🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Windows Hello for Business – Past and Present Attacks, by @insinuator #TROOPERS25 insinuator.net/2025/06/window…

How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀

🌆 Good evening! We’ve officially completed the talk evaluation process and have started emailing selected speakers! 🎤 If you haven’t received an acceptance email yet, don’t worry! We’re still working through the notifications, and everyone will hear back very soon. 🙌 #BSides

"If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation [...]" Read more: blackhillsinfosec.com/abusing-s4u2se… Abusing S4U2Self for Active Directory Pivoting by: Hunter Wade Cross-Posted: 6/11/2025

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…

A while ago I published an article called "The Art of the Honeypot Account: Making the Unusual Look Normal". This covered some ideas around making a honeypot account look as normal as possible. We need to ensure that our honeypot account: * Is not a recently created account

🚨 Pre-Registration is LIVE for Cloud Village Labs! 🚨 Planning to hit up DEF CON 33? Lock in your seat for our hands-on lab sessions NOW! 🧪☁️ 🔗 forms.gle/pukvJvj5xoprwL… #CloudVillage #DEFCON33 #CloudSecurity #HackerSummerCamp #HandsOnSecurity

[BLOG] My thoughts (and code examples) for writing modular PIC C2 agents. rastamouse.me/modular-pic-c2…

UPDATE: You are vulnerable, no matter the version. No patch from MS as of now for the new CVE-2025-53770. Look for exploitation attempts and IOCs. Get them offline if possible until there is a solution. If you need to stay online stay on high alert and monitor closely. 1/2

🚨 Critical #SharePoint zero-day (CVE-2025-53770) under active exploitation! 🔓 Unauthenticated RCE via unsafe deserialization 🌍 85+ servers breached — gov, edu & enterprise targets 🧰 Attackers steal MachineKey to forge __VIEWSTATE payloads 🛡️ Mitigation steps: • Patch ASAP •

Hey everyone! Check out my Crowdcruit profile. I find it extremely useful, especially now that LinkedIn is starting to feel more like Facebook. crowdcruit.com/user/nickvourd

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

OK I know no one uses it, but if you ever wondered exactly how it works, and what dmsa have to do with that, I just posted SSSO small deep dive 🙂 sapirxfed.com/2025/07/23/i-j…

🔥🔥🔥 Just one week until Shellter Elite v11.1 drops, bringing a new wave of enhancements. If you're after a loader that delivers unmatched reliability and stealth for beacon deployment against advanced EDRs—this is it. No hype, just results.

Microsoft is bringing MFA for Kerberos authentication to AD domain controllers 👀 It's cheeky though to ask customers to open TCP port 1337 on domain controllers 🏴‍☠️😅 learn.microsoft.com/en-us/entra/gl…

This might be useful for enumerating the SaaS products companies use, but it was more of an exercise in seeing how many DNS patterns I could get public LLMs to generate. github.com/HackingLZ/saas…

Third-party vendors don’t follow the Principle of Least Privilege (PoLP). As long as this is true, attackers win!

Building off of Cody Burkard's prior work, I put together a tool for automating the decryption of Entra ID application tokens from Azure App Services resources. Here's a blog that outlines the tooling: netspi.com/blog/technical…

Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0