🔥Telegram İfşa

Update on the NTLM reflection attack: ctjf discovered that SMB signing enforcement does NOT protect against the NTLM reflection attack🛡 Cross-protocol relaying is still possible, even with mitigations in place. Only patching your system fully mitigates the vulnerability! 1/4🧵

Lateral movement getting blocked by traditional methods? werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG

As it turns out AWS not only made changes to their TOS, they are actively enforcing them. Thus, the current public release of TeamFiltration has been rendered more or less useless for enum and spraying EntraId tenants.

Ifrit Red Team Lab from Vulnlab is now live on Hack The Box! It’s modeled on a real engagement and includes a SIEM so you can check how "loud" you are. app.hackthebox.com/prolabs/overvi…

Those domain join permissions can be pretty useful...

A new NetExec module: certipy-find🔥 As ADCS is still configured insecurely in many environments, I decided to integrate the certipy find command into NetExec. Now you can quickly find and enumerate vulnerable templates before bringing out the big guns.

Hacklu CTF has started, our furniture store has opened for business! In the next 48 hours, you can buy as many products as you can and try to win nice prizes from our sponsors!

Remotely enable the EFS service for Win11 systems? No problem with rpcping. Just worked for me from remote with a low privileged user. 🧐

Anyone who still wants to use TeamFiltration, we created a fork that with Quick & Dirty changes is not using FireProx anymore: github.com/Flangvik/TeamF… Instead, the configuration file Proxy can be used. So here you can switch to alternative providers. Credit to Mr.Cyber 🔥

20th OST release this year! Highlights of 2025 so far:
 -Hiding malware in secure enclaves -New file formats for code exec, lateral and persistence -Post-exploit tooling for Chromium -Async BOFs & BOF-PE support -Lots of evasion and tradecraft additions … And much more to come!

SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: specterops.io/blog/2025/10/2…

NetExec turned 2 years old this month🎉 Time to take a look at what have achieved so far! As I love stats, I want to share some imo interesting numbers about NetExec: 4,853⭐ ~100,000 clones/14 days => ~2,4mio clones ~7,200 unique clones/14 days => ~172,800 unique clones 1/4🧵

>buy the robot > get hired as a remote robot operator > become your own robot > get paid to do chores and chill in your own house >health insurance included

I have released an OpenGraph collector for network shares and my first blogpost at SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…

AdminSDHolder: the AD security feature everyone thinks they understand but probably don't. 😬 Jim Sykora went to the source code to debunk decades of misconceptions — including ones in Microsoft's own docs. Read more ⤵️ ghst.ly/3Lpmjzv

Section 10/12 of the UDRL/Sleepmask course is finally complete. By far the most complicated / longest to write. Super excited to finish this out and get it into people's hands!

🚀CODE BLUE 2025 Talks & Speakers #26 🎙️IDancing with Exynos Coprocessor: Pwning Samsung for fun and “profit” 🗣️ Bing-Jhong Jheng / Muhammad Ramdhan / Pan ZhenPeng codeblue.jp/en/program/tim… Over the past year, we identified and reported 13 security vulnerabilities (CVEs) in

We disrupted a highly sophisticated AI-led espionage campaign. The attack targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We assess with high confidence that the threat actor was a Chinese state-sponsored group.

We let the Internet down today. Here’s our technical post mortem on what happened. On behalf of the entire Cloudflare team, I’m sorry. blog.cloudflare.com/18-november-20…

''PsExecing the right way and why zero trust is mandatory'' #infosec #pentest #redteam #blueteam blog.whiteflag.io/blog/psexecing…