drm

Choose your poison 🦋 bsky.app/profile/lowerc… 🐘 @drm" target="_blank" rel="nofollow noopener">mastodon.social/@drm (still posting here too)

A private @Burp_Suite Collaborator instance is an essential for pentesting sensitive environments, but managing TLS for it can be a pain. Today we release a Certbot plugin that automates Let’s Encrypt wildcard certificate renewals for private instances. github.com/AlmondOffSec/c…

Based on prior research by @Jonas_B_K, @harmj0y, @PyroTek3, @_dirkjan, @gentilkiwi and prior work from @SAERXCIT and many impacket contributors!

@vendetce No, problem, it's nothing fancy, but it helps (me, at least 🙂)

@lowercase_drm Cool, thanks

I was bored to type the same commands each time I started a new internal pentest. So here comes KingCastle. This script does not perform any attacks, consider it as a cheat sheet, to quickly see low hanging fruits. github.com/ThePirateWhoSm…

@GiliYankovitch 🏅

@lowercase_drm Awesome! Have fun tinkering with it! 😊

The Sword made its way to France 🗡️ @GiliYankovitch

@andrewdanis Good catch, thanks

@lowercase_drm tweet is easier than opening a github issue, but looks like line 102 has a typo "dnshostame" which causes the script to fail

Team member @sigabrt9 was able to bypass Apache FOP Postscript escaping to reach GhostScript engine. offsec.almond.consulting/bypassing-apac…

@al3x_n3ff @Defte_ I have just experienced that behavior with a STATUS_PASSWORD_EXPIRED error

@Defte_ I have experienced that wrong credentials result in these timeouts, correct credentials still work as expected with NTLM. In your case there might be a bug with the long username? If anyone knows the reason for these timeouts please share your knowledge✌️

Anyone know wtf is happening ? Authenticating via NTLM on DC2025 seems a bit broken while working completely fine with Kerberos:

@en4rab @SipeedIO Nice hardware but sigrok can't handle a 15s capture at 800Mhz without crashing and it is barely usable at 400Mhz... I used the plugin from DSview (github.com/DreamSourceLab…), do you know a better one?

I finally tested the @SipeedIO SLogic16U3 with TPM sniffing. Their build of sigrok doesnt have Ghecko's plugin included but it is simple to add. I had some issues with it not liking my usb-c port but I got a trace and found out my sigrok2pcap script was rubbish and needed fixing

Team member @myst404_ identified a privilege escalation in WAPT caused by a DLL hijacking issue, which was promptly fixed by the vendor. Patched in version 2.6.1. Changelog: #wapt-2-6-1-17705-2026-02-04" target="_blank" rel="nofollow noopener">wapt.fr/fr/doc/wapt-ch…

@GiliYankovitch Can't wait to receive it! What about the ENIG coating version for the golden challenge winners?

The Sword of Secrets is shipping worldwide ⚔️ What started as a small hardware CTF turned into PCB spins, custom jigs, packaging chaos, and 250 units doing a surprise customs round trip. Every sword made it back. Now they’re finally on their way. Worth it. #Hardware #Embedded

Merged in main 🎉 Happy hacking!

Originally, Microsoft did not enforce their own specs for validated writes at all and only checked if a KeyCredentialLink is already present. Now they require a CustomKeyInformation field with the "MFA Not Required" flag to be present and the last logon timestamp to be absent.

@ShitSecure Did you try with pywerview? Last time I tried it was ok. github.com/the-useless-on…

Today I had an ldap ntlmrelayx.py socks connection but all tools failed to query LDAP via socks5 except from certipy. But certipy only queries certificate information. Well, so I let claude code something which worked 🧐 github.com/S3cur3Th1sSh1t…

@Defte_ Seems ok on my DC2025s😕

@Blurbdust Does anyone have benchmark? What cracking speed I can expect on a modern hardware?

The blog with how to use the rainbow tables for Net-NTLMv1 is finally live! cloud.google.com/blog/topics/th… My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created. content.burningrivercybercon.com/talks/nic-losb…

@SipeedIO @ico_TC How can I test it ? Is there a pull request ?

#SLogic32U3 #SLogic16U3 support #ngscopeclient now! And we will soon add simple oscilloscope functions too~ @ico_TC

@ghidraninja gang watching the logic analyzer output