Hola folks, With Hacka-demic in close sight, we are glad to announce the prizes and goodies awaiting the winners. Hoping the poll has added flavors to your curiosity on the possible themes, we are more than excited to witness your take on our themes. (1/2)

15+ hrs into the CTF and we are seeing some intense competition here :P If you havent registered yet shoot here: boot2root2020.tech #boot2r00tctf2020

b00t2root CTF ended! Hearty congratulations to team @ByteForc3, @Zh3r00 and 0x90 r00t for bagging the top three positions! We would also like to thank our esteemed sponsors OffSec Vector 35 for sponsoring the prizes. Adieu guys! See you all next year :)

Containerd breakout PoC (jtd), the "glue" principle (LuemmelSec), lockscreen bypass (Jonas L), VBox escape 0day (Sauercloud), beacon shellcode generator (Ryan Stephenson), browser backdoor (dylan), nim obfuscation (Moloch), + more! blog.badsectorlabs.com/last-week-in-s…

New Write-up on InfoSec Write-ups publication : "Finding My First Bug: HTTP Request Smuggling" #bugbounty #bugbountywriteup #bugbountytips ift.tt/3jM5DAu

@l42Y_ Works fine for me.

Revisiting an old bug which paid off really well during a previous Red Team op. The good old Microsoft Exchange unauthenticated email relay. This was particularly impactful. Here's why: 🌶️Unauthenticated 🌶️No phishing infra needed 🌶️Emails land directly in user's inbox (1/4)

I'm proud to present a new tool, #LDAPmonitor! With this you can monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! Lots of authentication types are supported, and output can be saved to a file. github.com/p0dalirius/LDA…

Takeover an entire domain by resetting passwords! We detailed how to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus in this blogpost synacktiv.com/publications/h… Antoine Cervoise - @tiyeuse

My recent Bounties 🤑

[#thread 🧵] Last week in #Microsoft #PatchTuesday, a critical vulnerability was patched that theoretically allows attackers to achieve Remote Code Execution on a target #IIS server (CVE-2022-21907). I'll explain how it works in this thread ⬇️

New Interruptor 0.1 release 🔥 add Follow Thread 🥳, Kernel API constants usable by their names into hooks🥰, configurable output, smart modules/interrupts filtering github.com/FrenchYeti/int…

Trying to learn security research and getting overwhelmed by all the details? I just published a guide showing my process for step-by-step analysis of a security feature: windows-internals.com/an-exercise-in…

Here are the slides for my talk « Delegating Kerberos to bypass Kerberos delegation limitation » 😈 at Insomni'hack #INS22 thehacker.recipes/ad/movement/ke…

No PKINIT? No problem! Thanks to team members Yannick and drm, you now have a way to (ab)use your ill-earned ADCS certificates even when domain controllers do not support PKINIT offsec.almond.consulting/authenticating…

This PowerShell one-liner will open a visible IE browser in Windows 11: $(new-object -com internetexplorer.application).Visible=$true

Interesting account takeover of the day. The site was hosting their pentest.test.com on amazonaws While resetting my password I have noticed that the host was getting passed in json body

Open redirect vulnerability and how to use it "correctly" in bug bounty 🙃 link.medium.com/ftOSGKkZtqb

Thread - Confluence Blind OGNL Injection analysis from our limited java knowledge. From vulnerable sink to becoming admin of the confluence instance. #CVE-2022-26134. Tested on latest vulnerable version 7.18.0.

Added a new technique in Patriot to identify suspicious CONTEXT structures used in the rop/callback chains of foliage, #nighthawk, #brc4, gargoyle, etc. github.com/joe-desimone/p…