A BOF/EXE that changes the ACLs of the current window station and desktop to allow the access to the everyone group #redteam #c2 github.com/parzel/change-…

Today we release the proof-of-concept exploits for the vulnerabilities we identified in HP #Poly VoIP devices. At the #37C3 we presented how these issues allow an attacker with network access to gain RCE and transform your devices into wiretaps. github.com/modzero/MZ-23-…

I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings. tiraniddo.dev/2024/02/sudo-o… The main take away is, writing Rust won't save you from logical bugs :)

#threatintel someone just leaked a bunch of internal Chinese government documents on GitHub github.com/I-S00N/I-S00N/

🇷🇺 Doppelgänger | Russia-Aligned Influence Operation Targets Germany We have been tracking the activities of the suspected Russia-aligned influence operation network Doppelgänger since late November 2023. Here is what we found... 🧵 sentinelone.com/labs/doppelgan… #threatintel

We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 blackhat.com/asia-24/briefi… and introduce more interesting attacks.

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? Tobias Neitzel has you covered and added functionality to use DCOM instead of good old RPC #redteaming github.com/ly4k/Certipy/p…

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to chaos.social/@born0monday and chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

🎟️📢Don't miss your chance to attend or present at BSides Berlin on October 26 in Festsaal Kreuzberg. Ticket sales and the Call for Papers are NOW OPEN!! bsides.berlin

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @[email protected] will also present at Area41 Security Con today.

Lovely to see the Email RFCs abused to embed a command injection payload in the local-part of the address! Nice work Michael Imfeld & parzel modzero.com/en/blog/beyond…

Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/cert… Source code: github.com/srlabs/Certice… Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…

#BSidesBerlin is back! Will you be joining us this year at Festsaal Kreuzberg on Saturday 26.10? Our CFP is open until 16.08 👉cfp.bsides.berlin/bsides-berlin-… Early Bird Tickets are available until end of July 👉 bsides.berlin Security BSides @[email protected]

A big thank you to our Review Committee Balthasar parzel Vincent Ulitzsch, Luca Melette and Diana Janetzky. We now have an amazing schedule featuring their favourite talks which you can check out here: bsides.berlin #BSidesBerlin #appsec #infosec #BSides

The entire disclosure seems to have been leaked online gist.github.com/stong/c8847ef2… Here is the report and POC

During a #redteam at @[email protected] we discovered a limited but neat bypass for #printnightmare. I talked to Clément Labro about it and he had an indepth look. Read about it here: itm4n.github.io/printnightmare… #itsec

Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…

I did not approve of the timing of this release but here it is. Blog coming soon. github.com/ly4k/Certipy/p…

During a recent engagement, Justin Bollinger discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0