I'm reading a blog post about a remote code execution within VirusTotal where I can not identify any VT machine. Some people confuse 3rd party machines with VT machines, it's not a new thing. Many partners and 3rd parties download and process VT feed to do their stuff.

No PKINIT? No problem! Thanks to team members Yannick and drm, you now have a way to (ab)use your ill-earned ADCS certificates even when domain controllers do not support PKINIT offsec.almond.consulting/authenticating…

Finally developed a minimal PoC for NtCreateUserProcess(). Here's something I'd like to share about it. #redteam #maldeve #infosec captmeelo.com/redteam/maldev…

🦥 Everyone learned to run pip install colorama to exploit Atlassian Confluence RCE (CVE-2022-26134), so let’s see how the vulnerability works under the hood. Here we show our simplified payload which demonstrates a workflow inside the vulnerable code ⤵️

Minor changes to Oliver Lyak\Certipy to make it compatible with Almond OffSec\PassTheCert. Now you can use both PKINIT and Schannel when dealing with ESC4! Find out more 👇 github.com/ly4k/Certipy/p…

We've extended mitch\ntlm_challenger with MSSQL support! This is useful when network segmentation prevents from reaching the SMB port ➡️ github.com/nopfor/ntlm_ch…

I just discovered that people copy texts from internet into a github book, then ask money and sponsors because of the great effort of doing ctrl + c && ctrl + v. What a trick!

New blog post about Azure AD Principals and access permissions. csandker.io/2022/10/19/Unt…

AutoDial(dll)ing Your Way - Lateral Movement and LSASS SSP using AutodialDLL, a new blog post and tool release (DragonCastle) by X-C3LL mdsec.co.uk/2022/10/autodi…

💥One shell to HANDLE them all New approach to escalate privileges from a web shell by abusing open token handles. #RedTeam /cc Kurosh Dabbagh ➡ tarlogic.com/blog/token-han…

Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc Antón Ortigueira Kurosh Dabbagh ➡️ github.com/blackarrowsec/…

Have you ever tried exploiting a Spring Boot Actuators RCE but the restart endpoint was disabled? ⬇️ Abuse this behaviour using this #TrickOrThreat by Antón Ortigueira

Boas Xente! Dende o Barbanza RC queremos acercar o mundo do rugby a maior xente posible polo que este sabado 6 de Maio imos montar un pequeno adestramento e comida posterior. Se algun dia pensaches en probar este marabilloso deporte, este é o teu momento! (1/2)

In our latest post, ☞ zǝuıʇɹɐɯ olqɐd ☜ introduces a new technique to obtain cleartext passwords from MSSQL by abusing linked servers through the ADSI provider. ➡️ Read more: tarlogic.com/blog/linked-se…

Watchguard has fixed 4 vulnerabilities in Watchguard EPDR discovered by our researchers Antón Ortigueira and Marcos Díaz. These vulnerabilities can be used to turn-off the defensive capabilities of the product and achieve privilege escalation. ➡️ Advisories: watchguard.com/es/wgrd-psirt/…

The Navaja Negra Conference conference is just around the corner! Kurosh Dabbagh will be on-site to talk about malware development and EDR evasion. ➡️ Read more: navajanegra.com/2023/speaker/k…

🖱Did you know that your wireless mouse can be spoofed to take control of your computer? The Tarlogic Innovation team has developed #BSAM, the first methodology to audit #Bluetooth devices and avoid situations like that 👇 tarlogic.com/news/bsam-blue…

As someone involved in the AWS offsec space, I want to share why I strongly do NOT recommend the HackTricks AWS Red Team Expert course. The author of it is a plagiarist, stealing content from other creators and is directly profiting off of it through sponsorships. A 🧵

Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…

Our colleagues Kurosh Dabbagh & Inés will be at #HackOn2024 presenting an alternative approach to ROP-based sleep obfuscation technique to evade memory scanners. ➡️ Read more: hackon.es/charlas/In%C3%…