If you have Active Directory Certificate Services (ADCS) in your environment, run Locksmith now! In Active Directory Security Assessments, we have found critical security issues in *most* ADCS configurations. The great thing about Locksmith is that it doesn't just highlight the

Update on the NTLM reflection attack: ctjf discovered that SMB signing enforcement does NOT protect against the NTLM reflection attack🛡 Cross-protocol relaying is still possible, even with mitigations in place. Only patching your system fully mitigates the vulnerability! 1/4🧵

Using ADCS to Attack HTTPS-Enabled WSUS Clients: @[email protected] and I have extended the research by Coontzy1 on WSUS attacks and explored how to leverage misconfigured ADCS templates to gain code execution on HTTPS-enabled WSUS clients. 1/2🧵

Using a Golang Shellcode Loader with Sliver C2 to Evade Antivirus : medium.com/@luisgerardomo…

🛡️Detection of NTLM Reflection Exploits in Windows SMB Authentication The Depth Security blog on “Using NTLM Reflection to Own Active Directory (CVE-2025-33073)” explains how attackers exploit weaknesses in Windows SMB client authentication to escalate privileges and compromise

⚠️⚠️ CVE-2026-21962 (CVSS 10.0): Oracle Fusion Middleware to unauthenticated remote total takeover via HTTP 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯5.3k+ Results are found on the en.fofa.info nearly year. FOFA Query: app="Oracle-Fusion-Middleware" 🔖Refer:

Fortinet admins are seeing attackers exploiting a patch bypass for a previously fixed FortiGate authentication bypass (CVE-2025-59718) to hack patched firewalls. bleepingcomputer.com/news/security/…

Telnetd ‘If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root’ seclists.org/oss-sec/2026/q…

''Yet Another DCOM Object for Command Execution Part 2'' #infosec #pentest #redteam #blueteam sud0ru.ghost.io/yet-another-dc…

Malware Development Basics: DLL Injection EDR Evasion: Hiding an elephant in the closet fluxsec.red/dll-injection-…

What's cooking? PowerShell Remoting over SSH, in pure .NET, without the OpenSSH client. And yes, it can interactively prompt for credentials or accept them as input for automation 👇

CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! github.com/EvilBytecode/C… #redteam

GhostKatz bypasses EDR by dumping LSASS credentials directly from physical memory. Learn how this new Red Team tool abuses signed drivers to stay invisible. meterpreter.org/screaming-at-t…

Timeroasting can be used to extract user hashes and it's stealtier than DCSync or NTDS shadow copies. Defenders should start monitoring this activity. Learn how: hackers-arise.com/powershell-for… OccupytheWeb Olexander Di #DFIR #BlueTeam #redteam

Exploit Demo & Analysis Article by 78ResearchLab(78ResearchLab) CVE-2026-20817 : Windows Error Reporting(WER) Service Elevation of Privilege Vulnerability blog.78researchlab.com/2ffdb461-3e5b-… #CVE_2026_20817 #LPE #Windows

Windows Defender Evasion via PPL Manipulation New Medium post, in this one we explore a practical technique that leverages Windows PPL internals to limit effective remediation by Microsoft Defender, even when clearly malicious behaviors are performed medium.com/@s12deff/demon…

You require more passwords 👾 . Finally, released breach.txt, a wordlist built from real-world passwords found in breaches, forum dumps, leaked logs, and other "sources". weakpass.com/wordlists/brea… Will try to keep it up-to-date, at least for some time 😀 #infosec

Interact with Kerberos and DPAPI without opening an LSASS handle. LSA Whisperer BOF uses official APIs to bypass PPL and Credential Guard during red teaming. meterpreter.org/beyond-the-mem…