Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎 github.com/fortra/impacke…

📩 Exchange Exploitation - Part 1 (Without Credentials) Explore Exchange exploitation in Game of Active Directory and learn about attacks without valid credentials. mayfly277.github.io/posts/Exchange…

Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to Dylan Tran and chompie for all their contributions to Loki C2! IBM IBM Security X-Force securityintelligence.com/x-force/bypass…

Glad to publish a blog post on a critical vulnerability I found some months ago on GLPI, that impacts all default installation under a certain version: sensepost.com/blog/2025/leak… We also released a tool that implements some check for known vulnerabilities: github.com/Orange-Cyberde…

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

New blog post just dropped! 🙌 Read the latest from Matt Creel on how an operator can perform situational awareness steps prior to making an Entra ID token request and how tokens can be effectively used once obtained. ghst.ly/4lA5Iqu

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

👇 github.com/ly4k/Certipy/d…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak accompagné de Shadow_gatt 🔥 On aborde le sujet du redteam, des missions, un retour d'expérience pertinent avec un supplément anecdotes ! Bonne écoute à toutes et à tous 🎶 creators.spotify.com/pod/profile/ha…

Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa research.checkpoint.com/2025/stealth-f…

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞 The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: blog.redteam-pentesting.de/2025/reflectiv…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Great course, definitely worth it! Thanks mgeeky | Mariusz Banach 🙏, now I have weeks of homework to do 😅 x.com/mariuszbit/sta…

CVE-2025-33073 is really insane 🤯 Reproduce this attack in GOAD in 3 commands. x.com/Synacktiv/stat…

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect Octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

Ludushound shows the power of community driven innovation in cybersecurity. Beyviel David created an awesome tool to convert bloodhound data into a working lab in 🏟️ Ludus. Replicate complex live environments with automation - and get back to the fun stuff! specterops.io/blog/2025/07/1…

It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…

I wanted to find out if you could start the WebClient service remotely, so I ended up digging into it specterops.io/blog/2025/08/1…