Smart phish via github - email comes from github - issue is created on repo that suspicious activity was detected and to click link to revoke access. When you click the link its to give full permissions to that repo. If you didn't know it was an issue, might accidentally give

This looks off to you? Yeah... In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory! This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow. But it can get even worse 1/4🧵

Together with Pavel Formanek, we have created the ultimate guide and tooling for configuring host-based firewalls on #ActiveDirectory domain controllers in enterprise environments. Blocks most remote command execution and authentication coercion techniques. firewall.dsinternals.com

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

A new module has been merged into NetExec: change-password🔥 Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by FaganAfandiyev, Mehmetcan TOPAL and me

👇 github.com/ly4k/Certipy/d…

The feature rundown of the NetExec v1.4.0 release is now live on our wiki: netexec.wiki/news/v1.4.0-sm… Give them a read, there are so many great new features! Kali has updated NetExec to v1.4.0, so all the new changes are also available via apt🚀

community.fortinet.com/t5/FortiGate/T…

Use Signal. We promise, no AI clutter, no surveillance ads—whatever the rest of the industry does. We lead we don’t follow❤️

Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥 github.com/NeffIsBack/wsu… TL;DR: If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network. 1/4🧵

An attacker on your network is indistinctable from IT admins. As long as this is true, attackers win. (Loosely borrowing Lambert’s list/graph quote. Solution: tiering and clean source

Opening a new chapter 📖 From tinkering with old systems to giving talks at Black Hat, it’s been a wild ride. I am thrilled to share that I’m joining SpecterOps as a Senior Security Researcher! Time to go full-time into deep technical security research🥰

mastodon.social/@aboutsignal/1…

Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups. signal.org/blog/introduci…

Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access? github.com/kfallahi/Under… 400 lines Powershell - easy peasy ❤️🔥

''Abusing sAMAccountName Hijacking in GPP: Local Users and Groups - Cogiceo'' #infosec #pentest #redteam #blueteam cogiceo.com/en/whitepaper_…

I have released an OpenGraph collector for network shares and my first blogpost at SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…

This key takeaways from this report: - Agentic AI lowers the bar for cyber attacks (we knew this) - Dramatically increases scale (we knew this) - without a human in the loop, success rate is low (we knew this) The report itself leaves a lot to be desired from a technical

We did a thing

“So WSUS with HTTPS is secure, you said? 😂” Turns out… not really. According to the excellent research by Alexander Neff and Phil Knüfer in “Using ADCS to Attack HTTPS‑Enabled WSUS Clients,” a misconfigured ADCS environment can completely undermine HTTPS‑protected WSUS.