Aurélien Chalot

1.7K posts

Aurélien Chalot banner
Aurélien Chalot

Aurélien Chalot

@Defte_

Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥

The grid Katılım Kasım 2017
490 Takip Edilen4.4K Takipçiler
Sabitlenmiş Tweet
Aurélien Chalot
Aurélien Chalot@Defte_·
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
Aurélien Chalot tweet media
English
7
300
1.4K
71.9K
Aurélien Chalot
Aurélien Chalot@Defte_·
@Paul_Reviews @vonderleyen Yeah at some point infosec people just have to break every of their attempts. Show them the real world. From my side I'll start thinking about internet alternatives. Meish network's very promissing
English
2
1
9
521
Abdul Mhanni
Abdul Mhanni@abdo_mhanni·
@noraj_rawsec @Defte_ Depending on your target, you might be able to get petit potam ? But I believe that there’s a misconfig that needs to be there to allow for unauthenticated coercion
English
1
0
1
30
Aurélien Chalot
Aurélien Chalot@Defte_·
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8👀👀👀
Aurélien Chalot tweet media
English
4
45
261
43.3K
noraj
noraj@noraj_rawsec·
@Defte_ Do you have a trick for unauth coerce? Else blind detection of the AD CS enroll API is unfortunately useless.
English
2
0
0
91
Aurélien Chalot
Aurélien Chalot@Defte_·
@hellish_pn --query "(&(objectClass=computer)(servicePrincipalName=MSSQLSvc/*))" "servicePrincipalName"
English
0
0
1
47
Microsoft Security Response Center
Today, we're proud to recognize the Top 100 Microsoft 2026 Most Valuable Researchers (MVRs). Security researchers play a critical role in helping protect customers by identifying and reporting vulnerabilities across Microsoft products and services. We're grateful for their partnership and the impact they have made over the past year. Congratulations to this year's Top 10 MVRs: 🥇C46F3708A45EF0041BD0A49DDAEA0E25 🥈ShinHyuiq & Alan Pang 🥉cherrypick 4. Brad Schlintz (@nmdhkr) 5. wtm (@wtm_offensi) 6. Asaf Cohen (XBREACH.AI) 7. bccc95a61a3cc79d7b2c4423c808f744 8. Felix B. 9. 142a423e2574abf10d65eba46891ca5e 9. Anonymous This year, we updated the MVR leaderboard to rank researchers based on total bounty awards, creating a clearer connection between recognition and security impact. We also introduced Special Mentions to recognize researchers who submitted valid vulnerability reports during the recognition period, regardless of leaderboard ranking. See our blog for the complete list of the Top 100 MSRC 2026 Most Valuable Researchers and the top researchers by bounty program: microsoft.com/en-us/msrc/blo… Thank you to every researcher who partnered with us this year to help protect customers worldwide.
Microsoft Security Response Center tweet media
English
52
16
113
122.6K
jotter
jotter@jotter_jotter·
@Defte_ Thanks for the shoutout!
English
1
0
2
710
Aurélien Chalot
Aurélien Chalot@Defte_·
I have suspected the klist.exe could be used to dump local tickets but never had time to check that out correctly. This guy did and explains it very well! Only requires local admin rights, no system, to dump all TGT's on the computer jakeotte.com/posts/klist-re…
English
2
80
306
18.2K
Aurélien Chalot
Aurélien Chalot@Defte_·
@r0ck3t23 Starting thinking this guy is dumb as fuck or making his way throught stock exchanges to inflate anthropic's value
English
0
0
0
13
Dustin
Dustin@r0ck3t23·
Dario Amodei just dismantled the biggest myth in the AI industry. Open source AI isn’t free. It never was. Amodei: “It’s not free. You have to run it on inference and someone has to make it fast on inference.” For decades, open source meant something real. It meant a teenager in a basement could download the same tools as a Fortune 500 company. Could read the code. Could modify it. Could build something that competed with the giants. That was genuine democratization. That actually happened. AI is different. Fundamentally. Physically. In ways the ideology hasn’t caught up to yet. Downloading the weights is the easy part. The part that actually costs something is turning the weights into a running system. Into responses. Into intelligence operating in real time at scale. That requires compute. Power. Infrastructure. The kind measured in billions of dollars and years of construction. Amodei: “These are big models. They’re hard to do inference on. Ultimately you have to host it on the cloud. The people who host it on the cloud do inference.” The open source debate was never about who owns the model. It was always about who owns the cloud. And Amodei goes further. When a competitor drops a new open model, he doesn’t ask whether it’s open or closed. He doesn’t care about the licensing. He doesn’t engage the ideology. Amodei: “I don’t think it mattered that DeepSeek is open source. I think I ask, is it a good model? Is it better than us at the things that matter? That’s the only thing that I care about.” That’s the ruthless clarity of someone actually trying to win. While the media debates licensing frameworks, Amodei is asking one question. Is it better. Everything else is a distraction. Amodei: “I don’t think open source works the same way in AI that it has worked in other areas. Here we can’t see inside the model.” This isn’t Linux. You can’t read it. You can’t fork it. You can’t understand it the way generations of developers understood the tools they inherited. You can download it. And then you need a data center to run it. The teenager in the basement who was supposed to be empowered by this revolution needs a billion dollars of infrastructure before the empowerment starts. The era of the basement coder rewriting civilization on a laptop is over. The future belongs to whoever commands the compute, owns the power grid, and can actually turn the intelligence on. Open weights without infrastructure isn’t democratization. It’s a promise the physics of the universe won’t let us keep.
English
358
173
1.3K
686.4K
Aurélien Chalot
Aurélien Chalot@Defte_·
@MarcOverIP The world relies on protocols that are still insecure by design. No wonder why NTLM still is a thing. That's what happen when an entire system is built without prior security thoughts
English
0
0
1
220
Marc Smeets
Marc Smeets@MarcOverIP·
How the f can we still be having NTLM insecurities in the year 2026. Just how?! At this rate we will not be done with NTLM by 2033, mind you 40 years after its initial release.
Daily CyberSecurity@Daily_CyberSec

