🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Family plug incoming 🫣. For those that are fans of Oasis style/alt rock genre of music, have a listen to The Bridge's first EP. Would be great if you add them to a playlist if it's something you'll enjoy. They worked bloody hard for this. spotify.link/SmDY5S7YMDb

Continuing with Part 1- Andrew and I take a look at the remainder of the attributes on the Hacker Recipies chart. Take a look! And get ready for Part 2! This is a series after all 😎

It’s very common for us to see offensive tooling enable SeDebugPrivilege so that they may bypass certain OS checks. However, what does this mean? Which OS checks are skipped? I dove into this and decided to write a blog on it. Check it out! bit.ly/3trYxdg

Continuing on our deep exploration of DACL abuse based detections, Andrew and I take a look at object abuses with PowerMad. Remember, just because it may be banal, doesn't mean it doesn't have value! Many common attributes are great environmental baselineing tools!

Part 3 is out!! Andrew and I cover several attributes that are, in our opinion, lesser known. However, some of these had some incredibly interesting attacks/detections. Check it out! And thanks for joining us on this journey! 😁

Happy to finally share our slide deck/demo videos from our Texas Cyber Summit ®️ talk, “You DISliked DCSync? Wait For NetSync!” Thank you x3000 to Ashton Rodenhiser, for help with the fantastic slides, & my co-presenter/friend/mentor/research partner Charlie Clark 🤗 github.com/4ndr3w6/Presen…

Like the opsec of NightHawk but missing Aggressor-like scripting functionality? Check out DayBird, an extension I built for NightHawk to allow for automation of operator workflows and initial check-in actions via C# plugins. b:securityintelligence.com/x-force/extend… gh:github.com/xforcered/DayB…

Finally updated my RitM tool with the DES TGT session roasting code if anyone is interested. Reminder, this isn't intended to be attack-ready code! github.com/0xe7/RoastInTh… The attack is described in detail in my DES post (currently pinned to my profile).

While I'm at it, I've published the PoC tool used in Andrew, @jsecurity101 and my post: trustedsec.com/blog/the-clien… It's just a quick PoC but maybe someone will find it interesting: github.com/0xe7/EventSnip…

Working on a new tool that will be ready soon. One thing I can say from the research.... if your environment leverages Windows Hello without TPM's, DO NOT allow the default setting of a digit only based pin. Windows stores the pin length and can be brute forced in seconds.

Today I am releasing a whitepaper and new tool (ADOKit) as part of my X-Force research I will be presenting at Black Hat #BHEU on Wednesday. Links are below 🔗 Whitepaper: ibm.com/downloads/cas/… Tool: github.com/xforcered/ADOK…

Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below. Link: github.com/jsecurity101/P… 1/x

Wow did not have “be in a book” for my 2024 🤯🤩 Thank you Denis Isakov! Thank you Charlie Clark for always including me in the journey of Kerberos with you 💜!

Happy Friday! I have gotten a lot of questions around ETW Patching as of late. I decided to write a blog on understanding ETW Patching, check it out! jsecurity101.medium.com/understanding-…

Spent some time updating the TelemetrySource project. - Updated mappings for the Threat-Intelligence provider - Added a folder for the Threat-Intelligence provider + added a README A lot more updates coming soon! Project link: github.com/jsecurity101/T…

Mine and Dirk-jan's DEF CON talk, Abusing Windows Hello Without a Severed Hand went live yesterday. We discuss both privileged and unprivileged Windows Hello abuse. Hope you all enjoy it. youtu.be/mFJ-NUnFBac?fe…

fwiw, you can speed up cracking RC4 kerberoast tickets by requesting the ticket from the AS without a PAC

My #SOCON2025 talk is now live for those interested in credential guard research. youtu.be/9U_7u849yQQ?fe…

Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been working on for the past couple months. This dives into DCOM Interfaces that enable remote ETW trace sessions without dropping an agent to disk. Includes a detailed

Happy to finally share a new blog with Charlie Clark on our work revisiting the Kerberos Diamond Ticket. ✅ /opsec for a more genuine flow ✅ /ldap to populate the PAC 🆕 Forge a diamond service ticket using an ST We finally gave it a proper cut 💎 huntress.com/blog/recutting…