Are you curious about the story behind 🥝🏳️‍🌈 Benjamin Delpy's #Mimikatz, the tool playing with Windows security? Watch Paula Januszkiewicz's interview with Benjamin Delpy and #stayCQURE! cqu.re/2m2nKbH

Superb presentation!!! #BHEU New great way for persistency and total AD domination :)

This thing just keeps getting better and better. For years people would complain that PowerShell sucked because ... and then the issue would be about the console. I’ll be glad to see those day’s in my rear-view mirror.

We did almost hit de 200 attendees for our #TableTalk at #MSIgnite! One thing the panellists and attendees will remember is that no matter which technology - it's always about 'people' 😊

MSRC has release CVE-2021-34481 today. msrc.microsoft.com/update-guide/v…

It's time to play with #mimikatz🥝& #kekeo🐤& #impacket If you have a Windows PKI with its WebServer, you'll have problems🤪 No authentication/credential to *full domain owned* > github.com/gentilkiwi/mim… > github.com/gentilkiwi/kek… 👍topotam EFS & PetitPotam 👍Ex Android Dev PR

Still needed: Package Point and print - Approved servers admx.help/?Category=Wind…

In this recorded #RSAC webcast, watch as Paula Januszkiewicz & Mike Jankowski-Lorek demonstrate how hackers bypass MFA to attack modern authentication protocols, and misuse WHfB and other software. Get the full video here: spr.ly/6012ymqqa

The @OWASP Top 10 team is extremely proud to share the draft OWASP Top 10 2021 for peer review, comment, translation, and suggestions for improvements. We are working on a graphic redesign and a surprise extra for the 20th Anniversary on September 24! owasp.org/Top10/

New Cobalt Strike beacon for Linux, fully undetected in VT. Has Windows implementation as well, both written from scratch. Victims including telecommunications, government, and finance sectors Full report here - intezer.com/blog/malware-a… Avigayil Mechtinger Joakim Kennedy 🔥🔥

Microsoft just patched 4 vulnerabilities we (Wiz) recently reported, including a CVSS 9.8 RCE. These vulnerabilities affect countless machines as the OMI agent is silently installed when enabling many Azure services. #PatchTuesday wiz.io/blog/omigod-cr…

From RPE to RCE - Workstation Takeover via RBCD and MR-RPC, by Maximus gist.github.com/gladiatx0r/1ff…

when it comes to lsass cred access monitoring, we all focus on the targetimage is lsass, what about the other direction? MirrorDump defaults traces is a good example (PROCESS_DUP_HANDLE+source Image is lsass + Unknown CallTrace) github.com/elastic/detect… github.com/CCob/MirrorDump

new blogpost: "How a simple Linux kernel memory corruption bug can lead to complete system compromise: An analysis of current and potential kernel security mitigations" I'll post a copy to the kernel-hardening list later in case folks want to discuss it. googleprojectzero.blogspot.com/2021/10/how-si…

I’m excited to share 3 memory analysis demos and teach you the exact tools and techniques I use daily to help big corporations recover from a #cyberattack. Join me in our new 3-hour #Cyberbytes virtual training, “Memory Dump Analysis” and #staycqure #CyberSecurity

All Windows versions impacted by new LPE zero-day vulnerability bleepingcomputer.com/news/security/…

Great news! A new version of D3FEND is now available at d3fend.mitre.org. D3FEND enables other cyber professionals to tailor defenses against specific cyber threats and reduce a system's potential attack surface. Learn more about D3FEND here: nsa.gov/Press-Room/Pre…

Always happy to meet our Arsenal friends here Black Hat nj. Arsenal Paula Januszkiewicz

In #BHASIA Training "Advanced Hacking and Securing Windows Infrastructure (Virtual)" Paula Januszkiewicz Mike Jankowski-Lorek and CQURE Academy will teach students how to identify vulnerabilities and reduce false positives with manual vulnerability verification techniques >> bit.ly/3HR7Qrg

Join me and Paula for a LIVE webinar: "From Zero to Hero: Effective Escalation Paths to Domain Admin.” Learn to exploit system vulnerabilities, certificate permissions, and legacy solutions for domain access. Book now: cqureacademy.com/webinars/escal…