Keanu Nys

107 posts

Keanu Nys

@RedByte1337

Offensive Security Lead @ Spotit. Creator of GraphSpy

Belgium Beigetreten Ağustos 2014

78 Folgt1.1K Follower

Angehefteter Tweet

Keanu Nys@RedByte1337·5 Nis

🚀I'm finally releasing GraphSpy to the public!🕵️ A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments! github.com/RedByte1337/Gr…

English

136

378

34.7K

Keanu Nys@RedByte1337·13 Mar

@CroodSolutions @_JohnHammond Thanks for sharing Mike!

English

Mike Manrod@CroodSolutions·13 Mar

IMHO, this is a must-watch video, showcasing why defending against account takeover is such a struggle. Outstanding episode by @_JohnHammond and @RedByte1337 - great research Keanu!! At the minimum, all red, SOC teams, and detection engineers, IMHO, should watch this.

John Hammond@_JohnHammond

GraphSpy: A Hacker's Tooling Deep Dive, video demos with the creator @RedByte1337! 🤩 Keanu shows me the wild things you can do for post-exploitation in Entra ID -- even adding a physical security key for persistence and a ton of other tricks 🤯 Video: youtu.be/qEtoKC32UoE

English

4.6K

Keanu Nys@RedByte1337·11 Mar

I recently sat down with @_JohnHammond to record a video about GraphSpy! 😁 We went over the most powerful features GraphSpy has to offer, and even showcased some of the new features that were added lately. This video is now live on his YouTube channel, so go check it out! 😉

John Hammond@_JohnHammond

English

8.8K

Keanu Nys@RedByte1337·24 Şub

@darthBoom @mrgretzky @ThinkstCanary I am very sorry 🫣

English

💥@darthBoom·24 Şub

@mrgretzky @ThinkstCanary Came as a surprise to me. Did some digging and found what might have been the cause of the change from Microsoft. Haven't found anything official tho... youtube.com/watch?v=z6GJqr…

YouTube

English

572

Kuba Gretzky@mrgretzky·24 Şub

What? How am I going to set up a @ThinkstCanary CSS Canarytoken to protect my tenant from those pesky Evilginx phishing attacks, now? 😐

English

6.2K

Keanu Nys@RedByte1337·31 Oca

Maximum 16-character password "for security reasons". 🤔 And what I find more surprising is the fact that the "<" character is not permitted either... Is this some poor attempt at preventing XSS? That would mean the password is displayed in cleartext somewhere on a web page...🤨

English

342

Keanu Nys@RedByte1337·30 Oca

I will be teaching the advanced version of the Attacking & Defending Azure Cloud bootcamp once again in February with @AlteredSecurity! Live, hands-on Azure red team training with realistic labs to sharpen both your Offensive and Defensive skills! 🔥 🔗 alteredsecurity.com/carte-bootcamp

English

574

Keanu Nys@RedByte1337·17 Oca

@mrgretzky Haha, thanks Kuba. Small stuff compared to what you achieved with Evilginx ofc 😜

English

144

Kuba Gretzky@mrgretzky·17 Oca

@RedByte1337 Well done, Keanu! To the moon! 😀👍

English

466

Keanu Nys@RedByte1337·17 Oca

GraphSpy just hit 1000 ⭐ on GitHub! What started as a personal side project is now used by pentesters around the world. Never imagined this as my first project, especially not in under 2 years. 🤯 I silently pushed v1.6 right before the holidays with powerful new features 😉

English

2.7K

Keanu Nys@RedByte1337·17 Oca

@mrd0x Thank you! 🙂

English

138

mr.d0x@mrd0x·17 Oca

@RedByte1337 Awesome job 👏

English

976

Keanu Nys@RedByte1337·17 Oca

@ZephrFish Thanks Andy! 😁

English

Andy Gill@ZephrFish·17 Oca

@RedByte1337 Great work dude

English

243

Keanu Nys@RedByte1337·17 Oca

Check out the new features under the Release Notes section: 🔗github.com/RedByte1337/Gr…

English

1.1K

Keanu Nys@RedByte1337·28 Kas

Wow, this almost passed by without me noticing👀 This is not how I envisioned GraphSpy to be covered in a @_JohnHammond video, but then again, it was only a matter of time before malicious actors used it. You just hope it is used for more good than bad when creating these tools.

