Need SYSTEM? Local Privilege Escalation (#LPE) on all supported versions of Windows by abusing WSUS. Details and PoC released: gosecure.net/blog/2020/09/0…. Blog by Maxime Nadeau.

Tool: StreamDivert: Relaying (specific) network connections on Microsoft Windows - research.nccgroup.com/2020/09/10/str…

💥Easy RCE Ports Java RMI: 1090,1098,1099,4444,11099,47001,47002,10999 WebLogic: 7000-7004,8000-8003,9000-9003,9503,7070,7071 JDWP: 45000,45001 JMX: 8686,9012,50500 GlassFish: 4848 jBoss: 11111,4444,4445 Cisco Smart Install: 4786 HP Data Protector: 5555,5556 #ptswarmTechniques

I'm proud to announce the release of #BloodHound 4.0: The Azure Update! Blog: posts.specterops.io/introducing-bl… BloodHound 4.0 Release Poster: redbubble.com/i/metal-print/… Get BloodHound: bit.ly/GetBloodHound Docs: bloodhound.readthedocs.io/en/latest/ Join the BloodHound Slack: bit.ly/BloodHoundSlack

Okay, lets talk Credential Guard. What is it, why it matters, and how it works.

Decided to learn and do something new for fun, and ... here comes vdroid.app! Yet another fast, easy, etc. android application bugs scanner. #android #security #BugBounty

Looks like a self-hosted pentest collab/mgmt tool that we finally deserve. Still not perfect but with a huge potential.

Check out my new blog post about AD CS relay attack exandroid.dev/2021/06/23/ad-… #pentest #redteam

Here is a first draft on an NTLM relay mindmap 🙂 from authentication coercion to post-relay exploitation. I'll gladly update/correct it if you think there are things wrong or missing. ➡️Featured on The Hacker Recipes thehacker.recipes/ad-ds/movement…

It's great to see the OWASP® Foundation #Amass Project alongside these excellent #security tools and integrated with @_hexway Hive! #infosec #pentest #osint #redteam

Microsoft Exchange Deserialization RCE (CVE-2021–42321) PoC peterjson.medium.com/some-notes-abo…

just curious how much androids in use may suffer the same and will be never patched

Hey everyone! I just launched a yet-another-new-free- project for subdomain discovery with online tools, screenshots, and automation. So it's time to have a look! #pentest #bugbounty

Luke Stephens (hakluke) Informative weaknesses mentioned in report is not making it less stronger. Just do it in a proper way! That's why we have an optional "weakness" flag for every finding reported. So it is pretty simple to separate them to different report sections with no info trash in main parts.

Полевой набор пентестера Ребята из Digital Security рассказывают о составе типового полевого набора, который пентестеры берут с собой, выезжая для проведения анализа беспроводных сетей или проектов в формате Red Team: amp.gs/jGNEc

#ChatGPT is fantastic in case you need to deal with regular expressions.

Fantastic Windows Logon types and Where to Find Credentials in Them alteredsecurity.com/post/fantastic… #Pentesting #Windows #CyberSecurity #Infosec

The ability to look at the entirety of a situation to see the bigger picture is critical, especially for application security. What's the point of audits if all the vulnerabilities found remain in 50-page pentester reports or ci/cd Pipeline artifacts? linkedin.com/posts/dmitry-c…

Played around with ChatGPT for pentest reporting. Still a long way from making us unemployed anytime soon. But yeah! It can speed up a boring routine😺

Here are a few thoughts about #RockYou2024(2021) while the hype train is running to the station "Everyone hack3d" with a stop at "why it's useless". Obviously, most compilations suffer from the garbage inside, and it's always better to know how the wordlist was crafted.