Yeeb

Relayed NTLM creds are powerful, if you can use them. @senderend shows why browsers fail through ntlmrelayx SOCKS and introduces ghostsurf to make NTLM-authenticated web apps accessible. Read more ⤵️ ghst.ly/4tnJOtx

I’ve been grinding hard on AI for the better part of the last 8+ months - learning, building, adapting, and pulling late nights just like so many others right now. Cutting through the FUD and hype, there is real potential here. Industry-breaking potential. The era we’ve been waiting for - to finally supercharge and develop the tools and platforms we’ve wanted to build for years - is here, and agent assistance is accelerating everything. With coding agents, I’ve built solid tools and had research breakthroughs that would have taken weeks or months before. These should feel like real wins worth celebrating. But honestly? I don’t feel victorious. In many ways, it just feels necessary to keep pace. As Dave said: adapt or be left behind - and for good reason. I’m not ready to be left behind. But damn, I’m tired. I’m tired of constantly reinventing myself. Tired of constantly re-tooling. Tired of the endless cycle of keeping up, the late nights, and the personal sacrifices that come with it. I’ve even lost the desire to share knowledge and research with the community the way I used to. From the conversations I’ve had, I’m far from alone - many others in this space feel the same but don’t necessarily vocalize it outside of smaller circles. Is it because I see AI purely as a threat? Not really. The offensive side of our industry has been heading this way for a while, and I’ve been moving with it. The truth is, the excitement Dave describes is real - but for me right now, it’s mixed with exhaustion. I’m grateful for the breakthroughs, yet I catch myself wondering how long I can sustain this level of constant reinvention without something giving. The early-2000s energy is back, sure… but so is the burnout that often came with it. Being a bit older now, with young kids at home, the pace hits differently. I don’t have the same endless energy I once did, and the late nights and constant context-switching carry a heavier weight. Finding balance is tough, but it feels more important than ever. Hopefully we can all figure out how to ride this wave more sustainably - without burning out in the process.

Introducing Cobalt Strike Research Labs! This new offering provides cutting edge tradecraft to get new capabilities into your workflows faster. Exclusively available in our Adversary Emulation Suites. Read the announcement: cobaltstrike.com/blog/introduci…

Impacket’s GetST able to request tickets cross-domain and cross-forest. github.com/synacktiv/impa… As described in the article add: -targetdomain -dc-ip -targetdc To check for cross-forest use: -forest

Thanks to Azox, it is now possible to use psexecsvc (github.com/sensepost/susi…) through a socks proxy like ntlmrelayx allowing executing system commands via a trusted service, as NT System, and evading EDR's. Also thanks to @HackAndDo for his fixes :D

SockTail - connecting target via a Tailscale network Red Team Operators should find it useful. A tool by @Yeeb_ Source: github.com/Yeeb1/SockTail #redteam #blueteam #maldev #malwaredevelopment

Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! hubs.la/Q047xTVc0

Collecting ADCS data with NetExec🔥 Thanks to the addition of CertiHound, developed and implemented by 0x0Trace, we can now collect ADCS data using the --bloodhound collector of NetExec. As before, the data is exported as JSON files that can be imported directly into BloodHound.

New Release of AD Miner (v1.9)🚀 This update brings the following: ⚡️ Major engine rework for speed and RAM usage 🛡️ New Entra ID + On-prem controls 📈 Scaled to 1M+ user forests in production github.com/AD-Security/AD…

Been exploring alternative C2 channels beyond traditional HTTP domains. Built C2 comms (with demo agents) for Mythic over AWS S3, Tailscale, and NetBird. With Mesh VPNs new possibilities for comms arise :) github.com/Yeeb1/mythic_a… github.com/Yeeb1/mythic_t… github.com/Yeeb1/mythic_n…

WSUS fake updates for LPE or RCE when HTTP is being used? This one took many days and troubleshooting with claude but now we have a C2-Capable tool for the full stack including poisoning plus fake update delivery - the only thing we need is a low privileged C2 session! 🔥

meet VMkatz, github.com/nikaiw/VMkatz

Releasing one of my research tools: EVENmonitor🖥️ Inspired by LDAPmonitor, I implemented a monitoring tool for the Windows Event log in pure python. You can just attach it via the network and then filter for specific event IDs or keywords. Available at: github.com/NeffIsBack/EVE…

Just wrote a 20 line PowerShell script that successfully shut down a multimillion dollar piece of shitt. Hint1 It's not Defender Hint2: try the same with ntdll.dll and advapi32.dll. Keep in mind some system DLL handles are protected by TrustedInstaller. binarydefense.com/resources/blog…

Are one-way trusts really one way? @lowercase_drm sums up how the TDO password lets you turn a one-way AD forest trust into bidirectional access, and releases a new tool to remotely extract these secrets. offsec.almond.consulting/trust-no-one_a…

I published a Sharepoint and Outlook PowerShell GUI that can be used on RedTeam operation when you've found an Azure AppId with interesting privileges. You can now use these tools to browse the SharePoint or Mailboxes through a GUI instead the GraphAPI github.com/OtterHacker/M3…

Stuck Without Coercion options? Why not just Coerce MDE? @Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66" target="_blank" rel="nofollow noopener">medium.com/@Sniffler/stuc…

a lot of post compromise hands on keyboard activity will look like your admins, but not all of it....