Mayfly

Goad v3 merged into the main branch 🥳 Github : github.com/Orange-Cyberde… Doc : orange-cyberdefense.github.io/GOAD/

Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! hubs.la/Q047xTVc0

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

GraphSpy: A Hacker's Tooling Deep Dive, video demos with the creator @RedByte1337! 🤩 Keanu shows me the wild things you can do for post-exploitation in Entra ID -- even adding a physical security key for persistence and a ton of other tricks 🤯 Video: youtu.be/qEtoKC32UoE

@vladimircicovic you have to do that for python but this should already be done if you installed goad before, but you have to do that for ansible-galaxy too ! (cause some dependencies were added on ansible)

🔥🐉 New GOAD Lab: DRACARYS I’ve just released a new free lab environment on GOAD: DRACARYS. The challenge includes 3 VMs and the objective is simple: Start with no authentication and work your way up to Domain Admin. Have fun exploiting it! 🔥🐉 mayfly277.github.io/posts/Dracarys…

Link to the GOAD project : github.com/Orange-Cyberde…

🚨 YGG — C’est terminé. #YGGdown Les serveurs auraient été vidés, puis détruits. Dans un article publié sur yggleak.top/fr, Grolum détaille la compromission totale de l’infrastructure (code, bases, configs, logs), sur fond de crise autour du “Turbo Mode” et de la monétisation. YGGLeak affirme aussi que le catalogue de torrents aurait été préservé avec l’aide du projet U2P, et annonce : - un tracker temporaire : ygg[.]gratis - des “nouveaux trackers” et une migration via ygg[.]gratis

Stuck Without Coercion options? Why not just Coerce MDE? @Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66" target="_blank" rel="nofollow noopener">medium.com/@Sniffler/stuc…

Forgot to post it, but the recording of my Black Hat talk was released last week. If you're interested in all the hybrid AD attack surface you never knew about, give it a watch: youtu.be/rzfAutv6sB8?si…

@SpecterOps @rbnroot Nice! I already built a similar tool, but CLI-only and with fewer options. Great work, very usefull in red team - thank you! 👏

Every Entra ID assessment ends here: “How do I get a token without triggering Conditional Access controls?” 🤔 @rbnroot built CAPSlock, an offline ROADrecon-based Conditional Access engine that simulates sign-ins & flags gaps without touching the tenant. ghst.ly/4aKIk64

🥳 ProxyBlob V2 is now available 🎉 As promised, here is the new version of ProxyBlob, boosted with aznet. Az-what 🤔? This version introduces a new Go module called aznet that allows you to use Azure storage services (not just blobs 😏) as a direct replacement for net.Conn! 🏎️github.com/Atsika/aznet 🌐github.com/quarkslab/prox… Complete documentation is available in the aznet repo to understand how it works 📚

@Defte_ Update: Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements: github.com/fortra/impacke… Now Shadow Creds are working again 😀

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using-ntl…

@mariuszbit Congratulations, Marius! Great hire by Outflank—I’m sure you’re going to absolutely rock it there. They’re lucky to have you!

☢️ 2026 started with a bang! The project I've been building for the last three years - an Initial Access framework letting us weaponize 100+ file formats - is joining Outflank's OST & I'm joining too!😍 🔥 Same mission, now with joint R&D to ship even more high-quality RT tools!

🚨 RCE in #Livewire (CVE-2025-54068)! Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing. 🔗 Patch now! (v3.6.4+) synacktiv.com/en/publication…

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool. sensepost.com/blog/2025/pwni… sensepost.com/blog/2025/pipe…

🚀 Introducing MoxPack: A template builder for Proxmox using Packer. Generate Windows & Linux VM templates with cloud-init support and sysprep. Ideal for lab automation and infra-as-code. github.com/Orange-Cyberde…

Thrilled to share that the Star Wars NetExec lab I made for @_leHACK_ was fully automated by @LadhaAleem on Ludus/VWmare/VirtualBox🔥 Awesome lab with 2AD (rebels&empire), certificats, MSSQL trust, pre2k, and ofc gMSA 👾 Can you find the spy ? GitHub ➡️ github.com/Pennyw0rth/Net…

I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…