onemask

@bernsteining @andremoulu @CellebriteLabs oooh ya des mains folles qui se perdent la

@0nemask @andremoulu @CellebriteLabs t'es même pas à paname tricheur suppr ton comm stp

Nous avons quelques tickets pour #hexacon2024 à offrir, car certains collègues de @CellebriteLabs ne peuvent venir. Pour participer, il suffit de répondre à ce tweet, et nous sélectionnerons les gagnants demain (3 octobre) en début d'après-midi !

Let's go!! I hope y'all like this initiative, made to share the experience of conferences and CTFs with everyone. Big thanks to @plopz0r @_dirkjan @DrineTorrents @MiaLandsem @rayanlecat for the interviews ❤️ youtube.com/watch?v=_IrZcS…

@_nwodtuhs I'm really wondering when do you find the time to sleep.. :D

Updated the DACL abuse mindmap. New dark theme, used BloodHound's iconography, added the ACE inheritance path for Containers and Organizational Unit. 🧑‍🍳 The Hacker Recipes thehacker.recipes/ad/movement/da…

✨ Introducing `plz`, an AI-powered command generator. Kinda like copilot, but for your terminal. It's ideal for all those weird unix commands that take dozens of flags, and you never know which ones to use (like ffmpeg). (takes one command to setup 👇) github.com/m1guelpf/plz-c…

I'm happy to share with you that the Impacket project has found a new home at @fortraofficial's @CoreSecurity! I'll continue to be part of this awesome project working with the new team. Really excited to see where this new chapter takes us! 🚀🌕 github.com/fortra/impacket

Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious! securityintelligence.com/posts/critical…

Playing with a smart ChatBot (chatGPT) - how can it help hackers:

I am speechless. Telling ChatGPT to act like a Linux machine. I just tested this. It works. engraved.blog/building-a-vir…

Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap github.com/ThePorgs/impac…

@alonso_Isidoro @mxrchreborn "The API token requires the "repo" and "delete_repo" scopes."

@mxrchreborn What github scopes do the app needs? [-] Token does not have sufficient scopes. (current scopes : project, read:discussion, read:enterprise, read:gpg_key, read:org, read:packages, read:public_key, read:repo_hook, read:ssh_signing_key and user)

Releasing my new tool, GitFive ! Track down GitHub users by doing advanced investigation (usernames history, names variations, and more). #OSINT #GitHub github.com/mxrch/gitfive

@vysecurity @cerbersec no, if you set the challenge to 1122334455667788, then your ntlmv1 is gonna be cracked almost instantly on crack.sh. They have rainbow tables and will send you the NT hash of the DC. With that you can DCSync :)

@cerbersec like 4 days even if I use 8*3090

Got DC auth coerce going, what do I relay it to?

@nikhil_mitt @BlWasp_ @0x_saudi if your training take-away is only command lines, then it is not much of a training and you could have release them yourself publicly. And let's not forget that the end goal is making environment more secure which is what @BlWasp_ is doing by spreading knowledge.

@0nemask @BlWasp_ @0x_saudi For plagiarizing my training material

If you copy my Azure course slides in a "cheatsheet", at least make the effort to scrub off domain names, object IDs and correct the typos 😒

@nikhil_mitt @BlWasp_ @0x_saudi So, your're calling him out publicly for sharing knowledge and command lines to help people have a better insight in pentesting Windows environment and also help blue team securing their networks ? Dick move.

@BlWasp_ @0x_saudi I never wanted to publicly rebut you but if you continue to peddle lies that 'I built it from multiple resources' I am going to point that out! The Azure "cheatsheet" was an exact replica of the course slides. Word by word!

@Agarri_FR did anyone tried {{7*7}} or another ssti payload ? that could be fun

I also confirm... 😈

@Zer1t0 Awesome work, congrats on getting it out :)

I've just published a guide about how attack Active Directory, putting in there what I think a pentester should know (attacks/protocols/etc) about AD. I hope you find it useful zer1t0.gitlab.io/posts/attackin…

New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. blog.google/threat-analysi… Stay safe out there everyone!

Proud to be nominated for the community vote for the top 10 web #Hacking techniques 2020 by @PortSwiggerRes ! Cast your votes here : portswigger.net/polls/top-10-w…

@0xFalconSpy bash scripting

Hey #infosec community! What's a super underrated tool you use for pentests that you think should get more visibility?