I'll do an educational talk about this tomorrow in Milan. If you don't have a blue team and/or enough maturity you don't need a red team assessment and whoever is selling a red teaming without this requirements it just reducing the value of an actual red team engagement.

This Thursday March 9th, Mr.Un1k0d3r will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals! discord.gg/fZbfdUQM4A #infosec #redteam

New major roadrecon release is out! This release adds supports for: - Eligible AAD admin roles (PIM) - Scoped and custom roles - Administrative Units All now in the GUI and readable by any member user in the tenant (yes including eligible roles)😀github.com/dirkjanm/ROADt…

Introducing ETWHash! ETWHash is a new method and tool by Lefteris Panos for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline. labs.nettitude.com/blog/etwhash-h…

Check out ScrapingKit by myexploit2600 and I on Lares Labs, a tool we've been working on for the past week and a half focused on picking up quick wins in windows environments, useful for both #blueteam and #redteam purposes. labs.lares.com/introducing-sc…

With tlansec, we suspected a 0d and we notified MS few days ago. The infection chain was insane... Instead of a endless tweet Charlie Gardner did a wonderful graphic. 2/4

Ever wondered how to pull a Houdini on #auditd and let linux events vanish into thin air? Dive into our latest blog post by Tobias Neitzel and meet the magic wands ^H^H^H PoCs 'daphne' & 'apollon' 😎 code-white.com/blog/2023-08-b…

More to come in the upcoming weeks

#RomHackTraining started this morning Dirk-jan Mollema (Azure AD Security) and Silvio Cesare (Code review) teaching our studends right now 🔥🔥🔥

Come say hi 👋

And finally our #defcon31 talk is also on YouTube! 😁 youtu.be/_2lH90C2nOM?si…

RomHack has ended and it has been amazing. Kudos to Cyber Saiyan | RomHack Conference, Training, Camp for the awesome conference and an incredible training from Dirk-jan. Special thanks to Advanced Persistent Tortellini,klez, Diego Capriotti, trickster0 TheZero 🍉 on BlueSky, Pit, Goten, zi0Black, and frycos for the great time.

Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out! Blog: naksyn.com/edr%20evasion/… Tool: github.com/naksyn/Process… Thanks to hasherezade and monoxgas for their awesome work

100% accurate

🎁 GIVEAWAY TIME! 🎁 - I'm giving away 2 seats for my brand new "Hands-On Kusto Query Language (KQL) for Security Analysts" course! Please follow Blu Raven , Comment, and Repost to participate. 👉 academy.bluraven.io/hands-on-kusto… Two random winners will be announced on 5 December

6 months before Porchetta Industries's events unfolded, I paused updating my FOSS tools, questioning their value. To rediscover this and shape future developments, I've opened a private server for ppl to share ideas or even just connect. Interested? Join! discord.gg/u2AZcuGr