Don't want to capture Kerberos auth? No problem, Responder now allows you to downgrade to NTLM :) New setting in Responder.conf: KerberosMode -> FORCE_NTLM or CAPTURE

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using-ntl…

Today Secorizon is releasing OffByWon, an advanced network protocol fuzzing framework. This tool allows you to bring chaos to drivers, servers, parsers. A minimal demo client performing a complete fuzzable LDAP NTLM authentication is included. Several advanced functionalities

I found unauthenticated bugs in MDT that can be abuse to coerce authenticaton from the host server or to leak creds stored in the deployment share's rules file. Instead of fixing the issues, Microsoft retired MDT. specterops.io/blog/2026/01/2…

DumpBrowserSecrets has been updated to v1.1 featuring compile-time string obfuscation, API hashing, command-line argument and PPID spoofing via NtCreateUserProcess and more. github.com/Maldev-Academy…

Stop listening to people that don't do the work. Those people are loud. Listen to people that do. The people that do the work are typically quiet.

I ended up quickly modifying ntlmrelayx to support these changes so that relays to LDAP are possible again, thanks y'all for your hard work on figuring this out! You can find the changes here: github.com/logangoins/imp…

Lots of improvements, bug fixes and working kerberos authentication in the new release 3.0.0 of smbclient-ng! github.com/p0dalirius/smb…

Can you port ADRecon to python for me? Of course, 5 minutes later easy peasy python version ready to go 😂 github.com/S3cur3Th1sSh1t…

😒

Since I was bored in a plane I decided to revisit some of the Windows Hello tradecraft and finally implemented browser based FIDO2 auth using WHFB keys in roadtx. Thanks Fabian Bader and Nathan McNulty for the inspiration!

I bet this shit goes so hard if you don't know what a red team is

Have you got SCCM in your environment? Want to catch adversaries attempting to abuse it for malicious purposes? Check out my newest blog to setup deceptions within existing SCCM infra specterops.io/blog/2026/02/1…

Vibed up a quick tool to visualize and stack significant red/blue events that occurred during an assessment. Have always liked including a high-level visual like this in debriefs but made them by hand in the past using something like draw[.]io

Twitter blue teamers when you use novel killchains because it's too advanced vs Twitter blue teamers when you attack ADCS because it's too simple

State of security in Kali integrating AI ( kali.org/tools/mcp-kali… ): arguments are interpolated in a single command string, not escaped, so whatever the AI passes, including potential vectors for command injection, is executed. With pipes, &, ; and all that stuff like it's

> Can you make sure all our API keys are not on the front end

PSA: for security, put your AI agent in a water-tight sandbox, such as a dedicated VM. Once this is done, you can maximize productivity by giving it your credit card number, email credentials, the ability to write and run arbitrary code, and unconstrained access to the internet