Not sure how I missed this! Luke Kavanagh (Luke Kavanagh) has exhausted the topic on all the mitigations you can implement to protect your users from reverse proxy phishing 🔥🎣 Recommended reading not only if you are on the defense. bleekseeks.com/blog/how-to-pr…

It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!). github.com/dirkjanm/blood…

If you ever asked yourself how complex it is to setup an O365 phishing infrastructure, the answer might be a little bit disturbing "not much". It's done in under 10 mins and free O.o Here is a walkthrough:

Yes, this is not new, this is also simple and stupid. But is it stupid if its working? More Details: badoption.eu/blog/2023/12/0…

Great collection, always worth a look and continious updates! :)

#redteamtips

Did you know, that you can use search-ms to bind a WebDAV drive and filter there? This offers some possibilities for attack chains, e.g. with Java, Python, Ruby or Visual Studio. Here is a PoC for Visual Studio: More 🧵👇 #initialAccess

Instead of VisualStudio you can use Python: Details here: badoption.eu/blog/2023/12/2…

As nowadays an EDR is on almost PC, it might be time to move on to the next part in assesments. Smartphones maybe? You can send a QR Code as Unicode, to ensure you land on a mobile device, bypass image privacy and and go for device code phishing to get a full Azure / M365 PRT!

More details are here, as usual: badoption.eu/blog/2024/01/0… If you have some remarks, feel free to discuss here or send me a DM.

Microsoft patched the MS Teams external collaboration Splashscreen bypass via meetings, after 4 months. So, here is a new one via group chats 🫣🫣🫣

Steps: - Create a group chat - Invite the external “victim” - Write your message - Splash screen will be shown to the user - Remove the user from participants - Splash screen will also be removed Some details here: badoption.eu/blog/2024/01/1…

Psst! Hey you! yeah I see you struggling with exfiltrating vhdx files you found on that public SMB share over a HTTP tunnel. What if I told you there is a better way? You can browse remote disk images with this project and only download what u need! github.com/skelsec/adiskr…

Leaking sensitive data via public accessable cloud storage is still a thing... I collected some samples of what can be found. Crazy stuff... badoption.eu/blog/2024/02/2…

A crazy complex and high efforts needed authentication bypass! Autsch...

me deleting print statements after debugging my code

Watching people tweet they bypassed a certain EDR is just cringe at this point. When you ask them what did they bypass, they dont know what. So let me take you back to school... Executing OpenSource tool is not a bypass. An EDR employs several mechanisms for detection. Getting a

As ntlm leaking is still a thing, made a showcase for elevating via ldap relaying with some little tricks. Relaying is done with a Win Client without admin privs and an active Windows firewall (default config), by using HTTP.SYS and SSH. Details here: badoption.eu/blog/2024/04/2…

Have you blocked Device Code flow by default yet? If not, this very slow Graph PowerShell Beta command will tell you who is using them Get-MgBetaAuditLogSignIn -Filter "AuthenticationProtocol eq 'deviceCode'" Microsoft calls this a best practice, so go create the CA policy ;)

AWS Penetration Testing Framework is now publicly available! github.com/T-s3c/AWS-Pent…