A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by kalimero. synacktiv.com/advisories/mic…

Released GHunt 2.3.3 with a new module : 🕷️ Spiderdal ! Put a domain name and quickly find tied assets, including the hidden ones, by abusing Google's assets links statements. New way for doing recon before a pentest ! 🥳

Pretty interesting article to start digging into Intune !

Following the release of IPSpinner last week, now is the time to unveil CaptainCredz! Perform advanced, fine-grained password spraying while remaining under the radar for your next Red Team engagement 🔥 github.com/synacktiv/capt…

An interesting package just arrived at home! 👀 I'm starting to contribute to the DVID project by writing new trainings, and working on the wiki page. 🚀 If you are interested IoT security, check it out ! dvid.eu

In our latest article, laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at synacktiv.com/publications/l….

This looks off to you? Yeah... In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory! This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow. But it can get even worse 1/4🧵

New Active Directory Mindmap v2025.03! 🚀 📖 Readable version: orange-cyberdefense.github.io/ocd-mindmaps/i… 🔧 Now fully generated from markdown files—way easier to update and maintain! 💡 Got improvements? PRs welcome! 👉 github.com/Orange-Cyberde…

If you thought phishing was now ineffective, you may have missed something 👀 My latest post highlights the advanced tactics used to bypass security controls and deceive even the most savvy users. Check it out ⤵️

Make Bloodhound Cool Again: Migrating Custom Queries from Legacy BloodHound to BloodHound CE medium.com/seercurity-spo…

Following the recent Synacktiv 's article about abusing WebClient authentications from multicast poisoning, I have made a quick PR on Responder to simplify the setup: github.com/lgandx/Respond…

Just finished to refactor my network #pivoting cheatsheet! If you are in an internal engagement, and you're stuck on a pivot, perhaps the solution will lie there: hideandsec.sh/books/cheatshe…

Kerberos relay on The Hacker Recipes, brought to you by BlackWasp 💪 thehacker.recipes/ad/movement/ke…

I've just completed the MalDev Academy Malware Development Course. The course presents modern techniques for bypassing security solutions, low-level development and evasion. I would totally recommend this course to Red Team operators requiring a high level of discretion!

Things are getting serious!

Currently, if this patch is not deployed in an Active Directory, anyone with a user account is able to takeover any assets, except for DC, by default!

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Thanks SentinelOne for the gift 😄