Jean-Michel Besnard

🔓 URH-NG is in beta; Universal Radio Hacker, Next Generation -> github.com/PentHertz/urh-… 327 protocols. 23 automotive ciphers. New Signal Analyzer. New SDR hardware. And it plugs directly into RF Swift.

@N7WEra @theluemmel Repo got renamed as we moved to another company

@jmbesnard_maz @theluemmel Wasn’t it part of Mazars repo?

New Release of AD Miner (v1.9)🚀 This update brings the following: ⚡️ Major engine rework for speed and RAM usage 🛡️ New Entra ID + On-prem controls 📈 Scaled to 1M+ user forests in production github.com/AD-Security/AD…

Think your guest Wi-Fi is isolated from your main network? Think again. AirSnitch (NDSS'26) breaks client isolation on every router tested: from home APs to enterprise WPA2/3-Enterprise. Full MitM in seconds, sometimes leaking WPA2 traffic in plaintext. Technique breakdown & tool usage: 🔗 community.penthertz.com/t/airsnitch-br…

If you like BloodHound and AD Hacking let me introduce you to BloodBash No web front end No neo4j No complexity Collect your AD artifacts with Sharphound Run `BloodBash ./pathToSharphoundOutput` That's it! github.com/DotNetRussell/…

How to mask masks from your cracked passwords with PACK github.com/Hydraze/pack # Get the passwords from your pot file. For simplicity I skip the HEX passwords (which have a : in them). awk -F ':' '{print $NF}' ~/.hashcat/hashcat.potfile > /tmp/pot.plain # Make a CSV file, you can use any plaintext password file as input, like rockyou. python3 statsgen.py --hiderare --maxlength=14 -o pot.csv /tmp/pot.plain # Make the mask from the CSV file. pps = passwords per second, you can also leave this out. -t / --targettime is time in seconds, 86400 is 1 day. Minlenght is minimal length you want the masks. python3 maskgen.py -t 86400 -o pot_min8.hcmask --pps=100000000000 --minlength=8 pot.csv # You can also generate masks with policygen. Set a policy like minimal 1 special in the masks, max 4 digits and length. The following will create a huge mask file: python3 policygen.py -o generated_masks.hcmask --minlength=8 --maxlength=12 --mindigit=1 --maxdigit=4 --minlower=1 --minupper=1 --minspecial=1

🇫🇷🎙️ Nouvel épisode du podcast Hack'n Speak ! On lance une série spéciale de 4 épisodes sur les différents labs AD créés pour @_leHACK_ et @_barbhack_ 🔥 Préparez-vous à plonger dans l'AD ! Le premier épisode sera dédié au workshop LeHack 2024 🛡️ creators.spotify.com/pod/profile/ha…

🛠️ ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. ✅ Remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM github.com/7hePr0fess0r/A…

If you want to extend #BloodHound a little bit and use it for other stuff such as passwordaudits, choke point detection and remediation tracking, increase your session data again etc, than this one's for you. luemmelsec.github.io/Whos-a-good-boy NO OpenGraph extension - sorry fan boys

@techspence @SwiftOnSecurity NAT

Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. @0xthirteen breaks down the service startup mechanics, plus the protocols and technologies. ghst.ly/41QT7GW

dMSA are now supported by impacket (thanks fulc2um!), so its time for badsuccessordumper.py ! github.com/fortra/impacke…

I publish two blog posts today! 📝🐫  The first dives into how we're improving the way BloodHound models attack paths through AD trusts: specterops.io/blog/2025/06/2…  The second covers an attack technique I came across while exploring AD trust abuse: specterops.io/blog/2025/06/2…

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

@techspence Ever tried AD Miner (to make the most of #Bloodhound) ? github.com/AD-Security/AD…

Free tools that can seriously help you improve the defenses of your environment 🙏

@mpgn_x64 Florian disliked this.

@badsectorlabs Better/shorter/faster cypher: MATCH (c:Computer{isdc:true}) WHERE c.operatingsystem CONTAINS "2005" return c.name @YuG0rd DC only or RODC too ?

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

TLDR "The attack works by default — your domain doesn’t need to use dMSAs at all. Available as long as the feature exists, which it does in any domain with at least one Windows Server 2025." #BadSuccessor #dMSA

The SSTIC 2025 challenge is online: sstic.org/2025/challenge/ Good luck to you all!