Weak passwords are a nightmare for corporate security. In his blog post, Felix Aeppli fxai shows how easy hashes can be cracked and what you can do to improve (without blaming the users). #passwords #cracking blog.compass-security.com/2022/07/why-yo…

I did the Corelan Consulting & Training Advanced Exploitation class at BruCON the last three days. Thanks ς๏гєɭคภς0๔3г ([email protected]) for the awesome teaching, my brain now needs a few days to recover!

The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D blog.orange.tw/2022/10/proxyr…

At the end of my talk Black Hat #Europe 2022, I'll release a completely refactored version of #Coercer. It will include lots of new features useful for pentesters and researchers. 🎉🥳 Star this repository github.com/p0dalirius/Coe… and/or follow me so you don't miss it!👌

At BlackAlps, our analyst Sylvain Heiniger Sylvain Heiniger presented a new attack path to AD CS. Read his blog post for details and tools updates. #adcs #esc11 #ntlmrelay #rpc #msrpc blog.compass-security.com/2022/11/relayi…

Si tu as aidé une dame à vélo aujourd'hui devant un tram à Genève, peut-être tu as perdu cet airpod qui est tombé par terre. #airpod #28.11.2022 #geneve #geneva pic.x.com/ewTvyrRI8C

Next week I will present a #talk at #BlackHat Europe 2022 on how to automate the search of RPC functions allowing to coerce authentications on #Windows. Alongside this talk, I'm publishing a brand new version of #Coercer! ➡️Check it out here: github.com/p0dalirius/Coe…

Found an vhdx/vmdk/vhd file in a network share? Volumiser from CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash: github.com/CCob/Volumiser Really easy and intuitive to use 👏

Recordings of #blackalps22 are available here: blackalps.ch/ba-22/talks.php

🆕More personal news here .. I want to share that the Impacket project is moving to Fortra's @CoreSecurity! It will now be part of their open source portfolio, and funded with a team of very talented security professionals. github.com/fortra/impacket #impacket

We did it again with #LocalPotato! A not-so-common NTLM reflection attack allowing for arbitrary read/write. Basically EoP from user to SYSTEM. Tracked as #CVE-2023-21746 - Windows NTLM EoP Soon more details --> localpotato.com cc Antonio Cocomazzi

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam

Collision – Compass Security was able to execute their stack overflow attack against the Synology BC500. However, the exploit they used was previously known. They still earn $3,750 and 0.75 Master of Pwn points. #Pwn2Own

You like device code phishing? You will like Felix Aeppli’s latest research even more. He shows how to backdoor Entra ID phished accounts by adding a new sign-in method. Details and PoC here: blog.compass-security.com/2024/01/device…

DCOM cross-session coercion + Kerberos = 💣 We took a closer look at the attacks discovered by Andrea Pierini and Dlive earlier this year and made a PoC in Python! Curious? Full blog post here: blog.compass-security.com/2024/09/three-… #potato #impacket

COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (Sylvain Heiniger) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM blog.compass-security.com/2024/10/com-cr…

You can also find me there: bsky.app/profile/splout…

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by Hugow to discover how to perform this attack: synacktiv.com/publications/r…

I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! deepinstinct.com/blog/forget-ps… github.com/deepinstinct/D…

Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!… blog.compass-security.com/2024/12/a-nift…