Another option is to run “openssl s_client -connect <DC>:636 -showcerts -debug” and look for the CA server tied to the domain controller.

Disclosed my first 0-day today (with Andrew Oliveau)

My first Mandiant blog drops Thursday 🥳

It got delayed :’(

Excited to share the (now patched) AKS Privilege Escalation we found! cloud.google.com/blog/topics/th…

6 business weeks later, the blog is here! 🙌 Check it out: cloud.google.com/blog/topics/th…

A long time in the making, my first credited CVE! cve.org/CVERecord?id=C… w/ Andrew Oliveau and Jake Rawlins

Excited to finally share some details of my favorite CVE, discovered with Jacob Paullus (definitely give him a follow)! This one’s a fun local privilege escalation vulnerability in Lakeside Software’s SysTrack LsiAgent Installer – CVE-2023-6080 🤜🤛 github.com/mandiant/Vulne…

Contributed to my first Mandiant blog on web applications, check it out! Officially on my way to becoming a certified web boy (pls no) 🕸️🕸️ cloud.google.com/blog/topics/th…

T-Minus two weeks until my first Mandiant blog as the principal author drops as well 🥳 (Detailing the discovery of CVE-2023-6080)

Our blog on CVE-2023-6080 is here 💥 check it out! We detail the discovery and exploitation process, going from low privilege to SYSTEM 😎 cloud.google.com/blog/topics/th…

ANOTHA ONE ☝️ check out our latest Mandiant (part of Google Cloud) blog, showcasing the terrifying Browser-in-the-Middle techniques of the modern social engineer cloud.google.com/blog/topics/th…

Planning a new blog+tool release, stay tuned 👀

Publishing a new blog and tool tomorrow 👀

The tool is release ready, someone give me motivation to write a blog

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…