🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I am very excited to be releasing Tetanus, a Mythic C2 agent written in Rust! This is a project Max Harley have been working on to experiment with the Rust programming language by developing a Mythic C2 agent. github.com/MythicAgents/t…

Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: ow.ly/WcuW50VAOTg

Microsoft hardened the Entra ID synchronization feature last year: - restricted permissions on Directory Synchronization Accounts role - new dedicated sync app Let’s find out how sync still works 🔍 Some old tricks persist—and new ones have emerged 💥 tenable.com/blog/despite-r… 🧵

Impersonate another user by moving their Kerberos tickets into your logon session with lsa-whisperer by Evan McBroom. You can even move them back after you are done. Only your session will loose its tickets.

Wrote a deep-dive research note on Chrome's App-Bound Encryption (ABE)! Unpacking its evolution, technical mechanisms, my user-mode decryption approach, and how it stacks up against other vectors. github.com/xaitax/Chrome-…

The feature rundown of the NetExec v1.4.0 release is now live on our wiki: netexec.wiki/news/v1.4.0-sm… Give them a read, there are so many great new features! Kali has updated NetExec to v1.4.0, so all the new changes are also available via apt🚀

Thanks to the awesome work of Aleem Ladha , the CTF Windows Active Directory lab for Barbhack from 2024 is now public! 🔥 You can build the lab and pwn the AD—13 flags to capture! No public write-up exists yet—waiting for someone to submit one! github.com/Pennyw0rth/Net…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

🎙️ New After Dark ep! Tanner talks with Alex & Thomas from Netexec about smarter pentesting, better tools, and why red team life doesn’t have to be chaos. 💻🛠️ 🎧 Watch: youtu.be/GVaAcqQ-8jA 🔗 More: netexec.wiki #CyberSecurity #AfterDark

Okay so this is HUGE - our amazing AI red team have open sourced their AI red team labs so you can set up your own training! aka.ms/AIRTlabs Ram Shankar Siva Kumar

Yes, LDAP enumeration is still a thing in 2025. 2ns.fi/en/ldap-enumer…

NetExec now has native checks for LDAP signing and channel binding capabilities of the target DC, thanks to the implementation of Thomas Seigneuret 🚀 I also fixed querying LDAP with non-ASCII characters, so you can finally query groups such as "Dämonen-Administratoren"🎉

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

Newer Windows clients often enforce signing ✍️ when using SMB fileshares. To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by drm. github.com/fortra/impacke…

What do you do if you have compromised a server administrator? Hunt for domain admins🏹 This is what NetExec's latest module "presence" does. It checks for DAs in: - C:\Users folder - Processes - Scheduled Tasks All done with native Windows protocols. Made by crosscutsaw and me

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞 The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: blog.redteam-pentesting.de/2025/reflectiv…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

x.com/RedTeamPT/stat… The efsr_spray module is merged in #NetExec. If you want to coerce an up-to-date Windows 11 and you have a writable share, this will come handy 😎. Thanks for the PR !

leHACK Active Directory Free Workshop with Wil and Thomas Seigneuret — confirmed for June 28, 2025, at La Villette, Paris 🇫🇷 The goal: Be the first to become Domain Admin 🔥 The winner of the last two editions won’t be there — this is your chance! lehack.org/2025/tracks/wo…

Did you know that you can kerberoast without any valid credentials? All you need is an account that is ASREProastable. This allows you to request service tickets for any account with a set SPN🔥 NetExec now has a native implementation of this technique, thanks to Azox