Played around with ChatGPT for pentest reporting. Still a long way from making us unemployed anytime soon. But yeah! It can speed up a boring routine😺

Discovering Login Panels and Detecting SQL Injection with Logsensor Internet 📌 medium.com/@qaafqasim/dis…

🚨Evilginx 3.1.0 Release 🪝🐟 Just pushed a small update to Evilginx, fixing few issues, which came up after the 3.0 release in May. Enjoy! github.com/kgretzky/evilg…

Kerberos tickets dumping in pure PowerShell 😍 I simply love such approach. So much more beautiful than loading pre-compiled binary blob. And so much harder to detect... linkedin.com/posts/mzhmo_hi…

In case anyone needs 8000+ WordPress Nuclei templates: github.com/topscoder/nucl…

🔥 Excited to share my latest Mandiant (part of Google Cloud) Red Team blog on "Escalating Privileges via Third-Party Windows Installers" mandiant.com/resources/blog… Learn how attackers exploit this privilege escalation vector and ways to defend against it. Includes BOF release and a couple CVEs!

The smbpasswd[.]py is dead, long live the changepasswd[.]py!

(1/2) FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by IVRE features the --tcpmss switch that includes the mentioned field for your better scope coverage ⤵️

Finally my talk from /ˈziːf-kɒn/ is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 youtube.com/watch?v=C-Fh4s…

#kazhackstan closing keynote

Awesome #KazHackStan_2023 Seen old friends and made new ones! Amazing Ralph Echemendia Ralph Echemendia

My presentation about SAML hacking from KazHackStan(kazhackstan.com) speakerdeck.com/greendog/how-t…

My open source tool for checking the security hardening options of the Linux kernel got a new name: kernel-hardening-checker. Now it supports checking: 1⃣Kconfig options (compile-time) 2⃣Kernel cmdline arguments (boot-time) 3⃣Sysctl parameters (runtime) github.com/a13xp0p0v/kern…

Announcing JA4+ Network Fingerprinting! JA4+ is a suite of new fingerprinting methods for multiple protocols, detecting everything from entire c2 frameworks, to session hijacking, to reverse SSH shells. blog.foxio.io/ja4-network-fi…

If you're curious on how you might go about avoiding this kind of ETW TI telemetry, check out our latest Nighthawk release, and in particular the new Call Stack Masking feature 🔥mdsec.co.uk/2023/09/nighth…

Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port. sensepost.com/blog/2023/filt…

Great work on increasing the capabilities of NTDS.dit pwnage! synacktiv.com/publications/i…

A mega cool trick indeed! It can be easily adopted for existing LDAP tooling, an example for Dirk-jan’s adidnsdump below👇🏻

A photo of my burp suite key

My latest blog post about avoiding kernel triggered EDR memory scans via Caro-Kann PoC is now released: 🔥 r-tec.net/r-tec-blog-pro…