Delegated Managed Service Accounts (dMSA) are new in Server 2025 and solve a really important problem... We can migrate EXISTING service accounts to be dMSA so that they become AD managed with strong, rotating passwords. #activedirectory

Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay U can find PDF/HTML/PNG version here: github.com/CICADA8-Resear…

threw this together in a few minutes. let's make a big EE/hardware resource map? looking for more channels, websites, books, and lab blogs to feature

Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today. en.r-tec.net/r-tec-blog-byp…

[BLOG] I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets. rastamouse.me/kerberoasting-…

Want to demonstrate impact on MFA bypasses but don't want to have a lame self phish as proof? Phisherman is a real fake MFA app that you can use github.com/jfmaes/phisher… there is a demo instance hosted on sec565.rocks, bring your own EvilGinx though :)

This Orange Cyberdefense's SensePost Team blog post is really useful for debugging AD CS attacks 🎉 x.com/sensepost/stat… We also encountered some additional causes for these errors: • Inaccessible/expired revocation lists (CLIENT_NOT_TRUSTED) • Failed autoenrollment on DC (PADATA_TYPE_NOSUPP)

So I wanted to collate a bunch of different attacks you can perform via ServiceNow that we've used pretty regularly, but for which there doesn't seem to be much out there publicly.

🚀 To celebrate the upcoming Azure Red Team Expert cert, we're launching the first Cloud PEASS: Azure PEASS! 🔎 It gets Azure/Entra tokens, finds all your permissions, highlights sensitive ones HackTricksAI and tells you how to privesc! 👉 github.com/carlospolop/cl… #hacktricks

Modifying Certipy to Evade Microsoft Defender for Identity PKINIT Detection - phish 🐟 research.aurainfosec.io/pentest/modify…

You can just make an MCP server for all of your recon stuff and be done with remembering the syntax of different tools.

Nothing new, but formalized some operator notes on Entra ID/Azure tradecraft I've found to be exceptionally useful on ops. Overlooked this myself for quite some time and thought others in the same boat might find it worth a read! 📖 medium.com/specter-ops-po…

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

Today we unveil BadSuccessor - a new no-fix Active Directory privilege escalation technique. We will explore the recently introduced dMSA feature, and show how it enables turning a very common, seemingly benign permission, into a full domain take over. akamai.com/blog/security-…

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

If you want to quickly evaluate if you are exploitable: github.com/LuemmelSec/Pen…

I have not laughed this loud in a while😂 It's like she was on the expressway to hell and Jesus saved her🤣😂

Good read: aisle.com/blog/ai-cybers…

Upcoming UAC hardening changes significantly reduce the risk of unauthorized access and privilege escalation. If you rely on cloned Windows images, changes to your cloning, imaging, and authentication practices may be needed. Learn if your devices will be affected: