An article with my colleague Simone Simone about abusing Kerberos RBCD. Hope you like it! nccgroup.trust/uk/about-us/ne…

If you liked the Drop The MIC vulnerability, be sure to check Drop The MIC 2 to see how we bypassed the original fix + an additional vulnerability abusing any client sending LMv2 responses to bypass the MIC, EPA & more. Yaron Zinar Preempt, A CrowdStrike Company preempt.com/blog/drop-the-…

A brief post about abusing Kerberos Unconstrained Delegation to compromise systems by impersonating their associated computer accounts. Hope you like it crummie5.club/kerberos-uncon…

Sharing this again in my account as ElephantSe4l seems to be shadowbanned (wtf twitter...) crummie5.club/freshycalls/

New release of SharpEDRChecker, now with support for Covenant and other C2 frameworks along with support for older OS's and more EDRs. Thanks to BaffledJimmy & Simone for the contributions. github.com/PwnDexter/Shar…

Happy to announce I'll be presenting "Understanding and Hiding your Operations" this Saturday 19th of December (17:00 GMT+1) at 🥷🏼 No cON Name. Hacking & IT Security conference #ncn2k20 More info: noconname.org @NCCGroupEspana NCC Group Research & Technology

I'm glad to announce that airgeddon is at last available on kali repos! Blood, sweat and tears... but at last is done 😅😃 http.kali.org/kali/pool/main… #airgeddon #hacking #wifi #kali

[Slides] Understanding and Hiding your Operations slideshare.net/DanielLpezJimn…

Finally here! Check our new post explaining how attackers could compromise SharePoint instances from zero knowledge to Corporate Network. Available at crummie5.club/the-lone-share…

"You Do (Not) Understand Kerberos" slides and (spanish) video available in my blog! (english video soon) Hope you enjoyed! attl4s.github.io

Tool Update: In this blog post Simone and ATTL4S walk us through their really useful additions to the open source Covenant .NET C2 framework. research.nccgroup.com/2021/03/16/len…

Had to double check what I read. Yes! This is an NCC Group post contributing to Covenant! No matter where you work, we are a community above all else. We welcome this and all other contributions to open source work.💜

When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc Antonio Cocomazzi Our writeup here: labs.sentinelone.com/relaying-potat…

Adjourn your asses! "You Do (Not) Understand Kerberos Delegation" Slides and Videos (English & Spanish) now available! attl4s.github.io

#RemotePotato0 new release! Now you can also grab and steal the NTLMv2 hashes of every user logged on a machine from an unprivileged user! ✅ works fully local - no network interaction (except win 2019) ✅ ntlm related ✅ won't fix Windows in 2k21 cc Andrea Pierini

Pushed an update to PowerZure for some bug fixes but more importantly to remove the AzureAD PS Module requirement. It's all Graph API requests now for AAD functions. github.com/hausec/PowerZu…

Our (Simone) very first PRs merged to Metasploit Project. Make_token finally arriving to Meterpreter🙌 github.com/rapid7/metaspl… github.com/rapid7/metaspl…

New post together with Simone exploring Cobalt Strike's make_token command. We realised there is not a lot of information about this functionality, so we decided to take a good look at it to answer some questions we had and how it works under the hood. Enjoy!

Demystifying Cobalt Strike's "make_token" command - a tutorial by Simone Salucci and Daniel Lopez Jimenez. research.nccgroup.com/2023/11/10/dem…