Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8👀👀👀
WKL is at Cloud Con 2026 in Grand Rapids, July 27-28.
Greg Hatcher is speaking on AI Under Siege: Enterprise LLM Exploitation at Scale. PHI extraction, ERP abuse via AI, guardrail bypasses at scale, and more.
Haley Somerville and Greg will also be at the booth. Come find us.
New video: logon sessions explained.
Every process has a token. Every token came from a logon session. But most developers never touch the session directly.
Covers: what logon sessions hold, why tokens exist as a separate layer, LsaEnumerateLogonSessions in C++, and the relevant structures in WinDbg.
trainsec.net/library/window…
Dear @github@Microsoft and @MsftSecIntel .
Thank you for your service. I have lost all hopes from you guys. As a Windows security researcher whose intent was to help the beginners and contribute to open source security tooling, and i had so much respect towards @Microsoft , that thought was changed today and i am leaving.
I have left the enough evidence in the ticket session. I would be better if a security researcher from GitHub might actually take a look at these.
Thank you and bye to the community.....
Here after you will not see posts about GitHub issues.
Ticket ID: #4440743#github#msft#defense#unlawful
@MalDevAcademy@GigelV41464 I really expected the course to be offensive, or at least offensive parts get added to the course, inspecting the decision making (engine) design of an EDR is core of it, not telemetrirs, for either bypass or detection, hope to see something different this time
One of the most exciting parts about our upcoming EDR Internals & Development course is that it walks the students through the development of a research EDR agent called MaldevEdr.
@GigelV41464 analyzed various EDR products to understand their inner workings and incorporated these techniques directly into the training. The agent developed throughout the course includes all the primary components of a real EDR such as a PPL service, user-mode DLL, ELAM driver and other kernel-mode components.
The diagram illustrates the components of the MaldevEdr.
More information: maldevacademy.com/edr-course
@MalDevAcademy@GigelV41464 the honest answer is most edr courses are just sales pitches, not hands-on learning experiences. this one's different because it lets students build a real edr agent from scratch with @gigelv41464's expertise guiding them
Credential theft remains one of the most common ways attackers move deeper into an environment.
The new Credential Access Tradecraft Analysis module is now available on HTB Academy and HTB Enterprise, helping learners understand how credential access techniques are executed, detected, and investigated in real-world scenarios.
Tier: 4
Difficulty: Hard
Category: Defensive
Built for defenders looking to strengthen their ability to analyze attacker tradecraft, spot credential access activity, and improve detection and response skills.
Start learning: okt.to/9p8khO#HackTheBox#HTBAcademy#HTBEnterprise#CyberSecurityTraining#BlueTeam#SOC#ThreatHunting#IncidentResponse#CredentialAccess
Elon Musk just put the entire university system on trial.
Not the curriculum. Not the professors. The premise.
Musk: “You don’t need college to learn stuff. Everything is available basically for free. You can learn anything you want for free.”
For a thousand years, universities held one monopoly. Access. You paid the toll or you stayed ignorant.
The internet erased that in a decade.
Every lecture. Every framework. Every textbook. Free. From any screen on Earth.
The six-figure tuition is no longer buying knowledge. It is buying a signal.
Musk: “There is a value that colleges have, which is seeing whether somebody can work hard at something, including a bunch of annoying homework assignments, and still do their homework assignments.”
That is the product. Not intelligence. Not creativity. Not vision. Compliance.
You are paying $200,000 to prove you can tolerate bureaucracy on a schedule.
Musk: “Colleges are basically for fun and to prove you can do your chores. But they’re not for learning.”
The entire system is a sorting machine for corporate HR. It does not measure what you can build. It measures whether you can sit still, follow directions, and deliver on command.
Four years of obedience dressed as education.
Musk: “If you’re trying to do something exceptional, you must have evidence of exceptional ability. I don’t consider going to college evidence of exceptional ability.”
The system optimizes for average. It rewards the compliant. It certifies the patient. It quietly filters out everyone who refuses to wait for permission.
The ones who reshaped the modern world never finished the test.
Musk: “Gates is a pretty smart guy, he dropped out. Jobs is pretty smart, he dropped out. Larry Ellison, smart guy, he dropped out.”
They did not drop out because it was too hard. They dropped out because the speed limit was too low.
The most dangerous thing a university does is convince a generational talent that finishing the syllabus is the achievement.
It is not. It is the floor.
A degree is a receipt for compliance. The future has never belonged to people who finish their homework. It belongs to the on
@hellish_pn@AlteredSecurity Why not both? A large number of professionals and organizations still struggle with the basics while chasing the more advanced stuff.
I am super excited to announce a brand new Penetration Testing course and certification from @AlteredSecurity
I give you AlteredSecurity Certified Penetration Tester (ACPT) certification, with the "Hands-On Infrastructure and Network Penetration Testing with NetExec" course.
Developed by the highly respected @al3x_n3ff, this course takes you through various attacks and techniques and prepares you for Penetration Testing job roles.
We are launching the course as a bootcamp that starts on July 3, 2026 and we are offering an early bird discount of 20%. Use ACPT20. Grab a seat today!
alteredsecurity.com/acpt-bootcamp#PenTest#NetExec
با
Spotify
Soundcloud
YouTube Music
Deezer
سینک شد
هر موزیکی درخواست بدین در هر ساعت شبانه روز ۱۰ دیقه بعدش اضافه میشه
البته که داریم ارشیو موزیکارو کامل میکنیم
ولی خب چون قطعا زمان بر میشه
خودتون میتونید مستقیم درخواست ثبت کنید و
۱۰ دیقه بعد خود اپ لایبرری موزیکتونو اضافه میکنه
برعکس تصویر عمومی که از افسردگی در ذهن اکثر ما هست، ما یک نوع افسردگی دیگه هم داریم به نام High-functioning depression، به این شکل که مدام کار میکنیم، عملکرد بدی هم نداریم؛ اما نه لذت میبریم، نه امیدی داریم و نه احساس ارزشمندی میکنیم.
Back then, Active Directory was the golden ticket for compromise. I feel it has shifted to compromising CI/CD, who needs EternalBlue when, with a single token, you can compromise thousands of products through a supply chain attack ?