Wanna pwn? Ok, our team is growing then feel free to submit (not full remote/FR speaking) -> careers.postgroup.lu/job/Luxembourg…

I know there are lots of people waiting for the recent Microsoft Exchange pre-auth RCE on our side. This is a short advisory and detailed timeline. proxylogon.com #proxylogon

New blog post out NOW! Microsoft Exchange Zero Day’s – Mitigations and Detections. blueteamblog.com/microsoft-exch… #infosec #CyberSecurity #security #SOC #Blueteam #cyberdefense #infosecurity #CyberSec #siem

Our initial chapter about #redteaming in real-life blog series is now online! A short intro but juicybcontent will come ;). Stay tuned (Hope you'll find it interesting 😬) ictexpertsluxembourg.lu/technical-corn… #redteam cc POST Luxembourg

I can't believe the industry is accepting the "Continuous Automated Red Teaming (CART)" term. You CANNOT AUTOMATE A RED TEAM We are people, we are humans, your tool can't replace us. Same goes for blue team BTW! #redteam #infosec SCYTHE has/will never be marketed like that

Microsoft Exchange Deserialization to Post-Auth RCE (CVE-2021-28482) * MeetingPollHandler Deserialization GET /owa/MeetingPollHandler.ashx?PayloadType=ApproveProposedOptions&ItemId=OID.xxxxxx.2021/05/11&RequestId=123123123" youtube.com/watch?v=2ludXD…

Great analysis of an iOS format string bug, incl. dynamic analysis with Frida! blog.chichou.me/2021/06/20/qui…

Our team also start to release some advisories today ! Both #CVE-2021-27930 (stored #xss) and #CVE-2021-27950 (SQLi leading to admin takeover+#RCE) discovered during #pentest are now available on our public #github repo ;) #offensive #security #Pentesting github.com/post-cyberlabs…

NTLM Relaying via Cobalt Strike 'NTLM relaying is a popular attack strategy during a penetration test and is really trivial to perform. ' #infosec #pentest #redteam rastamouse.me/ntlm-relaying-…

Just published the fifth blog of the "Offensive WMI" series! This one focuses on active directory enumeration. Here it is. :) "Offensive WMI - Active Directory Enumeration (Part 5)" 0xinfection.github.io/posts/wmi-ad-e…

A 🧵 L0phtCrack has been a really wild ride. As of version 7.2 L0phtcrack is now open source. Released on GitLab. gitlab.com/l0phtcrack l0phtcrack.gitlab.io It is actively seeking maintainers. Many thanks to DilDog 🅅, Chris Wysopal, and all others. Story time…

Friday workshop with my teammates - thanks guys, this is always cool to share #redteam experience and skills outside the pure IT itself (and very useful in real-life exercises!) cc @Nemiras Hypnoze kx90 RZ Olivier @anthomaestre and Steph 🇷🇪🇫🇷 as well

Our team just released the Advisory + associated exploit for #cve-2021-36100 we discovered during a #Pentesting exercise, note that the community edition will not be fixed ;) OTRS 6.0.X - Remote Command Execution Advisory: github.com/post-cyberlabs… Exploit: github.com/post-cyberlabs…

Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. haxx.in/files/dirtypip…

🔥 We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP. Successful exploitation could lead to RCE from an unauthenticated user. Patch ASAP!

New blog: "Abusing forgotten permissions on computer objects in Active Directory". The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. dirkjanm.io/abusing-forgot…

Today our teammate kx90 released the #CVE-2023-27001 which targets a plateform used by ISO guys for, you know, ISO-27001 risk mgmt 😄 (Yep CVE id is pure coincidence but still funny) Simple JWT token craft to gain SuperAdmin privs from guest...yes sir github.com/post-cyberlabs…

#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate blog.lexfo.fr/xortigate-cve-…

#CVE-2023-38995 - Schuhfried <=V8.22.00 Preauthentication backend info leak leading to PrivEsc EoP github.com/post-cyberlabs… By our teammate kx90

It is not #Crowdstrike related nor that sexy, ok but still : 2 more unfixed CVE (SQLi including a preauth. one) released by our team CVE-2024-28298 CVE-2024-28297 github.com/post-cyberlabs… And github.com/post-cyberlabs… cc kx90 Hypnoze ;)