It was published a year ago but I still think HTTP418's AD CS blog post is one of the best out there: concise, easy to understand and well written. http418infosec.com/ad-cs-the-cert…

A good read on attacks targeting both on-premises and cloud-based Active Directory environments.

New lab 🏰 for the GOAD project 🥳: SCCM You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware. More information here: mayfly277.github.io/posts/SCCM-LAB… Repository here : github.com/Orange-Cyberde… Thx again Kenji Endo for your help to building this !

Pwn Azure cloud ➡️ pwn AD ➡️ pwn Entra ID ➡️ pwn Google Cloud! Interesting attack paths and order of pivoting by Mandiant (part of Google Cloud) Google Cloud Security in this paper on applying the tiering model to cloud identity and infra services.google.com/fh/files/misc/…

With the recent fuss about linpeas.sh hosting the wrong script, I wrote about exercising caution during cybersecurity engagements. Cybersecurity assessments must be conducted carefully to avoid compromising our clients' security. hacknshare.com/posts/caution-…

4D is a full-stack web technology you may not have heard of. Enzo Cadoni and I briefly wrote about its attack surface, hoping to spark interest in this technology. Here is the 1st part of the blog post: hacknshare.com/posts/4d-attac… The 2nd part is linked inside.