NotFound

If a website is protected by @CheckPointSW IPS "anti-SQLi" and mysql<=5 is running, you can easily bypass this by using "||" and "&&" instead of "OR" and "AND" which are blocked. Tested on the lastest version R80.20. #bugbountytip #bugbounty #pentest #payfornothing

I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀 Presenting the Continuous Reasoning AI Pentester! Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR. Zero human input. One hundred percent success.

Si vous ne souhaitez pas passer par LinkedIn : login-securite.com/challenge-cybe…

3 places à gagner pour Le Hack (la NDH pour les anciens) ! Et faites moi plaisir, je veux un writeup en oneliner bash svp. En plus, il y a quelques messages cachés 🤫 #challenge #ctf #loginsecurite

@SecurityTrybe set completion-ignore-case On 💤

😂🤣

PoC Exploit for the NTLM reflection SMB flaw CVE-2025-33073 github.com/mverschu/CVE-2…

Il y a bien longtemps que j'avais pas trouvé un chall aussi sympa ! Malgré sa simplicité, on y trouve des vulns très récentes, le cheminement jusqu'à DA est fluide et surtout, c'était l'occasion de jouer avec certipy5 👌 (app.hackthebox.com/machines/Fluffy) hackthebox.com/achievement/ma…

@_SaxX_ comme même !

@Notfound404__ Teuteuteu

Rare image d'un analyste SOC face aux nombreux événements du SI

@_SaxX_ Si t'es sage 😘

@Notfound404__ Tu me le feras découvrir en exclu ?

BadSuccessor ports: ◾️.NET github.com/logangoins/Sha… ◾️Python github.com/cybrly/badsucc… ◾️PowerShell github.com/LuemmelSec/Pen… 🎯 Implemented in these tools: ◾️Netexec: github.com/Pennyw0rth/Net… ◾️BloodyAD github.com/CravateRouge/b…

I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

@penthium2 @rootme_org Sympa le "semaphore-like" version bash pour limiter le nombre d'exec en // !

jolie petit projet bash pour remplacé nmap : github.com/Akali35/NoWher… découverte faite via le discord de @rootme_org

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

#BadSuccessor - a textbook example of why the security ecosystem is broken - A privilege escalation vuln in Windows Server 2025 AD (via dMSA) - Full domain compromise with default config - Microsoft was told, agreed it’s real, but rated it "moderate" - No patch, No fix - No code execution needed - No need to touch the DC - No RPC, no ntds.dit - Just a write to one attribute on an account you can create - Rubeus already supports dMSA abuse (since February) - Metasploit module is in the works Researchers published everything anyway. Because… "we respectfully disagree with Microsoft’s assessment". So yeah, let’s just drop an end-to-end domain takeover technique online to prove a point. To be fair, Windows Server 2025 isn’t widely deployed yet, so the real-world blast radius today is limited. But this isn’t about today - it’s about trust, process, and what happens when security decisions are driven by vendor priorities and researcher egos. What this tells me: 1. Microsoft either: - Can’t assess bugs anymore - Or stopped caring about on-prem AD completely (because Entra ID is what they want to sell) 2. And the offensive sec crowd? - They knew this would hit hard - But chose to burn the world anyway - Because their urge to be right > everyone else’s security In the end, both sides look bad. Microsoft, for being dysfunctional or apathetic Researchers, for chasing clout over coordinated disclosure Congrats. In a rare show of unity, both sides managed to screw this up. Blog: akamai.com/blog/security-… LinkedIn: linkedin.com/feed/update/ur… Metasploit issue: github.com/rapid7/metaspl…

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post sensepost.com/blog/2025/divi…

@_SaxX_ Attention avec l'utilisation de "diskpart" et son équivalent Linux "dd" , n'est-ce pas 👀

C'est donc ça les vidéos sur TikTok 😮‍💨🤨🤔 ? (merci à un abonné qui me l'a envoyé) Tant qu'on y est alors, je vais vous donner mon conseil aussi ! Pour sécuriser votre ordinateur, votre mot de passe doit contenir votre date de naissance et votre ville de naissance obligatoirement. Ainsi les hackers ne pourront pas le trouver avec leurs programmes informatiques. Ne me remerciez pas. Bonne journée.

Oh ça, c'est fort ! Même pour les fanboy cli comme moi, toujours pratique d'avoir un tool qui donne une vue d'ensemble rapidement sur certains éléments. apackets.com

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

The entire disclosure seems to have been leaked online gist.github.com/stong/c8847ef2… Here is the report and POC