Attack Security

Useful to have in the toolkit.

Just noticed this change in the @MITREattack Enterprise Matrix V19. Defense Evasion has been split into the tactics Stealth and Defense Impairment. attack.mitre.org/resources/upda…

Gaining Initial Access and Outsmarting SmartScreen .zip email attachment that includes a VHDX (Hard Disk Image File) + Mark of the Web and SmartScreen bypass using Trusted Executable Reputation and DLL Sideloading github.com/g3tsyst3m/Code… #dfir #blueteam #redteam #pentesting #ThreatHunting

If you’re doing #cloud #security penetration testing and Azure is in scope, AZexec should already be in your toolkit! AZexec brings a NetExec-style workflow to Azure & Entra ID, finally giving cloud pentesters the same speed, clarity, and offensive ergonomics we’re used to on-prem. What makes it a must-have: - Unauthenticated & guest-based enumeration (yes, the Azure “null session” problem is very real) - Two-phase password spraying using Microsoft’s own APIs (stealthy, lockout-safe, MFA-aware) - Deep Entra ID & ARM reconnaissance: users, roles, apps, Key Vaults, storage, networks, VMs - Remote command execution across Azure VMs, Arc, MDE, and Intune - Credential extraction & token abuse tailored for cloud-native environments - NetExec-style output + reporting (CSV / JSON / HTML) for clean ops and clean reports If you know CrackMapExec / NetExec, AZexec will feel instantly familiar, just adapted for how Azure actually works. Cloud attacks deserve cloud-native tooling. 🔗 GitHub: github.com/Logisek/AZexec #CloudSecurity #Azure #EntraID #Pentesting #RedTeam #OffensiveSecurity #AzureAD #NetExec #AZexec #Logisek

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Impressive work from team at @burpsuite

3 words 👉 Reduce false positives. 😌 Burp AI can automatically audit broken access control vulnerabilities to reduce false positives.

24 million websites compromised. 🧵 PortSwigger's Director of Research, James Kettle (@albinowax), & AppSec expert John Hammond (@_JohnHammond) reveal the fatal flaws in HTTP/1.1 that attackers are abusing right now. #HTTP1MustDie

Need to keep under the radar:

RemoteMonologue is a new Windows technique that uses DCOM to coerce NTLM authentications, enabling remote credential harvesting and privilege escalation for attackers. #RemoteMonologue #CredentialHarvesting #WindowsSecurity #NTLM #Cybersecurity meterpreter.org/remotemonologu…

Active Scan++ just got sharper - we’ve added new checks for OS command injection, powered by our latest ASCII Control Characters research. Install via Extensions -> BApp Store

‼️ Evilginx Pro 4.1 - Google Safe Browsing evasion 🛡️ I've just uploaded a short demo video demonstrating how Evilginx Pro is able to evade Enhanced protection in Google Chrome browser. The update is coming soon! 🔗 youtube.com/watch?v=6AJ6dY…

Need another route to Active Directory? Check out SharpADWS, it has the ability to extract or modify Active Directory data without communicating directly with the LDAP server. github.com/wh0amitz/Sharp…

Building a custom Mimikatz binary by @ShitSecure s3cur3th1ssh1t.github.io/Building-a-cus…

Source details: #proof-of-concept-code" target="_blank" rel="nofollow noopener">birkep.github.io/posts/Windows-…

Need some cleartext password from TGT or NTLM hash? Always useful on internal penetration testing. Nice work @malcrove their blog post - malcrove.com/seamlesspass-l…

Always useful to have a few tricks like this #betterpentesting #attacksecurity

Great series on Linux privilege escalations tbhaxor.com/linux-privileg… Credits @tbhaxor #infosec #Linux

Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them

Saw some other folks realize its actually really easy to use certificates to authenticate as other users on windows if you have access to the API. #L69" target="_blank" rel="nofollow noopener">github.com/trustedsec/CS-… We're now releasing our previously internal make_token_cert bof to auth using only a .pfx file :)