checkout android_emuroot from Airbus Security Lab here github.com/airbus-seclab/…, Android API 27 is now supported.

Good overview of "Active Directory Security Groups" docs.microsoft.com/en-us/windows/…

Easiest way to get your first key on a hardened Mifare Classic EV1 is with a #chameleonmini. Set up the slot you want to use like the pic, replacing the UID with the card you want to get the key for. Then all you need to do is have a battery in and hold it against the reader. 1/2

You know that #LSASS can be (somewhat) protected from #mimikatz when running as a Protected Process Light (#PPL), right? 😉 I tried to disable it by resetting the RunAsPPL registry key to 0, and rebooting. But LSASS was still protected 🤔 I finally discovered why... ⬇

Replacing a public key from a certificate and resigning it, in less than 10 lines of Python thanks to #scapy

We need a new syscall. brexit() where your C programme exits but doesn’t, is very confused and blames the scheduler demanding more CPU slots than cores plus memory protection but wide open IPC.

Our team has identified a shell escape and an arbitrary file read in Cisco Nexus 9000 Series Fabric Switches: tools.cisco.com/security/cente… tools.cisco.com/security/cente…

Apache Local Root: CVE-2019-0211: Vulnerability description. Exploit will come later. cfreal.github.io/carpe-diem-cve…

5 Ways to Find Systems Running Domain Admin Processes blog.netspi.com/5-ways-to-find…

WINNER of #LockedShields 2019 is Team France! Second place goes to Czech and third to Sweden! Congratulations to winners and respect to all participants - this was the most challenging live-fire #cyberdefence exercise to date. Everyone involved deserves credit! #WeAreNATO

Really nice article about main attacks on JMX service mogwailabs.de/blog/2019/04/a…

Download Get_AD_Users_Logon_History.ps1. Get All AD Users Logon History with their Logged on Computers (with IPs) & OUs, by inspecting the Kerberos TGT Request Events(EventID 4768) from domain controllers. + users OU path & Computer Accounts gallery.technet.microsoft.com/scriptcenter/G…

Matt Graeber My new favorite command: Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-PowerShell/Operational'; ID=4104} | Select-Object -Property Message | Select-String -Pattern 'SecureString'

XXE: How to become a Jedi #infosec #pentest #bugbounty slideshare.net/ssuserf09cba/x…

github.com/Cn33liz/p0wned…

Prochain Bière Sécu Toulouse le 8 octobre : meetup.com/fr-FR/Secu-TLS…

The slides of the talk by Nicolas Biscos on Kerberos Unconstrained Delegation are here (🇫🇷 only): synacktiv.com/ressources/del…

Seems Microsoft is finally taking a stance against NTLM relaying to LDAP, by enforcing LDAP signing and channel binding by default starting January 2020. This is a big and important change to improve AD security, especially from a network point of view!

Croissants, red wine and high-quality offensive security talks in a wonderful place? That's all the Hexacon team is promising for October 2022. Details and Call For Papers are coming very soon... Until then, a bit more teasing for you folks: hexacon.fr #HEXACON2022

In his latest blogpost, Guillaume André analyzes MDI's detection of PKINIT authentication, explains how to bypass it and releases Invoke-RunAsWithCert, a tool to perform Kerberos authentication via PKINIT with the Windows API from a non domain-joined machine. synacktiv.com/publications/u…