Caddy v2 module to filter requests based on C2 profiles github.com/lum8rjack/cadd…

rolled out a bof for getting the dpapi_system key used by mimikatz /system: when ingesting master keys. If that's something you need it's live at github.com/trustedsec/CS-…

Holy Moly, Dirk-jan has been busy the past two years lol github.com/dirkjanm/ROADt…

Updated InlineExecuteEx to remove a dependency that was causing failures on arbitrary versions of Windows. Thanks to João Victor for the heads up! github.com/0xTriboulet/In…

NetExec turned 2 years old this month🎉 Time to take a look at what have achieved so far! As I love stats, I want to share some imo interesting numbers about NetExec: 4,853⭐ ~100,000 clones/14 days => ~2,4mio clones ~7,200 unique clones/14 days => ~172,800 unique clones 1/4🧵

MapUrlToZone (MUTZ) is a security-critical Windows component that determines whether a given path is local, on the intranet, or on the broader Internet – a classification that drives several security decisions across Windows – and is now being used in ways beyond its original

Jargon is important for specialists, but can create communication barriers for persons outside the specialization. When you need someone to successfully communicate what they need you to do for them, have them explain the conditions they want to be true in their own words. If

Impacket-jump - Remote service staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service loaders, set descriptions, and run them on demand. github.com/MaorSabag/impa…

⚠️ Hackers are exploiting a new 7-Zip flaw right now. A simple ZIP file can break into Windows through a hidden link trick. The bug’s been patched — but many still haven’t updated. Details here (CVE-2025-11001) ↓ thehackernews.com/2025/11/hacker…

We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇

Ooopsi ^^ Dr. Nestori Syynimaa's AADInternals back to old glory

Abusing BadSuccessor (dMSA): Stealthy Privilege Escalation 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles BadSuccessor (dMSA) is a dangerous vulnerability in Windows Active Directory that allows attackers to achieve domain admin access through

Do not underestimate IPMI hashes during a local pentest. Last month I was able to escalate my privileges to Domain Admin from an IPMI hash dump. After dumping the hash from an HP iLO system, I cracked it using Hashcat. The username was "administrator", so I tried local

An interesting piece of research on stopping arbitrary ETW traces using an undocumented “Stop Trace” flag originhq.com/blog/securityt… #ThreatHunting #blueteam #redteam #pentesting

SysWhispers4 just dropped !!! github.com/JoasASantos/Sy…

A critical 9.8 CVSS flaw (CVE-2026-27944) in Nginx UI lets hackers download and decrypt full system backups via an open API. A proof-of-concept exploit for this flaw is available. Update and rotate secrets! securityonline.info/unauthenticate…

Homelab with Active Directory and SIEM for security training github.com/0xMR007/Lab4Pu…

My infosec/mixed tech RSS feed: - Bleeping Computer (some sponsored slop gets through) - 404 Media - MIT Technology Review - Detect FYI (shoutout Alex Teixeira) - TrustedSec - BadSectorLabs - DFIR Report - Kostas on Medium - Lucy (goblinloot.net / Connected) - MS tech

ADPulse. Active Directory security auditing tool that connects to a domain controller via LDAP(S), runs 35 automated security checks, and produces detailed reports in console, JSON, and HTML formats github.com/dievus/ADPulse

Yet another LNK flaw allows for target spoofing, yet executes any DLL, including remote ones via WebDAV. Even worse, unless you installed the Feb 2026 updates, MotW will be ignored. See how this works on github.com/wietze/lnk-it-…