Restricted Admin feature of RDP 8.1 allows pass-the-hash (2013) labs.portcullis.co.uk/blog/new-restr…

I have overhauled EDR-Checker now and added more checks in like running drivers and Dlls loaded in your current process. It has also been integrated into #PoshC2 now as well, just run Invoke-EDRChecker 😎 more features still to come! #redteam

Awesome article with some handy hints riccardoancarani.it/bloodhound-tip…

kali.org/news/kali-linu… Some big changes, including something I thought I'd never see. - Added PowerShell

Nothing better Hack The Box

Excellent write up from DIFR on some pretty basic malware, it's always nice to see alot of what it does batched up and easily accessible for testing. seamlessintelligence.com.au/sql_miner.html

cmd.exe /c "ping 127.0.0.1/../../../../../../../../../../windows/system32/calc.exe" 😂

To whoever is trying to run these Python backdoors on our F5 #BigIP honeypot: Slow down... it doesn't work because you keep overwriting your files. Or randomize your filenames better.

seamlessintelligence.com.au/empire_2.html

Here's a threat on some overpowered technologies to slow down attackers that you can implement _now_. First, re-implement LAPS (microsoft.com/en-us/download…) at your peril. 1/14

Free and open source BloodHound isn't going anywhere. We are continuing research and development on FOSS BloodHound, which will remain free and open source forever.

seamlessintelligence.com.au/sliver_1.html

Hey Snaffler fans, check out this thing for ingesting Snaffler data into ElasticSearch: github.com/LegendOfLynkle…

Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post posts.specterops.io/koh-the-token-… where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at github.com/GhostPack/Koh

Part 3 of our series using the Sliver adversary emulation framework goes into a few detections using standard windows logs as well as Sysmon logs (Defender device logs can also be used and have a very similar structure to Sysmon.) seamlessintelligence.com.au/sliver_3.html

CVE-2023-23397 displays interesting changes when the invite goes through O365 rather than local injection into Outlook. The "ReminderFileParameter" disappears. #Outlook #0day

Great article for both enhancing what you can get from Bloodhound data but also 11/10 for explaining some really cool Cypher queries and techniques. falconforce.nl/bloodhound-cal…

🚨Last chance! The CFP for #BSidesPerth is closing in just 1 week! Don't miss your chance to share your expertise and insights with the community. Submit your talk now and join us for an unforgettable event! #InfoSec #CFP #LastChance

We are often engaged with organizations that have lost complete control of their Microsoft Entra ID tenant, I wrote a comprehensive blog post on lessons learned from real world engagements to try to help reduce the risk of the same happening to you microsoft.com/en-us/security…

Scattered Spider Related Domain Names isc.sans.edu/forums/diary/3… via @SANS_ISC How do you get around the "recentdomains" endpoint truncating data? We can't seem to get more than ~14MB each request (even by date) and sometimes the domain list only goes to around the letter "p"