For all the sysadmins that are running a sneaker net right now, saving a bit of time. Copy to USB, execute - profit? #Crowdstrike gist.github.com/Yeeb1/6348146b…

This is somewhat similar for domain-joined ubuntu machines - if you can create the AD group "admin" and use_fully_qualified_names is set to false in sssd.conf, you will be able to sudo to root due to the default "%admin ALL=(ALL) ALL" sudoers entry.

The next Red Team Lab on Vulnlab will be released on August 8, 2024. This lab features over 10 machines and is rated Easy. The Active Directory environment mirrors what you typically encounter in penetration tests and is complemented by a robust SOC.

Retro2 is making its way to the lab this Thursday! This Active Directory machine promises to be an easy yet nostalgic challenge that might stir up some memories.

Lustrous2 is coming to the lab on Tuesday! After the first engagement, this customer hardened their environment. Can you still get in?

Time to relax with an easy machine before the AD madness continues🍹Down by jkr is hitting the lab on Thursday!

Generate AES128 and AES256 Kerberos keys from a given username, password, and realm github.com/seriotonctf/ke…

I've decided to publish a collection of tools and scripts I've accumulated over the years, many of which I used during competitive hacking. github.com/Yeeb1/shelf

Working on splitting #AADInternals into two modules: 1⃣ AADInternals for the cloud-only functionality 2⃣ AADInternals-Endpoints for all the shady on-prem stuff Stay tuned!

Dehooking for babies I'm sitting on this one for a while now, but Trend never ack anything. Changing your exe name with explorer.exe or Chrome.exe avoid the injection of the DLL and the setup of the userland hooks... Can be easily found with the DLL reverse engineering

If you’re into Malware Development and want to see some cool angles on different techniques, check out this project by a friend of mine, void a github.com/voidvxvt/HellB…

Just updated my NetExec cheatsheet. Added some new commands and tweaks. It includes the commands I use when working on HackTheBox and Vulnlab machines github.com/seriotonctf/cm…

Took this as a motivation to dive into BOF development. Shoutout to S3cur3Th1sSh1t for the standalone port to C. Besides the MultiRDP BOF there also a BOF to triage suspicous accounts in Active Directory in the repo. github.com/Yeeb1/MagicBOFs

Last night, I made myself busy and revisited some older methods for exploiting tokens in Windows applications shared by mr.d0x couple of years ago. However, I realized that the integration of AI into applications like Notepad presents new opportunities for exploitation. This led

Malware development is NOT RedTeaming. It is a skill that facilitates the process, a coder enjoys writing malware!

Awesome talk by Dirk-jan at /ˈziːf-kɒn/

Very grateful for last week spent at /ˈziːf-kɒn/! ✅️ Gave a training on #socialengineering & #OSINT ✅️ Attended the conference & learned from others ✅️ Reconnected and had a great time with old friends :) Kuba Gretzky & finally The SEINT, PhD . So good to see you! Can't ask for more!

Created small tool that joins a device to a Tailscale network and exposes a local SOCKS proxy. It’s built for red team pivots and quick access into (restricted) environments. The underlying tsnet library is currently Go-only, so it's semi-portable for now. github.com/Yeeb1/SockTail

If you're lazy like me and you use Linux for testing, the last thing you want is to spin up your Windows VM to compile some windows tooling. 😩 DockPiler lets you cross-compile Windows binaries right from Linux using docker. github.com/ar0x4/DockPiler

My first SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. specterops.io/blog/2025/07/2…