Mayfly

Goad v3 merged into the main branch 🥳 Github : github.com/Orange-Cyberde… Doc : orange-cyberdefense.github.io/GOAD/

@M4yFly Successfully Found my way up to Domain Admin I made a walkthrough on how i did that here bl4ckarch.github.io/posts/GOAD-DRA… Feel free to come and discuss about it 😉

@bl4ckarch Very nice ! GG 🔥

🔥🐉 New GOAD Lab: DRACARYS I’ve just released a new free lab environment on GOAD: DRACARYS. The challenge includes 3 VMs and the objective is simple: Start with no authentication and work your way up to Domain Admin. Have fun exploiting it! 🔥🐉 mayfly277.github.io/posts/Dracarys…

@Octoberfest73 I remember you once posted a quirk of impacket that could be used as an ioc so I thought you’d like this list of 50+ impacket IOCs😄 github.com/ThatTotallyRea…

@bl4ckarch Yes sure ! GG 👍

@M4yFly Successfully found my way to DA, are we authorized to publish a walkthrough?

This second blogpost concludes @yaumn_'s research on #Windows authentication reflection. He discloses the new Kerberos authentication coercion technique he discovered to remotely compromise Windows systems 💥 A little bonus is even included at the end 👀👇 synacktiv.com/en/publication…

Authentication reflection attacks are still not dead! In our new blogpost series, @yaumn_ shares his journey into bypassing the mitigations of CVE-2025-33073 to pop SYSTEM shells again🚀 👇 synacktiv.com/en/publication…

If you want to contribute to Hacker Recipes: github.com/The-Hacker-Rec… Guide for authors: thehacker.recipes/contributing/w…

@sekurlsa_pw The site needs more authors, anyone has interesting techniques to share —> PR plzzzzzz 🙏

Just shipped GraphSpy v1.7.0 ✨ Mostly under-the-hood work this time with major refactoring to speed up future development ⚙️ Huge shoutout to n3rada for leading the effort! More exciting features coming soon 🚀 github.com/RedByte1337/Gr…

@theart42 Sure, come on discord discord.gg/gMuxqbEdz

@M4yFly Is there a way to get a hint for Dracarys?

Publicly disclosing the bluehammer exploit, at the time of writing this, this vulnerability is still unpatched. Full PoC source can be found here - deadeclipse666.blogspot.com/2026/04/public…

Thanks to Azox, it is now possible to use psexecsvc (github.com/sensepost/susi…) through a socks proxy like ntlmrelayx allowing executing system commands via a trusted service, as NT System, and evading EDR's. Also thanks to @HackAndDo for his fixes :D

If #RBCD has been thoroughly documented, only a few resources mention the workflow in cross-domain environment. In our new blogpost, we dive into the cross-domain and cross-forest RBCD workflows. Read it here 👇 synacktiv.com/en/publication…

Two bugs. One chain. Full RCE. New research by Aleksandr Zhurnakov on Dell Wyse Management Suite shows how business logic flaws can be chained into complete system compromise. Read the full writeup! swarm.ptsecurity.com/business-logic…

Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! hubs.la/Q047xTVc0

🏟️ Ludus launched 2 years ago and the community embraced and extended it with write-ups, roles, configs, and environments. We're excited to see what you build with Ludus 2! (1/4)

GraphSpy: A Hacker's Tooling Deep Dive, video demos with the creator @RedByte1337! 🤩 Keanu shows me the wild things you can do for post-exploitation in Entra ID -- even adding a physical security key for persistence and a ton of other tricks 🤯 Video: youtu.be/qEtoKC32UoE

@vladimircicovic you have to do that for python but this should already be done if you installed goad before, but you have to do that for ansible-galaxy too ! (cause some dependencies were added on ansible)

@M4yFly Inside of text you have: ansible-galaxy install -r requirements_311.yml ansible-galaxy install -r Convert to pip install -r requirements_311.yml #python>=3.11 pip install -r requirements.yml #python<=3.10 @M4yFly

Link to the GOAD project : github.com/Orange-Cyberde…