
Théo Louis-Tisserand
@0hexit
ID: 1178597365810438144
30-09-2019 09:08:17
92 Tweet
57 Followers
289 Following


Windows authentication & Prox-Ez is the topic of the last Synacktiv talk at #THCon, staring Pierre Milioni and Geoffrey B




A while ago during a security assessment, Théo Louis-Tisserand identified multiple vulnerabilities on the PRTG Network Monitor application version 21.3.69.1333, allowing an attacker to perform XSS attacks. Read the technical details in the advisory: synacktiv.com/sites/default/…




Bored of managing multiple proxychains configurations? Hugo Clout developed bbs, a swiss army knife proxy manager for red teamers! The project is available on our GitHub: github.com/synacktiv/bbs



Thanks to Théo Louis-Tisserand's PR, DPoP auth support has now been added to CloudNine for Okta which is used in agent versions >3.18.0 \o/ github.com/xpn/OktaPostEx…

GitLab recently released a patch for the Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409). Our ninjas Alexis Danizan and Pierre Milioni analyzed the patch and wrote the exploit code! github.com/synacktiv/CVE-…


You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from Pierre Milioni (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :






