New blog post! 🤓 Following the release of "Perfusion", my exploit tool for the RpcEptMapper registry key vulnerability, I decided to write a blog post to discuss the "unconventional" method I used. 😉 👉 Post: itm4n.github.io/windows-regist… 👉 Tool: github.com/itm4n/Perfusion

I wouldn’t laugh too loud #solarwinds123

What a time to be alive... Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal. Only needs https outbound to Azure and line of sight from victim to target host

Adfsbrute - A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks ift.tt/3dZnuS1 #cybersecurity #bugbountytips #hacking #tools

New version of #AADInternals out now, including remote dumping of #ADFS configuration database🔥 Read the blog at: o365blog.com/post/adfs/ Credits to Vesa Tikkanen, Doug Bienstock, Austin Baker, Dirk-jan, 🥝🏳️‍🌈 Benjamin Delpy, 📔 Michael Grafnetter, and Roberto Rodriguez 🇵🇪 for your help and previous work!

RemotePotato0 — A "won't fix" exploit for Windows that allows you to escalate your privileges from a generic User to Domain Admin. github.com/antonioCoco/Re…

SIEM admins be like:

Want to try to decode SCCM passwords in SC_UserAccount table with #mimikatz ? 🥝 (hints, lots of them have usually admin rights 🤪) A little POC here: github.com/gentilkiwi/mim… So Jonas Vestberg can try it ;)

I really love "new" Microsoft Kernel Code signing rules ( techcommunity.microsoft.com/t5/windows-har… ) #mimikatz driver (mimidrv) still load on a fresh, up to date 21H1 It seems Microsoft still must deal with legacy drivers😉

Connecting to RDP using Restricted Admin option seems to do the trick to evade this attack ✌️🎉 mstsc /RestrictedAdmin /v:<ip>

There is Remote Desktop Client in the Microsoft Store, not using mstscax.dll CryptProtectData (DPAPI) instead of CryptProtectMemory > microsoft.com/p/microsoft-re… I'll not create a function for that in #mimikatz🥝 Maybe when it will not store in memory passwords 12x in CLEARTEXT 🤬

I came across this in a collection of stories. It’s about writing, but I think applies to security research.