It's not for the faint-hearted :) I decided to start an ICS security series on my personal blog. I started with HTB's Challenge "Watch Tower" . I have explained it in a very deep way and the write-up will be the official write-up of the challenge soon sud0ru.ghost.io/ics-security-s…

Do you know NMAP? I don't think so. There are three types of users: the script kiddies who just run commands, those who think they understand it by knowing how port scans work, and the experts who know what's under the hood. Be a part of the elite. Dive in sud0ru.ghost.io/do-you-really-…

Excited to announce that I'll be speaking at this year's PHDays festival! I've found a new way to gather info from domain controllers, including enumerating domain users. The best part? This technique can not be stopped and hard to detect. Stay tuned!

A journey into forgotten Null Session and MS-RPC interfaces securelist.com/no-auth-domain…

A journey into forgotten Null Session and MS-RPC interfaces itsecuritynews.info/a-journey-into…

A journey into forgotten Null Session and MS-RPC interfaces. We challenged ourselves if we can bypass policies and restrictions today, after 24 years of Microsoft restricting null sessions, and bring the idea of anonymous access back to life 👉 kas.pr/nj9c

Yesterday was a special day for me. It was the first time I gave a public talk in English, presenting my latest research at PHDays. You can watch the full talk here: pt.comdi.com/watch/rpscd6as

This is how I solved the execution hang using dcomexec against Windows 10. It seems that some objects have no permission to write in the ADMIN$ share. The repo is part of research against DCOM that will be published soon with very interesting results. github.com/sud0Ru/impacke…

I released a tool, which I called "NAuthNRPC." It applies a new method for enumerating domain users. The tool is simple to use—just enter domain controller's IP address and the users file, and wait for some magic. Metasploit module will be available soon. github.com/sud0Ru/NauthNR…

My new Metasploit module for enumerating domain user using dcerpc without authentication is available now :)

This week's wrap-up includes an unauth command injection in the Netis Router, and a MS-NRPC Domain Users Enum. Get it here: rapid7.com/blog/post/2024…

Excited to announce that I'll be speaking at the POC Conference in Seoul, South Korea! I'll be presenting my latest research on MS-RPC interfaces and introducing part two of the study. Stay tuned!

I'm excited to announce that I will be speaking at the DefCamp conference in Bucharest, Romania, on November 27-28th this year! I will be sharing my experiences with Bluetooth assessments, gathered from numerous engagements across various projects. def.camp/speakers/#