🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

A new version of pywerview has been released! The tool can now work against DC with Channel Binding and LDAP Signing. s/o @Cravaterouge.bsky.social github.com/the-useless-on… 🌻

s/o @Cravaterouge.bsky.social, ldap3 contributors, impacket team, SkelSec and Mayfly!

Good news dear LDAP hackers 🥳 Channel Binding and LDAP Signing PRs are now merged within ldap3 library github.com/cannatag/ldap3. You can use your favorite ldap3 scripts against hardened DCs. Thanks cannatag and @Cravaterouge.bsky.social! Shameless plug: offsec.almond.consulting/ldap-authentic… 🌻

New bloodyAD version out (github.com/CravateRouge/b…)! You can now use Windows credentials stored in memory and easily package it as a standalone (see github action example) Thanks to the amazing msldap library from SkelSec

github.com/ly4k/Certipy/p… 👀🥳

For those who needs to use certipy with cross domain authentication github.com/ly4k/Certipy/p…

Performing kerberos cross domain authentication with impacket is not straightforward! If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:

Having an AD with trusts you can reach? bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree

Hunting for user tokens with CS Beacon, by soka #redteam #maldev sokarepo.github.io/redteam/2024/0…

When implementing S/MIME on Exchange Online I realized some parts were poorly documented, so I wrote a little article about it. Have a good read! cravaterouge.com/articles/smime…

BitLocker enabled. Are you really protected? - @Cravaterouge.bsky.social cravaterouge.com/articles/tpm-s…

Summary of all credentials flavors for bloodyAD now: - Kerberos -> ccache,kirbi,keytab,pfx,pem (file, b64 or hex), aes/rc4 key, password(plain/b64/hex), win cache, win certstore - NTLM -> password (plain/b64/hex), nthash, win cache - TLS (Cert) -> PFX,P12 github.com/CravateRouge/b…

AD cross-domain dns dump in one click with new bloodyAD release bsky.app/profile/cravat…

Little gift to make you wait for Christmas 🎁 Learn how AD LDAP logging works, how to improve it or how to avoid it cravaterouge.com/articles/ldapa…

bloodyAD v2.1.8 is out with a new feature to resolve foreign SID when displaying security descriptors with "get object" or "get search" and a lifetime option on "add user" offered by Marc André Tanner to make them vanish magically once expired github.com/CravateRouge/b…

🎉 Happy Victory Day! 🎉 The latest update to bloodyAD makes the shadowcredentials attack even smarter: linkedin.com/feed/update/ur…

BadSuccessor in python with bloodyAD Have fun :D linkedin.com/feed/update/ur…

Exploiting BadSuccessor from A to Z with NT hash of impersonated accounts using bloodyAD v2.1.16 github.com/CravateRouge/b…

New article for those curious about what they can find in the AD Recycle Bin (Bonus: I updated bloodyAD so you can play on this😉) linkedin.com/feed/update/ur…

🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak accompagné de @Cravaterouge.bsky.social pour parler de son tool open source BloodyAD 👔 On aborde le sujet de l'opensource, la philosophie du tool avec un supplément badsuccessor ! 😄 Bonne écoute à toutes et à tous 🎶 creators.spotify.com/pod/profile/ha…