🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

#DYK: CMPivot queries can be used to coerce SMB authentication from #SCCM client hosts. Check out @DiLomSec1's latest blog post, which shares a simple, yet effective way to execute this. ghst.ly/4hnsA9W

Your #cybersecurity career starts here! Join our "Hack the Hiring Process" webinar hosted by Technical Recruiting Manager Steffany Velasquez get the inside scoop on landing internships and full-time roles with our expert team. Register today! 👉 ghst.ly/febwebinar_tw

Introducing Stifle! A super simple .NET tool I spun up these past few days for abusing explicit strong certificate mappings leading to impersonation in Active Directory! Based off the research and powershell tools by Jonas Bülow Knudsen and SpecterOps last year. github.com/logangoins/Sti…

How are defenders leveraging SACLs to detect unauthorized access attempts? Check out our latest blog post from Alexander DeMine which dives into SACLs and introduces a new tool, SACL_Scanner, which allows you to adapt your tradecraft accordingly. ghst.ly/3D3kvbD

So you've enrolled in the #PEN200 course. Now what? In the second part of his blog series #OSCP certification, Kieran Croucher shares his advice on the three things you should do while reading the course material. Read the blog: ghst.ly/4h1MeaE 🧵: 1/4

Join Joshua Prager for his talk at #SOCON2025 discussing the Misconfiguration Manager project attack techniques for both an offensive & defensive audience. Josh will also cover detection & evasion techniques in an "IDOT Red Vs Blue" style. Register today ▶️ ghst.ly/socon-tw

Had a great time speaking with Garrett about SCCM attack path prevention at SO-CON yesterday! Our slides with step-by-step instructions for mitigating the most critical SCCM attacks in your environment are at github.com/subat0mik/Misc…

Think NTLM relay is a solved problem? Think again. Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

Using Mythic and VECTR on your purple teams? 💜 I’ve just open-sourced a new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings. github.com/MythicAgents/V…

Just pushed a new versions for #AADInternals and AADInternals-Endpoint modules! Some bug fixes plus support for: 1️⃣ Microsoft Authentication Library (MSAL) 2️⃣ Token Protection 3️⃣ Continuous Access Evaluation (CAE)

Understanding Windows access tokens could be your best defense. At CackalackyCon, Max Andreacchi will be peeling back the layers on potato exploits that threat actors use for privilege escalation. Check out the schedule to learn more ➡️ ghst.ly/4jzjlnI

I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :) logan-goins.com/2025-04-25-scc…

Don't let threat actors mash your Windows security! Max Andreacchi's CackalackyCon talk breaks down potato exploits from token mechanics to defensive implementations. Learn more ➡️ ghst.ly/4jzjlnI

Took Akamai Security Intelligence Group's script for BadSuccessor and improved it a bit. - runs from non domain joined systems - works in forests - prints the rights each entity has on a OU - pre-flight check if 2025 DCs are present - code changes here and there github.com/LuemmelSec/Pen…

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

Extended on Logan Goins work for BadProcessor Fully native PowerShell Domain joined or not doesn't matter Check DCs Check ACLs Nice gridview Create weaponized dmsa The tool now helps in detectin / mitigation and attacking github.com/LuemmelSec/Pen…

BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest. Check out Jim Sykora's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9

Since we now can use Entra ID connect sync with a service principal, I thought I'd look into the new security measures. On hosts without a TPM, we can dump the cert+key. On hosts with TPM (second picture) we can use the key to create an auth assertion for roadtx to req tokens.

Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection darkrelay.com/post/stealth-s…

If you're planning to attend #BSidesSATX, plan to attend Joshua Prager's talk! He will share detection guidance, attack telemetry analysis, & defensive strategies to catch configuration manager abuse before it's too late. Learn more 👉 ghst.ly/43DALJK