John Hammond@_JohnHammond

Uncovered screen recordings from threat actors! 👀 Real footage of cybercriminals using anti-detect browsers and infostealer malware logs for session hijacking, and another using GraphSpy to read their Entra ID victim's emails in Outlook! 💀 Video: youtu.be/vX7JcpRqbEk

English

1.6K

Keanu Nys@RedByte1337·2 Kas

@_dirkjan @Thomasbyrne__ For now 😉 I hope for a bit longer, but we'll see. In theory, the October deadline has lapsed, so I guess you did indeed win from that perspective 😅

English

151

Dirk-jan@_dirkjan·2 Kas

@RedByte1337 @Thomasbyrne__ Still works for some at least 😅

English

199

Dirk-jan@_dirkjan·30 Eki

It appears the end is near(er) for the Azure AD Graph API with usage of the API now being blocked in one of my tenants with the AAD PowerShell module client ID. Found this out when trying to demo roadrecon 😬. Time to prioritize merging the MS Graph PR from @Thomasbyrne__

English

135

13.8K

Keanu Nys@RedByte1337·2 Kas

@_dirkjan @Thomasbyrne__ Whether the AAD Graph API would continue to work after the final deadline of October 2025 😅 Your guess was that it would still work for first-party client IDs. 🙈

English

149

Dirk-jan@_dirkjan·2 Kas

@RedByte1337 @Thomasbyrne__ I don't remember what we bet on but I hope I'm winning! 😂

English

274

Keanu Nys@RedByte1337·27 Eki

@JackRhysider I am biased, but this one seems nice 😜 youtu.be/z6GJqrkL0S0?si…

YouTube

English

486

Jack Rhysider 🏴‍☠️@JackRhysider·27 Eki

DefCon published the videos from this years talks on YouTube two weeks ago. Which ones should I watch?

English

391

46.9K

Keanu Nys@RedByte1337·20 Eyl

@_dirkjan It should have been 10.0 from the start. "Attack Complexity=High" did really not make any sense!

English

165

Dirk-jan@_dirkjan·19 Eyl

The CVSS score for the CVE has been adjusted to a 10.0 it appears 👀 msrc.microsoft.com/update-guide/v…

Dirk-jan@_dirkjan

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

English

825

66.6K

Keanu Nys@RedByte1337·29 Ağu

@dmcxblue @Cyb3rMonk You can watch it here if you are interested: youtu.be/z6GJqrkL0S0?si…

YouTube

English

158

David@dmcxblue·29 Ağu

@Cyb3rMonk Which DEFCON talk?

English

238

Mehmet Ergene 🔸@Cyb3rMonk·29 Ağu

Did Microsoft just disable custom font-face in company branding CSS after the DEFCON talk?👀 @RedByte1337 I don't have an older CSS template to compare.

English

6.4K

Keanu Nys@RedByte1337·29 Ağu

@Cyb3rMonk Yes, I had a call with Microsoft yesterday. They have indeed taken quite drastic measures here and decided to remove font-face from their CSS whitelist. This means that no one will be able to use custom fonts anymore on their login page from now on!

Mehmet Ergene 🔸@Cyb3rMonk

Did Microsoft just disable custom font-face in company branding CSS after the DEFCON talk?👀 @RedByte1337 I don't have an older CSS template to compare.

English

4.1K

Keanu Nys@RedByte1337·26 Ağu

@rnmx123 Thanks for sharing @rnmx123!

English

Jan Kopecky@rnmx123·26 Ağu

Do you take a good care of your captured tokens? github.com/RedByte1337/Gr… by @RedByte1337 can help! 😎

English

212

Keanu Nys@RedByte1337·22 Ağu

@TEMP43487580 Nice findings! Don't let the responses from MSRC discourage you, this is very interesting stuff!

English

1.5K

%TEMP%@TEMP43487580·22 Ağu

I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had playing around with Intune during that time. It's about enrollment restriction bypass😄 temp43487580.github.io/intune/bypass-…

English

245

48.6K

Entdecken

@CroodSolutions @_JohnHammond @darthBoom @mrgretzky @ThinkstCanary @AlteredSecurity @mrd0x @ZephrFish