NULLKrypt3rs

Added a new technique in Patriot to identify suspicious CONTEXT structures used in the rop/callback chains of foliage, #nighthawk, #brc4, gargoyle, etc. github.com/joe-desimone/p…

Thread - Confluence Blind OGNL Injection analysis from our limited java knowledge. From vulnerable sink to becoming admin of the confluence instance. #CVE-2022-26134. Tested on latest vulnerable version 7.18.0.

Open redirect vulnerability and how to use it "correctly" in bug bounty 🙃 link.medium.com/ftOSGKkZtqb

This PowerShell one-liner will open a visible IE browser in Windows 11: $(new-object -com internetexplorer.application).Visible=$true

Interesting account takeover of the day. The site was hosting their pentest.test.com on amazonaws While resetting my password I have noticed that the host was getting passed in json body

No PKINIT? No problem! Thanks to team members Yannick and @lowercase_drm, you now have a way to (ab)use your ill-earned ADCS certificates even when domain controllers do not support PKINIT offsec.almond.consulting/authenticating…

Here are the slides for my talk « Delegating Kerberos to bypass Kerberos delegation limitation » 😈 at @1ns0mn1h4ck #INS22 #talk" target="_blank" rel="nofollow noopener">thehacker.recipes/ad/movement/ke…

Trying to learn security research and getting overwhelmed by all the details? I just published a guide showing my process for step-by-step analysis of a security feature: windows-internals.com/an-exercise-in…

New Interruptor 0.1 release 🔥 add Follow Thread 🥳, Kernel API constants usable by their names into hooks🥰, configurable output, smart modules/interrupts filtering github.com/FrenchYeti/int…

[#thread 🧵] Last week in #Microsoft #PatchTuesday, a critical vulnerability was patched that theoretically allows attackers to achieve Remote Code Execution on a target #IIS server (CVE-2022-21907). I'll explain how it works in this thread ⬇️

I'm proud to present a new tool, #LDAPmonitor! With this you can monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! Lots of authentication types are supported, and output can be saved to a file. github.com/p0dalirius/LDA…

My recent Bounties 🤑

Takeover an entire domain by resetting passwords! We detailed how to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus in this blogpost synacktiv.com/publications/h… @acervoise - @tiyeuse

Revisiting an old bug which paid off really well during a previous Red Team op. The good old Microsoft Exchange unauthenticated email relay. This was particularly impactful. Here's why: 🌶️Unauthenticated 🌶️No phishing infra needed 🌶️Emails land directly in user's inbox (1/4)

@l42Y_ Works fine for me.

New Write-up on InfoSec Write-ups publication : "Finding My First Bug: HTTP Request Smuggling" #bugbounty #bugbountywriteup #bugbountytips ift.tt/3jM5DAu

Containerd breakout PoC (@ChaosDatumz), the "glue" principle (@theluemmel), lockscreen bypass (@jonasLyk), VBox escape 0day (@Sauercl0ud), beacon shellcode generator (@ryanstvnson), browser backdoor (@_batsec_), nim obfuscation (@LittleJoeTables), + more! blog.badsectorlabs.com/last-week-in-s…

b00t2root CTF ended! Hearty congratulations to team @ByteForc3, @Zh3r00 and @0x90r00t for bagging the top three positions! We would also like to thank our esteemed sponsors @offsectraining @vector35 for sponsoring the prizes. Adieu guys! See you all next year :)

15+ hrs into the CTF and we are seeing some intense competition here :P If you havent registered yet shoot here: boot2root2020.tech #boot2r00tctf2020

Hola folks, With Hacka-demic in close sight, we are glad to announce the prizes and goodies awaiting the winners. Hoping the poll has added flavors to your curiosity on the possible themes, we are more than excited to witness your take on our themes. (1/2)