Justin Perdok

A sitcom that follows a group of friends, the up's and down's in the Russian ransomware cyber crime ecosystem, and their ultimate pursuit of love

Van Eck phreaking... It ACTUALLY works?!?!

📁 May we direct your attention to Advanced Active Directory #Exploitation? In his #training, John Iatridis from @sensepost_train will take you on a journey into an immersive, real-world simulated and isolated #ActiveDirectory enterprise network. 🎟️ ringzer0.training/trainings/adva…

They shared some good stuff. Learned a couple of new tricks!

The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by @Defte_ sensepost.com/blog/2023/prot…

Mfw you get into a VPN, have access to a ton of VHDX's including DC's with a lowpriv user, but the damn the VPN is limited to a max of 355KB/s.

Cyberattacks increased by 13% last year. Cybersecurity is a serious matter, you’d better call serious experts. ow.ly/l65L50JPfwK #SaferDigitalSociety

When the guy from IT has to come up and talk with accounting.

We in ZA have nine positions open right now; pentesters, presales, IT, sales, sales admin. We're a great place to work (you can even ask people who left us), customers like us (85 NPS), we do fun work. DM me if you want to chat about a role. Full list at jobs.za.orangecyberdefense.com/jobs

Everyone likes a good hacking story right? I have just the thing for you. Let me tell you about that time I ‘accidentally’ hacked a four-story display next to one of the biggest highways in the Netherlands 👀 🧵

Words cannot explain the excitement I felt when watching this 🥳 Can't wait to find new ways to torment Murray. #ReturnToMonkeyIsland youtu.be/sahskKAxSCY

@byt3bl33d3r 🪴🪴🪴🪴

🥬🥬🥬🥬

@felmoltor Yeh that dude is gonna sell you some of his fine leather jackets.

@cnotin @cyb3rops But personally if I would run this in prod,and want realtime results, I'd probably rebuild those poc's into something more sophisticated.

@cnotin @cyb3rops Thanks😁 no the poc's are designed to run on-demand since it's just intended as a showcase how you could monitor this by collecting known good configs. But there is nothing keeping you from setting up a scheduled task/while loop or w.e. with these scripts.

💡 Are you monitoring Active Directory #DCSync attacks using event ID 4662? 👆 Don't forget to ensure that the required SACL on domain root is enabled! It is, by default, but an attacker with privileges high enough for DCSync could also remove it... 🤔

@cnotin @cyb3rops You should be able to monitor this if you collect 'known good' sddls configurations and compare recent changes/current configs to them. Here's a very basic poc I build some time ago when I played around with monitoring ace changes. github.com/justin-p/Monit…

@cyb3rops For example, an AD monitoring solution is able to fetch and analyze changes in the nTSecurityDescriptor

Took a while, but it's finally here😁 3226/7000

[thread 🧵] lets all welcome the new kid in town 😈 ✨ Kerberos sAMAccountName spoofing ✨ from regular user to domain admin, because Microsoft didn't care enough about it's $$$ thehacker.recipes/ad/movement/ke…

Love the 'hidden' dickbutt over there.