Mayfly

596 posts

Mayfly banner
Mayfly

Mayfly

@M4yFly

Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly

Katılım Kasım 2017
790 Takip Edilen7.4K Takipçiler
Mayfly retweetledi
Keanu Nys
Keanu Nys@RedByte1337·
Just open-sourced CredSpy Couldn't find any tools that allowed unauthenticated enumeration of auth methods for @Microsoft accounts, so I created it. Shows whether target accounts use Passkeys, certificate auth, passwordless push, etc... Find it here: github.com/RedByte1337/Cr…
Keanu Nys tweet media
English
1
88
299
19K
Mayfly retweetledi
Alex Neff
Alex Neff@al3x_n3ff·
Onelogon: Taking over Active Directory Accounts via Netlogon🔑 We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵
Alex Neff tweet mediaAlex Neff tweet media
English
9
193
690
78.6K
Mayfly retweetledi
Print3M
Print3M@Print3M_·
I’m sharing my slides from @x33fcon 2026. Inside ~15 examples of abusing traitorware to execute your payload via trusted & signed binaries (e.g. VLC Player, SublimeText) and how to find more of them. Recording will be published soon. github.com/Print3M/MyTalk…
Print3M tweet media
English
2
66
190
18.8K
Mayfly retweetledi
Bad Sector Labs
Bad Sector Labs@badsectorlabs·
Ludus Feature Friday! The new 2.2.0 release brings "sources" which allow you to easily add blueprints, templates, and roles to your Ludus host. We even converted @M4yFly GOAD to a fully Ludus-native blueprint! Check out the full change log and video here: ludus.cloud/changelog/2.2.0
English
1
7
44
2.5K
Mayfly retweetledi
SpecterOps
SpecterOps@SpecterOps·
MSSQL has always been a favorite target. Now it ships its own egress channel. @gershsec's latest research breaks down how SQL Server 2025's native AI features enable exfil, NTLM coercion, and C2 transport, all functioning as intended. Read more 👇 ghst.ly/4e2L3JX
English
0
65
225
17K
Mayfly retweetledi
Orange Cyberdefense France
Orange Cyberdefense France@OrangeCyberFR·
🎙 Retrouvez ce vendredi à Bordeaux nos speakers à l'événement @Sthack 🔸 @0x3lk : "Runtime blindspot : Abusing .NET Runtime Internals to Evade EDRs " 🔸 @M4yFly : Red Team : "20 missions plus tard : Autopsie de quatre années de mutation offensive" 👉 ow.ly/Zp1Y50Z4XkJ
Orange Cyberdefense France tweet media
Français
0
3
9
1.9K
Mayfly
Mayfly@M4yFly·
🔥🐉 New GOAD Lab: DRACARYS I’ve just released a new free lab environment on GOAD: DRACARYS. The challenge includes 3 VMs and the objective is simple: Start with no authentication and work your way up to Domain Admin. Have fun exploiting it! 🔥🐉 mayfly277.github.io/posts/Dracarys…
English
12
98
298
17.8K
bl4ck4rch
bl4ck4rch@bl4ckarch·
@M4yFly Successfully found my way to DA, are we authorized to publish a walkthrough?
English
1
0
0
33
Mayfly retweetledi
Synacktiv
Synacktiv@Synacktiv·
This second blogpost concludes @yaumn_'s research on #Windows authentication reflection. He discloses the new Kerberos authentication coercion technique he discovered to remotely compromise Windows systems 💥 A little bonus is even included at the end 👀👇 synacktiv.com/en/publication…
English
2
56
125
12K
Mayfly retweetledi
Synacktiv
Synacktiv@Synacktiv·
Authentication reflection attacks are still not dead! In our new blogpost series, @yaumn_ shares his journey into bypassing the mitigations of CVE-2025-33073 to pop SYSTEM shells again🚀 👇 synacktiv.com/en/publication…
English
2
55
155
15.9K
Mayfly retweetledi
Keanu Nys
Keanu Nys@RedByte1337·
Just shipped GraphSpy v1.7.0 ✨ Mostly under-the-hood work this time with major refactoring to speed up future development ⚙️ Huge shoutout to n3rada for leading the effort! More exciting features coming soon 🚀 github.com/RedByte1337/Gr…
English
1
12
38
2.9K