And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 hosts 🤯if they have a writeable share: github.com/Pennyw0rth/Net…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

I'm not sure everyone realizes it, but as it stands, if you have an Active Directory with default configurations, any machine (except DCs) that hasn't applied the June 10 patch can be compromised by any domain user.

Infiltrator from Hack The Box has a ton. There's a lot of exploitation of Output Messenger. There's AD, ADCS, password spray. I learned some interesting bits about changing user's passwords as well. 0xdf.gitlab.io/2025/06/14/htb…

Can you get them all 🔥 CTF still on going, good luck everyone !

Did you know that you can kerberoast without any valid credentials? All you need is an account that is ASREProastable. This allows you to request service tickets for any account with a set SPN🔥 NetExec now has a native implementation of this technique, thanks to Azox

Episode dans la boite ! 👔

Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥 github.com/NeffIsBack/wsu… TL;DR: If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network. 1/4🧵

🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak accompagné de @Cravaterouge.bsky.social pour parler de son tool open source BloodyAD 👔 On aborde le sujet de l'opensource, la philosophie du tool avec un supplément badsuccessor ! 😄 Bonne écoute à toutes et à tous 🎶 creators.spotify.com/pod/profile/ha…

Le workshop active directory c’est ce soir 21h zone 2 room 2 à #leHack ! 2 domaines vous attendent sous le thème Star Wars 😁

Had an absolute blast at leHACK 2025 yesterday! So grateful to mpgn for the incredible Active Directory exploitation workshop, focusing solely on netexec. Learned a ton of useful techniques. Part 1 of my writeup: felixbillieres.github.io/articles/lehac…

Thank you all for joining the Star Wars NetExec workshop at leHACK 2025 with Thomas Seigneuret & Wil 🔥🪐 50 hackers, 1 room, 2 domains to pwn! 💥 🥇 4nh4ck1n3 takes the win 🏆 🥈 @yoshi in second place Full write-up by 4nh4ck1n3 📝👇 blog.anh4ckin.ch/posts/netexec-…

Let's crack on 🧨 From a passion project to an essential tool, #NetExec has become a go-to resource for many in the cybersecurity space. Join us as we sit down live on YouTube with mpgn, the mind behind it all, to talk open source, persistence, and the personal journey of

How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀

Wanna see something cool about RDP and NetExec ?

In this week's second Vulnlab release on Hack The Box, Redelegate has some standard steps working up to a user with SeEnableDelegationPrivilege. I'll look at Delegation options and exploit one of them to get full domain control. 0xdf.gitlab.io/2025/07/17/htb…

Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by Bilal parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀

Episode dans la boite ! ✅

I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…

🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak accompagné de doomerhunter (Victor Poucheret) 🌺 On parle de son parcours, de bug bounty, d'évènement on site et d'IA ! 🥇 Bonne écoute à toutes et à tous 🎶 creators.spotify.com/pod/profile/ha…