🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This is a very cool vuln! and the writing is so good! i prepared a small diagram for (very) basic explanation of the method. It's not a replacement for the post, but it can help understand the basics😀netspi.com/blog/technical…

Blog post is out, BOF coming tomorrow 🐸 legacyy.xyz/defenseevasion…

Happy to share my newly discovered vulnerabilities on Microsoft Windows! - Credentials based UAC bypass, allowing to bypass the highest level - Task Metadata Poisoning - Task Event Log Buffer Overflow - Unprivileged Security Logs Saturation cymulate.com/blog/task-sche…

CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 Thanks! :) BOF is out now github.com/iilegacyyii/Da…

🤣🤣🤣

My talk from #socon2025 is up, get your “urm” counter ready! youtu.be/RiOtfPM7i3U?si…

Get the 4-1-1 on NTLM relay attacks! Watch our recent webinar with Lee Chagolla-Christensen, Will Schroeder, Rohan Vazarkar & Justin Kohler where they dive into the team's research. ▶️ ghst.ly/ntlm-web-tw

My #SOCON2025 talk is now live for those interested in credential guard research. youtu.be/9U_7u849yQQ?fe…

👇 github.com/ly4k/Certipy/d…

I'll be returning to #BHUSA Black Hat this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk, with lots of cool stuff to share 🎢 😄.

Our first production BOF-PE in action using RPC that will throw RPC exceptions on errors and catch gracefully ✅ wil library use for RAII, no handle leaks ✅ API calls wrapped around wil and throws on errors ✅ stl used for formatting and threading ✅ All for ~130 lines of code

ESC1 via the cloud over Intune 😬

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest. Check out Jim Sykora's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9

Well at least the next project has now moved to the garden.

We have already received some incredible submissions for the 4th edition of BSides Tirana . From hacking Machine Learning models to deep dives into Vehicle Security. The lineup is shaping up to be our best yet! Think you’ve got a talk that belongs on that stage? We’d love to

New blog post is up! Stepping out of my comfort zone (be kind), looking at Meta's Prompt Guard 2 model, how to misclassify prompts using the Unigram tokenizer and hopefully demonstrate why we should invest time looking beyond the API at how LLMs function. specterops.io/blog/2025/06/0…

Does anyone know if SkuSiPolicy.p7b can be downgraded if UEFI lock is not enabled?

Oh you thought surprises were over for BSides Tirana 2025 ? This year, we’re bringing Sina Kheirkhah - Pwn2Own "Master of Pwn" (SinSinology) to run a full-day workshop on Advanced .NET Exploitation based on his course that normally goes for €4,000. He’s been kind enough to