Anyone knows how to obtain a #bitlocker recovery key with #dislocker? I can decrypt the drive with another protector. Windows somehow can do this. Looking for a way to "convert" respectively use a VMK or FVEK to obtain/decrypt the recovery key passphrase. RT is highly appreciated

mitmproxy 9 is out! 🎉 mitmproxy.org/posts/releases… Three highlights:

We worked together with Thomas Seigneuret to pull this new feature on CME ! CrackMapExec can now authenticate using kerberos with login/pass/nthash/aeskey without the need of a KRB5CCNAME ticket env 🚀 But wait there is more! by adding this feature we can now mimic kerbrute features 🔥🫡

Yeah nice, a Windows token impersonation module for CrackMapExec by Aurélien Chalot

In der ARD am 13. Dezember (Nacht von Mo auf Di) um 0:20 Uhr: Dokumentarfilm „Alles ist Eins. Außer der 0.“, eine Geschichte digitaler Subversion über das Wirken von Wau Holland programm.ard.de/TV/Programm/Su…

Execute commands as another user w/t dumping LSASS or touching the ADCS server ? Thanks to Aurélien Chalot a new module has been added to CrackMapExec 🚀 The module will impersonate any logged on user to exec command as "this" user (system, domain user etc) 🔥

I found a vulnerability that allowed me to unlock any Google Pixel phone without knowing the passcode. This may be my most impactful bug so far. Google fixed the issue in the November 5, 2022 security patch. Update your devices! bugs.xdavidhu.me/google/2022/11…

Today, we share the analysis of a very rare piece of quantum military-grade #ransomware. All your data are belong to us !!! blog.compass-security.com/2022/11/a-symm…

At BlackAlps, our analyst Sylvain Heiniger Sylvain Heiniger presented a new attack path to AD CS. Read his blog post for details and tools updates. #adcs #esc11 #ntlmrelay #rpc #msrpc blog.compass-security.com/2022/11/relayi…

HACKvent2022 awaits! At Dec. 1st 2022, 00:00 CET the first challenge will be released. Ready for sleep-deprivation? 😉 Enter the free competition here: competition.hacking-lab.com Leaderboard: ranking.hackvent.hacking-lab.com #HV22 #ctf

Are you also tired of "This setting is managed by your administrator or organization" messages, preventing you from altering settings, although you are admin? Fear no more, I got you covered - well at least partially: AV FW DeviceGuard Edge FF gist.github.com/LuemmelSec/20e…

Now adding external docs links to The Hacker Tools tools.thehacker.recipes Major tools that aren't documented will be on THT. Mimikatz is mostly over with. Impacket is now next in line. But docs that already exist will be linked. Feel free to contribute 🤗

Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard. These techniques also work on victims logged on before the server was compromised. research.ifcr.dk/pass-the-chall…

🔒Enhance #remotedesktop security with practical tips from Security Analyst Felix Aeppli. Learn about features like Remote Credential Guard and Restricted Admin Mode to protect against credentials theft and impersonation. blog.compass-security.com/2023/06/securi…

Compass Security identified a #vulnerability in ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool. compass-security.com/en/news/detail…

Discover how a strange workstation behavior exposed alarming vulnerabilities! We uncovered 2 privilege escalation bugs in Lenovo update functionality. Read the blog post for a fascinating journey down the rabbit hole. 🔐 #Cybersecurity #PrivilegeEscalation blog.compass-security.com/2023/07/lenovo…

Security analyst @[email protected] refreshed our hacking tools #cheatsheet for our security trainings, and it's now packed with info on Active Directory: github.com/CompassSecurit… 🔒 #security #pentest #tools

📡 Discover MQTT Fundamentals & Security in IoT in Mischa Bachmann ’s blog post! Explore CVE-2023-28366, a memory leak in Eclipse Mosquitto. #MQTT #IoTSecurity #CVE2023 blog.compass-security.com/2023/09/from-m…

SecAnalyst Sylvain Heiniger (Sylvain Heiniger) loves NTLM relay. Dive into his latest blog post to learn how it can be used against Microsoft SQL servers. Discover misconfigurations in your infrastructure and fortify your defenses today. 🛡️ #MSSQL #NTLMrelay blog.compass-security.com/2023/10/relayi…

Collision – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points. #Pwn2Own