Chereese Creel

@Tw1sm and I did some Extended Protection for Authentication (EPA) research to enumerate when this protection will prevent your NTLM relay attacks, across multiple protocols. We are also releasing RelayInformer - python and BOF implementations of these techniques. 🔗🧵

Nothing new, but formalized some operator notes on Entra ID/Azure tradecraft I've found to be exceptionally useful on ops. Overlooked this myself for quite some time and thought others in the same boat might find it worth a read! 📖 medium.com/specter-ops-po…

Worked through the CloudBreach Breaching AWS course and exam over the last two weeks. Didn't see a ton of info out there on it prior to buying the course so wrote a small review with my thoughts blog.tw1sm.io/p/breaching-aw…

New blog up to cover manual AD CS enumeration using ldapsearch and the new release of bofhound 🔍 posts.specterops.io/bofhound-ad-cs…

Finally got around to bringing SQLRecon’s SCCM commands over to PySQLRecon. Threw together a brief post with the new update, demonstrating usage with ntlmrelayx for TAKEOVER-1 tw1sm.substack.com/p/takeover-1-w… github.com/Tw1sm/PySQLRec…

SHADOW CREDENTIALS: WORKSTATION TAKEOVER EDITION - Matthew Creel fortalicesolutions.com/posts/shadow-c…

Happiest of birthdays to my best friend, the best husband, dog dad, and to the most amazing person I know!

Been working to improve my BOF/C dev skills, created some BOFs mimicking SQLRecon modules as a fun learning exercise github.com/Tw1sm/SQL-BOF

If your a Red Teamer and not looking for this👇your missing out! Got Domain Admin in 3 out of my last 4 engagements using this attack 🔥 AD Tip: Enforce LDAP Signing and Channel Binding to stay protected.

Took a while, but finally added the ability for BOFHound to parse session data and local group membership data from SA BOFs - details including usage examples in this post posts.specterops.io/bofhound-sessi…

@jadasimone_x14 You are killing it you hot mama!!!

@jadasimone_x14 Nooo it’s okay!!!! It’s all about balance!!!! Make sure you’re getting the food your body needs, but also the food it wants! Otherwise you’ll never be able to stick with it!!

New post 👇taking a look at compromising Slack access on both Windows and macOS. New BOF included! posts.specterops.io/abusing-slack-…

@coffeegist @NinjaParanoid I am CACKLING at the love island reference 😂

@NinjaParanoid Dude not the c2 wars again, you both caused enough drama last time to last a life time. If the infosec community wants that much drama they can watch love island

Looks like someone woke up and decided to copy several features of Brute Ratel 🤣. Well, I guess 'copying' is the sincerest form of flattery.😝

One of the best password sprayers: spraycharles - Target EWS & NTLM over HTTP endpoints with ease - Smart delay periods to avoid account lockouts - Detects valid logins via response analysis - Bypass IP-based controls with proxy support Try it 👇 github.com/Tw1sm/spraycha…

@rez0__ @Tw1sm

Which hacker do you look up to most?

@seclilc You a strong azzzzz bishhhh!!!!!

I did 3x8 decline pushups this morning. And they felt strong!! 😮 never did I think I could do that

Been playing with SQLRecon by @sanjivkawa to learn more about attacking SQL server - awesome tool in an area I haven’t scrutinized enough on tests for creds/lateral movement Created a Python port, PySQLRecon, while labbing out the attack scenarios ⏩ github.com/Tw1sm/PySQLRec…

@MalwareMurph Congrats DMurph!!!

Do you remember when you joined X? I do! #MyXAnniversary

@dopaminefi3nd_ @DavidAlvesWeb Desk is amazing!!! Uplift (worth the price) - treadmill is just 2 and 1 superfit walking pad on Amazon! I’ve had it for over a year now and haven’t had any issues!!

Show me your setup, I’ll rate it 🥇👀 Here’s mine! #setup #setupwars