🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

#MicrosoftEntra Attack & Defense Playbook Update: Sami Lamppu and I have updated some content, including: 🔃 #EntraConnect: Capabilities by MDI sensor & XSPM 🎯 #AiTM: Attack scenarios on MDA sessions 🛡️ #MITRE: Updated map Check out the latest version: github.com/Cloud-Architek…

📖 CloudSecList Issue 270 just got released, w/ content from Chris Farris (@[email protected]) Feroz Salam NetSPI Wiz and more! cloudseclist.com/issues/issue-2…

In Part 1 of my Intune Attack Paths series, I discuss the fundamental components and mechanics of Intune that lead to the emergence of attack paths: posts.specterops.io/intune-attack-…

Some fun chip decapping methods from the NetSPI team - netspi.com/blog/technical…

Quick addition to Get-AzPasswords in MicroBurst - Azure OpenAI keys This new section will dump any available OpenAI keys from Cognitive Services deployments that your user has list key permissions on. github.com/NetSPI/MicroBu…

If anyone wants to help out on a (hopefully) easy update for some functions in MicroBurst, we will need to make some adjustments for "Get-AzAccessToken" token output switching to a SecureString in Az PS 14.0.0 github.com/NetSPI/MicroBu…

Huge thanks to Nathan McNulty for instantly jumping on this request. The PR has been merged. MicroBurst should now be good on the SecureString updates in the Az module. Now to remember to do this for all the future functions...

I wrote an impromptu tool to enumerate Oracle Cloud Infrastructure (OCI) environments. I used Visual Studio Code insiders + GitHub with @MSFTCopilot to develop the entire codebase. I touched zero lines of code. It’s an exciting time for rapid tool development! github.com/rvrsh3ll/ociRe…

A little while ago I tweeted about a potential BOF-PE design. So here it is, a new design that includes a fully linked PE, C++ exceptions and use of the STL template library.

CVE-2025-27590 Oxidized Web: Local File Overwrite is a vulnerability where an attacker w/ access to the /migration page of Oxidized Web v0.14 can overwrite any local file that the ‘oxidized’ user can write to & gain remote code execution on the web server. ow.ly/C1R350VxKLJ

Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: ow.ly/WcuW50VAOTg

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

I finally published final stats from my 3 years of scraping users via OneDrive. I've got data on usernames, domains, and ADFS configs. This is all related to my ShmooCon talk earlier this year. github.com/nyxgeek/azure_…

⚠️ If you are using SAM-R, especially with Defender for Identity, you may be vulnerable to a downgrade attack! ⚠️ This was so dangerous they are disabling SAM-R queries in the coming weeks. Only classic sensor is affected, not XDR agent sensor (3.x). learn.microsoft.com/en-us/defender…

Got a story that started in the cloud and broke the rules? ☁💥 We’re looking for the unexpected. The bold. The beautifully technical. DEF CON is your stage — but the clock’s ticking. 🗓 CFP closes May 25 → forms.gle/LdDLHoxXUM3ABy… #CloudVillage #DEFCON33 #CFP #CyberSecurity

Took Akamai Security Intelligence Group's script for BadSuccessor and improved it a bit. - runs from non domain joined systems - works in forests - prints the rights each entity has on a OU - pre-flight check if 2025 DCs are present - code changes here and there github.com/LuemmelSec/Pen…

Read the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ✅ SonicWall has patched these issues in NetExtender v10.3.2 ow.ly/UxPT50W0xWA

Something I've been working on for a few weeks, feels like pushing out one blog post a week at this rate. Azure Arc may be known to a few folks or not, but it appears to be C2 as a service with a few caveats! blog.zsec.uk/azure-arc-c2aa… #RedTeam #BlueTeam #PurpleTeam #CTI #AzureArc

While the fix has been out for about a month, Joshua at NetSPI just released a blog outlining an interesting issue (CVE-2025-26685) that he found with Microsoft Defender for Identity - netspi.com/blog/technical…