OrdinalExport

A new module has been merged into NetExec: change-password🔥 Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by @kriyosthearcane, @mehmetcanterman and me

@DotNetRussell @bettersafetynet @UK_Daniel_Card @chenb0x @x25princess @Bandrel @DoingFedTime Awe, that was very kind of you! Great group of people!

Are you looking for kindhearted easy to approach for advice people in the infosec community? My experience has been that @bettersafetynet, @UK_Daniel_Card, @chenb0x, @x25princess, @Ben0xA @Bandrel and @DoingFedTime are all excellent resources I've spoken and learned from each of them over the years. They're excellent sources of info in their respective areas of expertise. Don't let the toxic folks scare you away from this field

@HackingDave Now you need a sign that says Future. Put it behind you. When someone asks why you can say so you can go back to the future!

@HackingDave “Back” to the future?

Love where my back is going #wehackhealth

Phishing Pretext: An obvious spam email with a header that has a message “<Organization> has flagged this message as a phishing email. Click <button link>Report</link> to submit this to the Security Operations Team”

thecvefoundation.org "In response, a coalition of longtime, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation." They've been planning for the past year.

MITRE announced on April 15 that their CVE contract ends on April 16. That timing alone raises some questions. The language in the message feels very deliberate: “We’re committed,” “considerable efforts,” “if a break were to occur” – while they know a break will happen the next day. That’s not just unfortunate timing. It looks like controlled messaging, maybe even a pressure move. CVE isn’t some massive budget item. It’s a lightweight system with probably a small core team and some automation. I’d guess a handful of full-time staff, not dozens. So cutting this - of all things - doesn’t really look like cost-saving. If the goal was to send a message about funding or contract uncertainty, they picked the most visible and disruptive program. And it worked – everyone’s paying attention. It’s worth noting that MITRE owns the CVE and CWE trademarks. Even if someone else takes over, they’ll still be operating within MITRE’s legal boundaries. All in all, this looks less like a necessary budget cut and more like a strategic decision to generate visibility and urgency. Hard to read it any other way.

@Ben0xA @TrustedSec

@DotNetRussell @TrustedSec I really have no clue. I do have 3 grey hairs now though!! I'm a big kid now.

@Ben0xA @TrustedSec Still looking young as ever man!! You must share your secret some day My guess is all natural American beef tallow 😂

@Bandrel Empty?

@Ben0xA I've discovered shot glasses are OP for making the hole.

@Ben0xA always think about you when making breakfast.

Here's your free red team tradecraft for today gist.github.com/ConsciousHacke…

CF-Hero: discover the real IP addresses of web applications protected by Cloudflare meterpreter.org/cf-hero-discov…

Improved bypass for Windows 11 OOBE: 1. Shift-F10 2. start ms-cxh:localonly Only required on Home and Pro editions.

@TonikJDK Yup! All it does

@Ben0xA Ohoh, that is just what the script does! We are golden. Thanks man!

We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account. blogs.windows.com/windows-inside…

@TonikJDK reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f

@TonikJDK Time to backup bypassnro.cmd

The NXCDB of NetExec finally supports the LDAP protocol as well🎉 Long overdue and now finally implemented by @lapinousexy

@Oddvarmoe @_RastaMouse @HackingLZ 😅 ... 😒

@Ben0xA @_RastaMouse @HackingLZ

lol this is how you do demo's @Oddvarmoe @HackingLZ