NCV (@nickvourd) 's Twitter Profile
NCV

@nickvourd

Just your friendly neighborhood APT

ID: 1256748254802382848

linkhttps://medium.com/@nickvourd calendar_today03-05-2020 00:52:03

2,2K Tweet

1,1K Followers

325 Following

Alex Neff (@al3x_n3ff) 's Twitter Profile Photo

How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀

How to find the Entra ID sync server - A new NetExec module🔎

Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server.
Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀
BSides Tirana (@bsidestirana) 's Twitter Profile Photo

🌆 Good evening! We’ve officially completed the talk evaluation process and have started emailing selected speakers! 🎤 If you haven’t received an acceptance email yet, don’t worry! We’re still working through the notifications, and everyone will hear back very soon. 🙌 #BSides

Black Hills Information Security (@bhinfosecurity) 's Twitter Profile Photo

"If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation [...]" Read more: blackhillsinfosec.com/abusing-s4u2se… Abusing S4U2Self for Active Directory Pivoting by: Hunter Wade Cross-Posted: 6/11/2025

"If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation [...]"
Read more: blackhillsinfosec.com/abusing-s4u2se…

Abusing S4U2Self for Active Directory Pivoting
by: Hunter Wade
Cross-Posted: 6/11/2025
✞ inversecos (@inversecos) 's Twitter Profile Photo

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿

(including past clipboard items)

inversecos.com/2022/05/how-to…
Sean Metcalf (@pyrotek3) 's Twitter Profile Photo

A while ago I published an article called "The Art of the Honeypot Account: Making the Unusual Look Normal". This covered some ideas around making a honeypot account look as normal as possible. We need to ensure that our honeypot account: * Is not a recently created account

Cloud Village (@cloudvillage_dc) 's Twitter Profile Photo

🚨 Pre-Registration is LIVE for Cloud Village Labs! 🚨 Planning to hit up DEF CON 33? Lock in your seat for our hands-on lab sessions NOW! 🧪☁️ 🔗 forms.gle/pukvJvj5xoprwL… #CloudVillage #DEFCON33 #CloudSecurity #HackerSummerCamp #HandsOnSecurity

🚨 Pre-Registration is LIVE for Cloud Village Labs! 🚨
Planning to hit up <a href="/defcon/">DEF CON</a> 33? Lock in your seat for our hands-on lab sessions NOW! 🧪☁️
🔗 forms.gle/pukvJvj5xoprwL…
#CloudVillage #DEFCON33 #CloudSecurity #HackerSummerCamp #HandsOnSecurity
LuemmelSec (@theluemmel) 's Twitter Profile Photo

UPDATE: You are vulnerable, no matter the version. No patch from MS as of now for the new CVE-2025-53770. Look for exploitation attempts and IOCs. Get them offline if possible until there is a solution. If you need to stay online stay on high alert and monitor closely. 1/2

CloudBreach (@cloud_breach) 's Twitter Profile Photo

🚨 Critical #SharePoint zero-day (CVE-2025-53770) under active exploitation! 🔓 Unauthenticated RCE via unsafe deserialization 🌍 85+ servers breached — gov, edu & enterprise targets 🧰 Attackers steal MachineKey to forge __VIEWSTATE payloads 🛡️ Mitigation steps: • Patch ASAP •

🚨 Critical #SharePoint zero-day (CVE-2025-53770) under active exploitation!
🔓 Unauthenticated RCE via unsafe deserialization
🌍 85+ servers breached — gov, edu &amp; enterprise targets
🧰 Attackers steal MachineKey to forge __VIEWSTATE payloads
🛡️ Mitigation steps:
• Patch ASAP
•
NCV (@nickvourd) 's Twitter Profile Photo

Hey everyone! Check out my Crowdcruit profile. I find it extremely useful, especially now that LinkedIn is starting to feel more like Facebook. crowdcruit.com/user/nickvourd

klez (@klezvirus) 's Twitter Profile Photo

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

sapir federovsky (@sapirxfed) 's Twitter Profile Photo

OK I know no one uses it, but if you ever wondered exactly how it works, and what dmsa have to do with that, I just posted SSSO small deep dive 🙂 sapirxfed.com/2025/07/23/i-j…

Shellter (@shellterproject) 's Twitter Profile Photo

🔥🔥🔥 Just one week until Shellter Elite v11.1 drops, bringing a new wave of enhancements. If you're after a loader that delivers unmatched reliability and stealth for beacon deployment against advanced EDRs—this is it. No hype, just results.

Clément Notin (@cnotin) 's Twitter Profile Photo

Microsoft is bringing MFA for Kerberos authentication to AD domain controllers 👀 It's cheeky though to ask customers to open TCP port 1337 on domain controllers 🏴‍☠️😅 learn.microsoft.com/en-us/entra/gl…

Justin Elze (@hackinglz) 's Twitter Profile Photo

This might be useful for enumerating the SaaS products companies use, but it was more of an exercise in seeing how many DNS patterns I could get public LLMs to generate. github.com/HackingLZ/saas…

NCV (@nickvourd) 's Twitter Profile Photo

Third-party vendors don’t follow the Principle of Least Privilege (PoLP). As long as this is true, attackers win!

Karl (@kfosaaen) 's Twitter Profile Photo

Building off of Cody Burkard's prior work, I put together a tool for automating the decryption of Entra ID application tokens from Azure App Services resources. Here's a blog that outlines the tooling: netspi.com/blog/technical…

SpecterOps (@specterops) 's Twitter Profile Photo

Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0