🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

with the security advisory published, I should publish my paper within a few hours Race-Condition to Cache Poisoning - CVE-2025-32421 on Next.js partially leading to the bypass of my previous vulnerability the CVE-2024-46982

👇 github.com/ly4k/Certipy/d…

A new NetExec module just got merged: eventlog_creds🔥 It parses Windows Event ID 4688 logs (from "Audit Process Creation") to extract credentials from CMD and PowerShell commands. E.g. "net user username password /add" will be detected. Made by Lodos2005

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it! r0keb.github.io/posts/Bypassin…

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

Took Akamai Security Intelligence Group's script for BadSuccessor and improved it a bit. - runs from non domain joined systems - works in forests - prints the rights each entity has on a OU - pre-flight check if 2025 DCs are present - code changes here and there github.com/LuemmelSec/Pen…

Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥 github.com/Pennyw0rth/Net…

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

after 25+ years of circular debating, May 2025 is when we’ll finally settle this debate - so exciting!

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

Wondering how you can maintain persistence while staying under the radar? Antero Guy just dropped his guide on COM hijacking — a go-to technique that balances stealth w/ reliability. Read more ⤵️ ghst.ly/4kg5Ytq

Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. r0keb.github.io/posts/PatchGua…

How reliably detect kernel driver loads with MDE telemetry? Use DeviceEvents. More in post by Mehmet Ergene (Mehmet Ergene) from Blu Raven academy.bluraven.io/blog/detecting… #redteam #BlueTeam

Recently, Microsoft changed the way the Entra Connect Sync agent authenticates to Entra ID. Check out our latest blog post from Daniel Heinsen to learn how the agent works now & how these changes affect attacker tradecraft. ghst.ly/3ZpMc6y

🚨 New attack disclosed: GitHub Device Code Phishing John, Matt, and Mason reveal how they've been using this technique to compromise F500 orgs with high success rates. 📖 Blog covers methodology, red team case studies & detection strategies praetorian.com/blog/introduci…

x.com/RedTeamPT/stat… The efsr_spray module is merged in #NetExec. If you want to coerce an up-to-date Windows 11 and you have a writable share, this will come handy 😎. Thanks for the PR !

Tired of banging (!) pte? (in WinDbg) I've got you covered with this debugger extension DLL that provides an alternative to !pte & !vtop. [1/3]

Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑‍🦯 Post includes full operational details. Plus our OST offering has been updated with a Cobalt Strike sleep mask exploiting secure enclaves. Full read ➡️ outflank.nl/blog/2025/06/1…

#HuntingTipOfTheDay: @OddvarMoe of TrustedSec shows how you can run a full C2 implant from Outlook - just setting a few registry keys does the trick. Any activity concerning these registry keys should be consider suspicious. Full story here: youtu.be/7MDHhavM5GM

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect Octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.