EnumSecToolkit Release Proud to launch EnumSecToolkit on GitHub! Developed with @R3dTeamN1nja , it simplifies identifying security vulnerabilities. New script: EnumLocalAdminAccess, using WMI, WinRM, RPC & SMB. Feedback appreciated! GitHub Repo & PoC github.com/ADPunisher/Enu…

The security research blog I promised you has been released - One Electron to Rule Them All! Thanks to my amazing team Hai vaknin tamir yehuda and Matan Bahar for working closely with me on this fun research ❤️ medium.com/@MalFuzzer/one… #cybersecurity #infosec #redteam

קמפיין גיוס המונים כפר סבא של האוהדים 1928💚 אנחנו כמועדון צריכים עוד כסף על מנת לצלוח את העונה הנוכחית. סכום היעד הינו 120,000₪. הקמפיין מיועד לכל אדם שכדורגל וקהילה מרגשים אותו לכל מי שרוצה להיות בעלים של קבוצה- בקיצור, מיועד לכולם! צריכים אתכם איתנו! headstart.co.il/project/77519

Together with my colleague Idan Lerman I am pleased to share some research about the Kerberos protocol and develop a POC that bypasses AV\EDR and extracts the TGS. medium.com/@matanb707/ker…

I'm excited to introduce StealthPasswordSpray, a new PowerShell script designed for stealthy password spraying attacks on Active Directory environments. It has been tested on Defender and various EDR solutions, successfully bypassing them. github.com/ADPunisher/Ste…

Together with my colleague Idan Lerman I am pleased to introduce LAPS Extractor, a new PowerShell script designed for securely retrieving LAPS (Local Administrator Password Solution) passwords in Active Directory environments. medium.com/@matanb707/ret…

I am pleased to share the findings of my recent research on the Microsoft Graph API and its application permissions, specifically focusing on the User.ReadWrite.All permission. medium.com/@matanb707/gue…

I am pleased to share the findings of my recent research on the Microsoft Graph API and its application permissions, specifically focusing on the EntitlementManagement.ReadWrite.All permission. medium.com/@matanb707/cat… #Azure #EntraID #AccessPackage #Catalog

I am pleased to share the findings of my recent research on the Azure Virtual Desktop and Azure Event Hub. medium.com/@matanb707/spa… #Azure #EventHub #AVD #ProcessDump #SASToken

Can dMSA be abused for persistence in Active Directory? This article explores potential security risks, misuse scenarios, and defensive measures to prevent attackers from leveraging misconfigured dMSAs. medium.com/@matanb707/adv… #CyberSecurity #ActiveDirectory #dMSA

Entra-Pass-Spray – A password spraying tool leveraging Azure Runbooks to evade detection. By running within Microsoft's infrastructure, it masks the attack source as a Microsoft IP in victim logs and therefore goes under the radar. medium.com/@matanb707/the…

My recent research "The Perfect Cover: Masking Password Sprays as Microsoft Traffic" is shared by Merill Fernando, it is an honor to be in that blog, thank you for sharing! link for the blog: entra.news/p/entra-news-8… link for the research: medium.com/@matanb707/the…

Im happy to share another part regarding my recent research "The Perfect Cover Masking Password Sprays as Microsoft Traffic" as i used the legitimate function apps in a malicious way to mask the IP address and the location. medium.com/@matanb707/the… #FunctionApps #DefenseEvasion

While researching in Azure with my partner Idan Lerman we found some cool misconfiguration in Azure role condition that can lead to full subscription compromise. medium.com/@matanb707/own… #RBAC #RoleCondition #Azure #ConditionByPass

New research alert, Phishing as a Service - Abuse Azure Apps to Phish the Tenant. While researching Azure App Permissions with my colleague Idan Lerman , we found a way to impersonate any user in the tenant and send an email on their behalf. medium.com/@matanb707/phi…

Windows Fonts Exploitation in 2025 - Bypassing UAC with Eudcedit Check out my recent research about eudcedit and see how it can by used to bypass UAC. medium.com/@matanb707/win… #UserAccountControl #UAC #Bypass #Windows

DCOM Configuration to UAC Bypass, But Not in the Way You Think. Check out my recent research about dcomcnfg and see how it can by used to bypass UAC. medium.com/@matanb707/dco… #UserAccountControl #UAC #Bypass #Windows

In continuation for my recent research about UAC bypass I wrote a tool "Find-UACAutoElevate" to find executables that match the requirements to achieve UAC Bypass. github.com/ADPunisher/Fin… #PowerShell #UACBypass #AutoElevate

Hijack-as-a-Service: Abusing Azure Bastion Shareable Links for Phishing and Stealthy Persistence. Check out my recent research about Azure Bastion and see how it can be used to phish users and achieve stealthy persistence. medium.com/@matanb707/hij… #Persistence #Stealth #Phishing

I’m excited to share that some of my recent research into Windows internals and native binaries has officially been added to the LOLBAS project. Check out: Eudcedit.exe, Reset.exe lolbas-project.github.io/lolbas/Binarie… #SecurityResearch #LOLBAS #WindowsSecurity #OffensiveSecurity #RedTeam