We had some issues this year preparing the video recordings of #TROOPERS22. But finally the first batch of videos has been released! Go check it out here: youtube.com/@TROOPERScon 🥳 The rest will follow in the coming weeks! Happy holidays everybody! See you at #TROOPERS23!

I have recently been using Shodan quite a lot and have found some more tips and tricks in Shodan to hunt down the weird and wonderful assets for a target. http418infosec.com/shodan-201-rum…

Great write up on Invoke-ShareFinder from Aleks!

KeePass is back in the news with CVE-2023-24055, very timely as I have a post on the trigger system & some other attacks against KeePass! http418infosec.com/attacking-pass…

Great day at BSides Cymru yesterday, thanks to all of the organisers and volunteers! Great talks from Team Cymru Threat Research Mathias Frank and CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 in particular 🏴󠁧󠁢󠁷󠁬󠁳󠁿

Seeing as #redteamtips have been all the rage recently, I thought I would put my own #whiteteamtips out there. My latest post is on how to make good timelines for red team testing, (hopefully) leading to less painful debriefs! http418infosec.com/diagrams-timel…

Another amazing article by Kim Zetter, grab a cup of tea and make time to read this!

Didn't have time to talk about the newly released TLDs last week, but here we go. File Archiver In The Browser: Emulating file archive software in the browser with a .zip domain for phishing mrd0x.com/file-archiver-…

We would like to express our condolences to Blue Teamers. Microsoft has announced Microsoft Excel will now support Python. More information: techcommunity.microsoft.com/t5/microsoft-3…

Confused on the basics of C++? Hopefully this little post will help out with some of the confusion! http418infosec.com/deez-words-an-…

MachineAccountQuota = 0, preventing you from grabbing NAA creds remotely? DPAPI to the rescue! Ported over NAA Extraction via DPAPI to sccmhunter. h/t: Alberto Solino & clem for SystemDPAPI.py

The GoPhish API can be used for some fun and games, my latest post shows how single use phishing links can be made using GoPhish + AWS SES! http418infosec.com/one-time-phish…

Amazon is the new source for OST 🔥🔥

Today the Cyber Safety Review Board released its independent review of the Summer 2023 Microsoft Exchange Online intrusion laying out what led to the intrusion & what industry & gov't can do to ensure an intrusion at this magnitude does not happen again. go.dhs.gov/JRT

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec! posts.specterops.io/rooting-out-ri…

Some thoughts on how to test against Scattered Spider TTPs and a quick summary on the current available TI. http418infosec.com/simulating-sca…