Andrew Oliveau

🔥Introducing a new Red Team tool - SessionHop: github.com/3lp4tr0n/Sessi… SessionHop utilizes the IHxHelpPaneServer COM object to hijack specified user sessions. This session hijacking technique is an alternative to remote process injection or dumping LSASS. Kudos to @tiraniddo for first discovering this years ago. Blue Team tip: Look for unusual child processes spawning from HelpPane.exe

Here is a demo video of the NTLM Relaying Gemini Extension in action: youtube.com/watch?v=my2qFN…

Burp Suite MCP: github.com/armadin-public… NTLM Relaying Gemini Extension POC: github.com/armadin-public… BloodHound MCP: github.com/armadin-public…

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

This year's #RSAC conversation on the AI threat landscape is unavoidable. The challenge of speed and scale has every CISO wondering how to keep pace. Book time with us to learn what Armadin is doing to meet this challenge. 244167924.hs-sites-na2.com/meet-with-arma…

I’m genuinely excited for all the new things that people are discovering and releasing in the ML / Offensive security space. It feels like the early days of red teaming again 🤘

The Armadin team is heading to #RSAC2026 with red team briefings on AI-driven hyperattacks, an open Foundry space, and happy hours. See you in SF: armadin.com/blog-posts/con…

LLMs have changed the way offensive security practitioners reason about problems and build offensive capabilities. @evan_pena2003 and I wrote how our @ArmadinSecurity red team approaches this in the new age of LLMs ⬇️ armadin.com/blog-posts/thi…

I am so thrilled to be a part of this team!! 🎉

AI hasn't just changed cybersecurity, it's rewritten the rules. Attacks are faster, smarter, more relentless. Armadin has launched to meet this moment. Read more from @CNBC: cnbc.com/2026/03/10/kev…

Armadin launches today with the largest combined Seed + Series A in cybersecurity history. AI-driven hyperattacks are here and human-led defenses can't keep pace. Meet the ultimate attacker: a swarm of AI agents built to prove what's actually exploitable before it is.

Over the last 7 months I’ve been working with an incredible team at Armadin. We’re building the future of offensive security with agentic AI. AI will accelerate cyber attacks, we’re already seeing it. And security needs to become autonomous to keep up. Excited to finally be out of stealth. armadin.com

Exclusive: It took Anthropic’s most-advanced artificial intelligence model about 20 minutes to find its first Firefox browser bug during an internal test of its hacking prowess on.wsj.com/4rjrG2C

it’s raining bugs with Claude. seems like a fundamental shock to the ecosystem is about to occur

Not news. But welcome to your future.

LHE’s in the near future : - scope opens, hackers launch swarms - swarm does work - hackers update / tune skills - dupe fest, but also crit fest, - budget is blown on day 1 - no one hacks on site, - karaoke

I once said: AI is not going to take your job as a pentester or bugbounty hunter. I was wrong.

Hope to see you in Denver! V2 of SCCMHunter has some nice features including Kerberos support for the admin module now that Microsoft killed NTLM auth in the 2509 release

🚀Our tool keycred for KeyCredentialLinks and Shadow Credential attacks now works with updated domain controllers again! It turns out, Microsoft violated their own specs. Try it out: github.com/RedTeamPentest…

1. Called Amy from Marketing and kindly asked her to download and run my payload to ensure she mantains VPN access. The rest of the objectives were achieved undetected (MDE + CrowdStrike) 2. Called help desk and got their PRT via device code phishing. Got access to all their apps and completed objectives from there. Vishing is 💯 Just gotta get past that fear

Still think red teaming is easy? Tell me about your attack path from initial access to objectives without triggering a detection. No assumed breach scenarios. Phish or GTFO.

@skorov8 @unsigned_sh0rt @Defte_ Both

@AndrewOliveau @unsigned_sh0rt @Defte_ Was that with Channel Binding or without? Or both?

Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D