Empire v5.11.4 was just released with updates and bug fixes! - Updated Rubeus to v2.3.2 - Added nameserver check for linux hosts - Fixed Rubeus only using first arg - Fixed Rubeus killing agent when using System.Environment.Exit - And more

CVE-2024-20439: #Cisco Smart Licensing Utility #Static #Credential Vulnerability looks interesting. Any one have those credentials?

We are doing a giveaway for our Empire Ops: Tactics (Lazarus) course next week on Sep 11! Simply retweet this to enter, and we will announce the winner tomorrow at 1 PM EST. Come learn about ransomware simulation and threat emulation.

ChromeKatz: Dump cookies and credentials directly from Chrome/Edge process memory github.com/Meckazin/Chrom…

#PingCastle 3.3 released !!! pingcastle.com/download/ Active Directory & AzureAD security health check in seconds >200k AD audited, management readable, no install, no admin, no data sent "to a cloud" Example of report: pingcastle.com/PingCastleFile… github: github.com/netwrix/pingca…

0-Click exploit discovered in MediaTek Wi-Fi chipsets affects routers and smartphones (CVE-2024-20017). Published PoC can be tested even from a smartphone Technical details: blog.coffinsec.com/0day/2024/08/3… PoC: github.com/mellow-hype/cv… by hypr

🚀 The Fuzzing Educational Course is now publicly available! This comprehensive course covers techniques and tools for fuzzing in various languages such as Python, Go, Rust, Java, and Web. github.com/raminfp/the-ar… #Fuzzing #SoftwareSecurity #Education

Virtual registration is open for ATT&CKcon 5.0! While we'd love to see you in person in McLean, VA October 22-23 (and still have a few tickets left at na.eventscloud.com/website/76470/), you can catch talks online for free by registering at mitre.brandlive.com/ATTACKCon-5-0/…

Introducing DOMHash. DOMHash is a completely self sustainable fuzzy hashing algorithm to compare DOM content from websites. It provides a similarity score in order to determine how similar two sites are to one another and is completely FREE and opensource. Thread👇

A Happy Halloween from the MITRE ATT&CK team with a special treat: ATT&CK v16.0, including new spooky behaviors and ghoulish groups, as well as revisions and contributions, to satisfy your every #infosec need! Check out Amy Robertson’s release blog at medium.com/mitre-attack/a…

As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎

Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them

M'm glad to release the tool I have been working hard on the last month: #KrbRelayEx A Kerberos relay & forwarder for MiTM attacks! >Relays Kerberos AP-REQ tickets >Manages multiple SMB consoles >Works on Win& Linux with .NET 8.0 >... GitHub: github.com/decoder-it/Krb…

💥 ANNOUNCEMENT: Opik v1.2 is released! 💥 Opik is an open source LLM evaluation framework for: 🔥 Implementing LLM-based metrics 🪲 Logging/debugging LLM traces 💯 Scoring, annotating, and versioning LLM data And so much more. Check out the repo below.

hfiref0x has rewritten the formerly industry-wide and old-school tool Dependency Walker, making it capable of running on Win11 and enhancing it with other useful features. It is designed to build a tree diagram of all an executable's dependent modules. github.com/hfiref0x/WinDe…

Do you know the Azure IP Ranges site by Daniel Falkner ? It's a great tool to filter IP ranges by service and even download them in different formats. azureipranges.azurewebsites.net

Fake exploits for the BeyondTrust Remote Support CVE are surfacing - github.com/cloudefence/CV…

🎯 Introducing AD-ThreatHunting: ⚡ Supercharge Your AD Threat Hunting! 🛡️ Just Released: A comprehensive Active Directory PowerShell threat hunting tool that makes detecting suspicious activities easier than ever! ✨ Key Features: • Real-time attack detection • Advanced

Today we are releasing our FREE educational course: "Intro to Exploit Dev"! This course is perfect for those trying to start exploit dev and covers: - Tooling - Fuzzing - Exploitation techniques - And more! You can take the course here: bible.malcore.io/readme/the-beg…

Does anyone know if the following #Microsoft #mitigation has been released - techcommunity.microsoft.com/blog/microsoft…? I see the registry hive, but does not do anything against POCs on my Windows 11.