After today’s talk at #TROOPERS25 I’m releasing BitlockMove, a PoC to execute code on remote systems in the context of a loggedon user session 🔥 github.com/rtecCyberSec/B… No need to steal credentials, no impersonation, no injection needed 👌

🚨 Talk alert / Alerte conf’ 🚨 🕔 Starts in 5 min / Ça commence dans 5 min : 🎙️ ACTIVE DIRECTORY: HALL OF SHAME & PHYSICAL PWNAGE #leHACK #TalkAlert 🔐 Encore un talk qui va traumatiser vos RSSI.

Joker rox the stage 🔥 (Physical intrusion included of course) #lehack

github.com/ShutdownRepo/d…

Had a blast speaking at leHACK this week! Talk: "Active Directory: Hall of Shame & Physical Pwnage" Huge thanks to the org team for accepting me again this year. Great talks, passionate folks & awesome convos. See you in 2026! 👋 #cybersecurity #infosec

It's here... #hashcat v7 is out! hashcat.net/forum/thread-1…

If you want to know how this works, the PR github.com/Pennyw0rth/Net… mentions this blog post: blog.compass-security.com/2022/05/bloodh…

Researchers at Defcon just showed they can crack the Securam ProLogic locks used on high-security safes to protect guns, cash, and narcotics in pharmacies. When they told Securam last year, it sent them legal threats—and didn't fix the flaws. wired.com/story/securam-…

From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion github.com/123ojp/GREtunn…

gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.

🚨npm Supply Chain Compromise Quoted directly from the LinkedIn post: LinkedIn: linkedin.com/posts/advocate… "URGENT: I can't write much..... but... the largest supply chain compromise in npm, Inc. history just happened, packages with a total of 2 billion weekly downloads just got

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Hackt1vator AIO iCloud Bypass for iOS 13 - iOS 18 Available For Windows & macOS – Free Download 🔓Check it out: idevicecentral.com/icloud-bypass/… iCloud-locked devices are unfortunately quite common these days, and I have personally seen hundreds of such locked devices being sold on

Inspired by TrustedSec article on remotely starting Windows services, enjoy our python unauthenticated EFS trigger developed with Hypnoze Enjoy! github.com/Hypnoze57/rpc2…

D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug. - github.com/D4m0n/CVE-2025…

Swiss surveillance could become worse than US If passed, chat, email & VPN providers from #Switzerland must: 🚨 Log IP addresses 🚨 Ask for ID upon sign up 🚨 Decrypt data upon request Swiss Bundesrat is still discussing this draft bill, decision will likely be made in 2026.

NEW RECENT THREAT: React2Shell: CVE-2025-55182 Learn about CVE-2025-55182 (React2Shell) and understand how the Flight protocol and deserialization work, dissect a working PoC, and exploit a vulnerable server. Furthermore, explore detection and mitigation. 🕸️ Let's goo ▶️

‼️🚨BREAKING: PS5 ROM keys have been leaked Opening the path to jailbreaks. This is a major security compromise for the PlayStation 5, effectively jailbreaking the console at the hardware level via its Platform Security Processor (PSP).

Responder 3.2.0.0 is out! All new year updates + - IMAP and SMTP StartTLS - IMAPS TLS server on port 993 - DHCPv6 poisoning (pure python) using Dirk-jan mitm6 attacks - Kerberos, DNS server updates - Etc. github.com/lgandx/Respond…

ICYMI, Aurélien Chalot spotted a change in Shadow Credentials, which broke pyWhisker. 2 weeks ago, PRs were made to pyWhisker, pyDsInternals and ntlmrelayx, which have been merged. Tools should work again 🙂 S/o to their authors 👏