e1abrador

I have created a #CrackMapExec module to search for interesting files on compromised machines. Mainly focused when you have a large number of compromised machines and it is unfeasible to search 1 by 1 for files with useful information. thx @mpgn_x64 for the awesome cme project!

@PiListingNews 3

Pick a lucky number from 1 – 48. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 10 numbers hide a surprise of $50,000 10 Winners will be picked randomly in 48 hours

@rami_hashimi done

@HarrySandh21970 @thedawgyg We (@nbk_2000 and me) made a talk about this in @Jhaddix course TBHMLive. If you purchased the course you should have access to the talk!

@e1abrador @thedawgyg OK how I learn this Any resource

Waking up to a vuln from my Agent is the best possible outcome <3 it has a report and poc (html trigger + exploit) that works in production chrome waiting for me... this is gonna be fun

@thedawgyg @HarrySandh21970 On large scopes the best way of winning people using AI will be mastering the vertical and horizontal recon.

@HarrySandh21970 I dont think it will ever fully replace bug bounty hunters, but it will make it significantly harder to find vulns since you will be competing against AI. It will impact the new/less experienced hunters the most. They will likely be replaced entirely.

Day ONE of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 2nd Giveaway - We have 4 Swag Packs up for grabs! Get a shirt, stickers, pens, a BADGE and more! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! enjoy our tshirt models @G0LDEN_infosec and @PhillipWylie 🫶

To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries!

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

@rickyedit 923

1 de enero. 10.000€ para la PRIMERA persona que acierte el número exacto de cuentas bloqueadas que tengo ahora mismo en twitter (ya he hecho la captura). solo UNA respuesta por persona. ganador/a el día 6. suerte.

👀👀👀

Certipy v5 ▪️ESC16 (new) ▪️ESC13 & ESC15 ▪️Post exploitation of ESC12 & ESC14 ▪️LDAP Signing and LDAPS channel binding default enabled ▪️ Cert enrollment over HTTPS with channel binding enforced ▪️Improved detection, less false positives ▪️Wiki github.com/ly4k/Certipy/w…

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

Next week is our next run of our Attacking AI course! Check out the expanded syllabus ⬇️ payhip.com/b/xysOk 📢 Last Min Giveaway Time! Two seats up for grabs, winner will be chosen Tuesday next week! Each person can have up to 3 entries to the giveaway! ➡️Repost This Post = 2 Entries ➡️Like This Post = 1 Entry

@galnagli ghibli.mcp.gemini.galnagli.com

Okay I did some math and it might be too hard to nearly impossible (It sounds easy to guess 2 level deep subdomains, but yea not really) First subdomain has 6 letters, the 2nd one starts with the letter "m" and has less than < 5 letters {6 letters}.m*.gemini.galnagli.com

Recon challenge for the weekend, your mission - if you choose to accept it, is to discover a subdomain I have hosted at {}.{}.gemini.galnagli.com DNS Fuzzing is the way - If you succeed, it means you are capable of finding critical bugs on every company around the world. GLHF

@0xd0m7 Un writeup no?? 🔥

🔥🔥

8 chain Full SSRF lambda, the most difficult bug found in my career. One of the best day in my life ❤️

Just released SCCMHound! A BloodHound collector for SCCM. SCCMHound allows both attackers and defenders to construct BloodHound datasets using the vast amount of information that is stored/retrievable through SCCM. Feel free to take it for a spin! github.com/CrowdStrike/sc…

@hasan_zmzm @nbk_2000 @_Ali4s_ Depends on how big the scope is, since there is only 24h you should optimize it as much as you can.

@nbk_2000 @_Ali4s_ @e1abrador Regarding recursive subs enum, do you do it for all subs or you choose top10 for example?

Ok humans, for the next 6 hours @_Ali4s_ @e1abrador and I are answering #ReconRoyale questions. Ask us anything you want about the game! Tag your questions with #RR_AMA so we don't miss any! Please RT for coverage🐾

@UsmanMansha420 @nbk_2000 @_Ali4s_ I use public wordlists and custom ones. For permutations i use the default wordlist in dnsgen, and about resolvers, the trickest wordlist is a good one.

@nbk_2000 @_Ali4s_ @e1abrador Which wordlists do u use for bruteforcing, permutations, and resolvers ?

@UsmanMansha420 @nbk_2000 @_Ali4s_ I feel the same about passive sources. Subfinder works well, but I personally prefer diving deeper by understanding the service’s API through its documentation so i know 100% what is happening under the hood;)

@nbk_2000 @_Ali4s_ @e1abrador What passive sources do you use ? And why custom python? Does subfinder etc not work properly? #RR_AMA