My mom passed away this morning unexpectedly. I’ve never felt so much sadness.

Introducing ShadowSpray, it's like password spray but with shadow credentials. More info in the repo. Huge thanks to Elad Shamir for the amazing technique and to Will Schroeder (and others) for the implementation in Rubeus from which a lot of code was taken. github.com/Dec0ne/ShadowS…

this is how I run mimikatz today on a (default config) Defender for Endpoint protected host. just reused my recent stager with a basic custom socket server. this libpeconv stuff is more powerful than I first thought :)

You can find me on Mastodon at [email protected]

With Twitter's change in ownership last week, I'm probably in the clear to talk about the most unethical thing I was asked to build while working at Twitter. 🧵

Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for? I'll start '.dmp full' 'whoami' 'delete shadows' 'FromBase64String' 'save HKLM\SAM' ' -w hidden '

PersistAssist v0.2 is live! Tons of cool additions in this version I'm excited to share including more tradecraft modules, new persistence methods, and some quality of life features. Keep an eye out for the upcoming blog post 🙂 Check it out here! github.com/FortyNorthSecu…

More car hacking! Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car. Here's how we found it, and how it works:

At the ER with my 3 year old son who has a 107.6 temperature :(

interesting APT28 malloc which uses no macro, the document is a PowerPoint file that exploits a code execution technique in a ahyperlink. which is designed to be triggered when the user starts the presentation mode and moves the mouse.

The halftime show looks like a Super Smash Bros level.

We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploi… by Dominic Chell 👻

Found a good spot away from the city to watch the northern lights and was not disappointed. One of the coolest things I’ve seen in my life.

I'm not sure many folks recognize or know the impact nyxgeek talk at #DEFCON has. The ability unauthenticated to really map some critical data about the organization as well as company relationships and more. Insane that this isn't getting remediated and on the tenant to fix.

Full statement from ALPHV, regarding the attack on MGM Resorts. 🧵 1/2

Seeing a LOT of incorrect media reports — including from some meteorologists — tying AT&T outage to the back-to-back solar flares. They are NOT related. The R3 shortwave radio blackout was on the wrong side of Earth. Cell phones are also not in the 3 to 30 MHz frequency band.

This has been the hardest week of my entire life while I sat by my dad and held his hand as he died a slow and horrible death.