@[email protected]

My cli scripts are safe from any LLM interactions because even they can't figure out the correct input parameters

“So WSUS with HTTPS is secure, you said? 😂” Turns out… not really. According to the excellent research by Alexander Neff and Phil Knüfer in “Using ADCS to Attack HTTPS‑Enabled WSUS Clients,” a misconfigured ADCS environment can completely undermine HTTPS‑protected WSUS. They demonstrate how overly permissive certificate templates—especially those allowing user‑defined subject names and limited to the Server Authentication EKU—let an attacker obtain a trusted certificate and impersonate a WSUS server. Combine that with classic WSUS interception techniques, and suddenly you can push malicious updates that run with full admin privileges on Windows clients, all while the traffic looks perfectly valid and encrypted. From a defender’s point of view, the big question becomes: How do you detect if your WSUS clients have been talking to a hijacked WSUS server? 😅 Good news: it is detectable—and here’s the KQL to help you spot it. #Cyberesecurity #WSUSHiJackAttack

@0x534c Also note that, while our example attack creates a user or adds one to a group, this is basically arbitrary command execution on the victim. Attacks could come in different forms and sizes. Better to look for suspicious process spawning initiated by WSUS updates.

@0x534c The KQL is interesting in case that you want to specifically detect attacks on encrypted WSUS traffic. Otherwise, wouldn't it be better to just detect suspicious activities initiated by WSUS traffic, no matter the port?

We did a thing

This key takeaways from this report: - Agentic AI lowers the bar for cyber attacks (we knew this) - Dramatically increases scale (we knew this) - without a human in the loop, success rate is low (we knew this) The report itself leaves a lot to be desired from a technical aspect , I caution reporters to not read too deeply into the conclusions. If you’re an org, standard defense in depth still applies here as defense against these AI assisted attacks.

I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…

''Abusing sAMAccountName Hijacking in GPP: Local Users and Groups - Cogiceo'' #infosec #pentest #redteam #blueteam cogiceo.com/en/whitepaper_…

Raw NTFS parsing for SAM/SYSTEM/NTDS.dit access? github.com/kfallahi/Under… 400 lines Powershell - easy peasy ❤️🔥

Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups. signal.org/blog/introduci… Secure backups will let you save an archive of your Signal messages remotely in privacy-preserving form, refreshed every day. Now available in the latest Android beta release, rolling out to iOS and Desktop in the near future.

@SpecterOps @harmj0y I have evolved? 😯

Cookie theft has evolved. 🍪 Over the last year, stealing cookies on Windows devices has changed significantly for Chromium browsers like Chrome and Edge. Andrew Gomez dives into these changes, how threat actors adapt, & new detection opportunities. ghst.ly/45S1ZgW

@aboutsignal/115014293962341597" target="_blank" rel="nofollow noopener">mastodon.social/@aboutsignal/1…

Opening a new chapter 📖 From tinkering with old systems to giving talks at @BlackHatEvents, it’s been a wild ride. I am thrilled to share that I’m joining @SpecterOps as a Senior Security Researcher! Time to go full-time into deep technical security research🥰

An attacker on your network is indistinctable from IT admins. As long as this is true, attackers win. (Loosely borrowing Lambert’s list/graph quote. Solution: tiering and clean source

Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥 github.com/NeffIsBack/wsu… TL;DR: If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network. 1/4🧵

Use Signal. We promise, no AI clutter, no surveillance ads—whatever the rest of the industry does. We lead we don’t follow❤️

The feature rundown of the NetExec v1.4.0 release is now live on our wiki: netexec.wiki/news/v1.4.0-sm… Give them a read, there are so many great new features! Kali has updated NetExec to v1.4.0, so all the new changes are also available via apt🚀

👇 github.com/ly4k/Certipy/d…

A new module has been merged into NetExec: change-password🔥 Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by @kriyosthearcane, @mehmetcanterman and me