Researcher publicly disclosed an NTLM reflection bypass, CVE-2026-24294, with PoC exploit code. It gives SYSTEM on Windows Server 2025. Patch now. #NTLM #NTLMReflection #CVE202624294 #Windows #PrivEsc #Cybersecurity #Infosec securityonline.info/ntlm-reflectio…

English
2
14
94
11.1K
Aurélien Chalot
Aurélien Chalot@Defte_·
Great blogpost, worth a read. This is a mistake I made that was reported to me via the following NXC PR as well github.com/Pennyw0rth/Net… Sorry for the wrong information, I'll have to modify the blogpost about MSSQL and CBT to fix this. Thank you @abdo_mhanni for the deep dive :)
Abdul Mhanni@abdo_mhanni

Wrote a new blog about caveats with tools detecting(or mis detecting) relay exploit primitives against http(ESC8) and MSSQL endpoints. Kept noticing issues in tools reporting the absence or presence of vulns that I thought others may have noticed too abdulmhsblog.com/posts/pitfalls…

English
1
4
40
4.3K
Zeno
Zeno@fontanaen11·
@cryptozaurus2 @brivael Bien évidemment aha ça fonctionnera pas, l’idée est foireuse en soit, mais c’est pas tout le monde qui en est capable
Français
3
0
10
3K
Brivael Le Pogam
Brivael Le Pogam@brivael·
Vous êtes vraiment trop cons si vous pensez que des gamins de 16 ans ne vont pas contourner votre usine à gaz en 48 heures. Installer un VPN, acheter un VPN, utiliser un navigateur alternatif, passer par un proxy, emprunter un compte : c’est trivial. Vous allez juste créer un nouveau jeu : l’État contre des ados plus malins que ses bureaucrates. Et comme d’habitude, ils vont gagner.
Fox News@FoxNews

A UK student's reaction is going viral after Prime Minister Keir Starmer said Britain will ban children younger than 16 from using social media. During a BBC interview, the student revealed her screen time was nine hours over the weekend. When asked how she'd fill all that extra time without social media, she didn't hesitate: "Stare at a wall." The deadpan response is quickly becoming one of the most shared reactions to the UK's sweeping new restrictions on children's social media use.

Français
127
318
1.8K
55.4K
Aurélien Chalot retweetledi
Two Seven One Three
Two Seven One Three@TwoSevenOneT·
New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker
Two Seven One Three tweet mediaTwo Seven One Three tweet mediaTwo Seven One Three tweet media
English
24
180
759
116.1K
Aurélien Chalot retweetledi
Alex Neff
Alex Neff@al3x_n3ff·
SMB share enumeration via ACLs with NetExec🔥 NetExec now detects share permissions via ACL enumeration, instead of trying to write a file. In addition, we can now detect if a user has indirect access to the share, e.g. by having ACL write permissions! Made by @PytelJack🚀
Alex Neff tweet media
English
3
54
268
16.4K