I released a tool, which I called "NAuthNRPC." It applies a new method for enumerating domain users. The tool is simple to use—just enter domain controller's IP address and the users file, and wait for some magic. Metasploit module will be available soon. github.com/sud0Ru/NauthNR…

Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit github.com/hackerhouse-op…

Yet another RPC #remotecodeexecution. If patching is not possible, you can always rely on #RPCFirewall to mitigate! github.com/zeronetworks/r…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

Good ol' #LDAP is getting increased attention in recent years. OSS assessing your LDAP security posture is popping up like the recent #Neo4LDAP, joining other ones like #MaLDAPtive, #SOAPHound and #LDAPFirewall

Yes, LDAP enumeration is still a thing in 2025. 2ns.fi/en/ldap-enumer…

#LDAP keeps on giving new privilege escalation paths on a consistent basis. It's time to put a stop to it ! The latest example is #badsuccessor, Dekel Paz explains how this attack, and unknown #0day attacks can be prevented via the #LDAPFirewall

Network infra could be the cause of your infiltration. CVE-2025-32756 Another Fortinet #RCE PoC code github.com/kn0x0x/CVE-202…

Are you sure you can enumerate all of your #Azure resources? You may be missing some out. #MapAz is a new #PowerShell Module that (among other things) can help you enumerate hidden resources. Read more in my latest post: zeronetworks.com/blog/discoveri…

1/ I think I have the answer! (blogpost at the bottom of 🧵) Original Q: How was WhatsApp able to patch a client-side vulnerability of malicious PDF parsing from the server-side, although server is not exposed to PDF content due to End-to-End Encryption (#E2EE)?

7/ Link to blogpost: medium.com/@TalBeerySec/m…

Think you know your Azure resources? Think again 🤔 🔎 Without full visibility into virtual machines, networks, firewalls, and secrets created in Azure, you may have hidden vulnerabilities — and security teams relying on Azure-native tools and APIs for resource discovery aren't

My thoughts about CVE-2025-33073, and on how to prevent #NTLM / #Kerberos relay attacks in general using #RPCFirewall & #LDAPFirewall zeronetworks.com/blog/examining…

#NauthNRPC is a tool that can help you enumerate computer / user accounts anonymously in #ActiveDirectory via DsrGetDcNameEx2 RPC calls. This is not often in most environments, so used could be blocked via #RPCFirewall. Nice job by Haidar 🏆🏆 hubs.li/Q03tvVVY0

RPCFirewall is a great tool, and one of the few available that can help you detect RPC activities, as I already mentioned in my research. However, be careful about blocking such activities before you monitor your environment, especially if you have legacy systems.

The latest on the Azure AD Graph retirement mentions two temporary outage tests and more guidance. If something stops working it might be because of those tests. #Entra #AADGraph techcommunity.microsoft.com/blog/microsoft…

IPC 5 is live, RPC 4 I continued discussing RPC security I've showed in this part how to secure an RPC interface and how the access check against unauthenticated transport is done in the RPC runtime. sud0ru.ghost.io/windows-inter-…

Signal 6/ The full blogpost: "The AI Emperor’s New Encryption Clothes: How the AI race is Reshaping the E2EE Landscape" medium.com/@TalBeerySec/t…

I’ll be presenting with Amir Frankel at #BHUSA on Aug. 6 at 2:40pm: “The Microsegmentation Project You Can Actually Complete.” Stop by Booth #2251 for can't-miss demos, K8s insights, and our Zen Zone: bit.ly/45bkzQK

In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 Black Hat in Islander E/I. Come and hang out!