"The Renaissance of NTLM Relay Attacks: Everything You Need to Know" by Elad Shamir (SpecterOps) 🔥 One of the best overview of NTLM relay technique I've ever seen. (and the styling is is an art in itself!) #redteam #security #infosec #windows specterops.io/wp-content/upl…

🛠️ WSASS - a tool that uses the old WerfaultSecure.exe program to dump the memory of processes protected by PPL (Protected Process Light), such as LSASS.EXE. The output is in Windows MINIDUMP format. github.com/2x7EQ13/WSASS

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

JUST IN: ISRAELI DRONE FOOTAGE REVEALS THE SCALE OF DESTRUCTION IN GAZA

This tool is going to improve my AD workflow! github.com/p0dalirius/sha…

A new module just got merged into NetExec: raisechild🔥 Made by azoxlpf to automatically abuse domain trust to pivot to other domains. It will: - Dump the krbtgt hash of the child domain - Enumerate trusted domains - Craft a TGT for trusted/parent domain

Dumping juicy secrets from SAM/LSA is always nice right? I've added an implementation for the --sam and --lsa flags to the MSSQL protocol of NetExec🚀 No need for manual registry hive extraction anymore!

Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅decoder.cloud/2025/11/24/ref…

Gray Hats It’s not about a PoC. The article shown in the screenshot is taken from my blog post about the recent reflection attack techniques in general: decoder.cloud/2025/11/24/ref…

how to hack discord, vercel and more with one easy trick kibty.town/blog/mintlify/

Cancel me. Israel is a barbaric and sick state populated by savages, and the world would be a better place if is never existed and ceased to exist.

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using-ntl…

Lots of recent posts on NTLM reflection → AD compromise. To be clear: real fix is CVE-2025-54918, not CVE-2025-33073. Until Oct 2025, any user could own a 2025 domain if DCs ran Print Spooler. shorturl.at/4WpRh

Want stronger #LDAP security without accidentally taking down production? Scott Blake walks through how LDAP Signing and Channel Binding work, what Windows Server 2025 changes by default, and why “audit before enforce” should be your new favorite phrase. hubs.la/Q040TCz20

🚀Our tool keycred for KeyCredentialLinks and Shadow Credential attacks now works with updated domain controllers again! It turns out, Microsoft violated their own specs. Try it out: github.com/RedTeamPentest…

I ended up quickly modifying ntlmrelayx to support these changes so that relays to LDAP are possible again, thanks y'all for your hard work on figuring this out! You can find the changes here: github.com/logangoins/imp…

this deserves to be on your timeline once again.

Changes in NTLM relay in Windows Server 2025 Research by Decoder reveals that Windows Server 2025 introduces hidden modifications to Microsoft’s authentication mechanisms that affect how "NTLM relay" attacks work. The study focuses on how new policies and updated "SMB", "LDAP",