 3. Jay Jones 62.5K posts
- 4. #LoveYourW2025 281K posts
- 5. Good Wednesday 33.8K posts
- 6. Christen Press 3,145 posts
- 7. Young Republicans 117K posts
- 8. Vision Pro 4,004 posts
- 9. Markey 1,641 posts
- 10. #Wednesdayvibe 2,078 posts
- 11. Hump Day 17.1K posts
- 12. Alan Jackson N/A
- 13. Bessent 66.3K posts
- 14. Voting Rights Act 11.8K posts
- 15. Moulton 1,016 posts
- 16. Tami 5,786 posts
- 17. Riggs 1,029 posts
- 18. iPad Pro 7,665 posts
- 19. #GenV 5,989 posts
- 20. #RHOSLC 8,091 posts
你可能會喜歡
-
Will Schroeder
@harmj0y -
S3cur3Th1sSh1t
@ShitSecure -
mpgn
@mpgn_x64 -
Matt Hand
@matterpreter -
Elad Shamir
@elad_shamir -
Charlie Bromberg « Shutdown »
@_nwodtuhs -
Lee Chagolla-Christensen
@tifkin_ -
Bad Sector Labs
@badsectorlabs -
Pixis
@HackAndDo -
LuemmelSec
@theluemmel -
an0n
@an0n_r0 -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
spotheplanet
@spotheplanet -
Ryan Cobb
@cobbr_io -
klez
@KlezVirus
Something went wrong.
Something went wrong.