Introducing a new tool of The Manticore Project: Delegations Manage Kerberos delegations like a pro: audit, add, remove, monitor & more — all in one tool! Supports unconstrained, constrained (+protocol transition), & RBCD. 🔗 github.com/TheManticorePr…

Four UK arrests in Scattered Spider incidents. Suspects are 17 to 20 years old. therecord.media/uk-arrests-fou…

Nearly every organization uses a hybrid identity solution that includes Active Directory (AD) and Entra ID. Most organizations are shifting the emphasis from AD to Entra ID and take advantage of Entra's superior capabilities. We now have the ability to convert the source of

For all the people who say, “Nothing wrong with community college” The environment you put yourself in and the people you surround yourself with have a MASSIVE impact on your life trajectory Many people meet their spouse and make lifelong networking connections in college

What is Direct Send and how to secure it | Microsoft Community Hub …more questions about how Direct Send works. This post tries to address those questions. techcommunity.microsoft.com/blog/exchange/…

The ADSyncCertDump tool is now part of the adconnectdump tools and can be used to extract SP credentials from Entra ID connect hosts. I will cover that during my BH/DC talks today and Friday! Tool is heavily based on Shwmae by CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿

#RFJinLV fun times a BlackHat

Learn how Buttercup works under the hood: blog.trailofbits.com/2025/08/08/but…

Right now, the media is hyping up a story that a SECRET HACKER FIRMWARE FOR FLIPPER ZERO HAS APPEARED ON THE DARKNET THAT CAN HACK ANY CAR!!!11 WE’RE ALL IN DANGER. Let’s break it down and see if that’s actually true (spoiler: it’s not): blog.flipper.net/can-flipper-ze…

Not again... Citrix, the company that keeps on giving. cyberplace.social/@GossiTheDog/1… If you want to check your systems: github.com/fox-it/citrix-…

🛡️ We added Citrix NetScaler memory overflow vulnerability CVE-2025-7775 to our Known Exploited Vulnerabilities Catalog. Visit go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

IMPORTANT: Microsoft is limiting email from onmicrosoft.com domains! When you create a new Microsoft 365 tenant, it gets a default onmicrosoft.com domain. This is known as the MOERA (Microsoft Online Email Routing Address). While the MOERA is useful for testing

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Build production RAG pipelines with 18 lines of YAML 🚀 RAG applications need data from various sources moved into vector stores. Manual API integration means writing boilerplate for rate limiting, pagination, and error handling instead of building AI. CloudQuery handles the

"Today’s AIs don’t understand environments; they just pattern-match inside them." Literally what critics have been saying for years now.

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since

This will make life of Incident Responders much easier

Get ready, folks. 🌟 You’re about to witness ONE. BIG. BEAUTIFUL. ABSURDLY. EPIC. THREAD. 🧵🔥 Some say this might be the MOST EPIC and MOST RIDICULOUSLY LONG identity thread ever written 📗 Bookmark this Honestly… the cover image alone deserves a like + retweet DO IT 😂

This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?" greynoise.io/blog/your-ip-a…