A new #mimikatz 🥝release with #zerologon / CVE-2020-1472 detection, exploit, DCSync support and a lots of love inside ❤️ It now uses direct RPC call (fast and supports unauthenticated on Windows) > github.com/gentilkiwi/mim… Thank you: Secura

Look at this slice of awesome. The new Wireshark version in dev (3.3.0) has a packet diagram view. A fantastic teaching and learning tool! When released, I'll be making pretty extensive use of this in my classes! Great job Gerald Combs and Wireshark Foundation team.

Are all your DCs already patched against Zerologn (CVE-2020-1472)? Check out this simplified overview of the critical vulnerability discovered by Secura + further steps you can take to protect your network 😎 Yaron Zinar Preempt, A CrowdStrike Company preempt.com/blog/security-…

CrackMapExec v5.1.1 is now available on Pypi. Thanks to mpgn its stable enough for me to finally get rid of the old version. You can now install the latest version of CME with a `pip install crackmapexec`. Happy Pwnage. pypi.org/project/crackm…

Today, we are delighted to share that CrowdStrike, a leader in cloud-delivered endpoint and cloud workload protection, announced that it has agreed to acquire Preempt, A CrowdStrike Company and its industry-leading Conditional Access technology. Learn more here: crowdstrike.com/press-releases…

📃 "NTLM relay of ADWS (WCF) connections with Impacket" The story of how I implemented a new NTLM relay server in Impacket and succeeded in my pentest 😀 ➡ clement.notin.org/blog/2020/11/1… Thanks to Alberto Solino and Dirk-jan for the inspiration and the original ntlmrelayx code!

Great opportunity to join Preempt, A CrowdStrike Company linkedin.com/jobs/view/2231…

While the Bronze Bit vulnerability was patched, the ability to bypass the "Kerberos Only" protection in Kerberos Constrained Delegation was published 2 years ago by Elad Shamir and still works today against patched DCs 😇 shenaniganslabs.io/2019/01/28/Wag…

Cool research by Eyal Karni 🍅 - msrc.microsoft.com/update-guide/v… #NTLM relay strikes yet again... More details coming out soon...

On January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike researchers. In this blog, we show how companies can protect themselves from this vulnerability. bit.ly/3bZVTkh via Alex Ionescu Eyal Karni 🍅

Great research by Eyal Karni 🍅 finding cool new ways to perform #NTLM relay.

Excited to share I'll be (virtually) in Vegas presenting in DEF CON a talk titled: "Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes" with Sagi Sheinfeld Eyal Karni 🍅. We'll present cool new MitM attacks against NTLM and Kerberos

I wonder what will happen when MS finally decides to force LDAP signing or EPA for LDAPS and ADCS via patches

OMG! OMG! OMG! 🤯😱 I am growing the #team....again. This time in North America. Come join our #identityprotection Product Management team. I want to work with you. More details here #identitysecurity #jobsearching #crowdstrik…lnkd.in/eRrJQw2z lnkd.in/eM9SCjA6

Get a primer on the Follina vulnerability and learn how the CrowdStrike Falcon platform protects customers by using behavior-based indicators of attack (IOAs). crwdstr.ke/6016zVMGq

Want to learn more on how to mitigate #NTLM relay attacks exploiting #PetitPotam and #DFSCoerce? Be sure to check out this blog post by Marina Simakov: crowdstrike.com/blog/how-to-de…

1/2 Three years ago Yaron Zinar and I presented a generic NTLM relay detection at #BHUSA. Recently, we extended it to detect machine accounts relay, independent of the coercion tactic used (PetitPotam, ShadowCoerce, DFSCoerce, etc.) crowdstrike.com/blog/how-to-de…