mintko

Just over 24 hours until @_kripteria takes the stage at @h_c0n to revisit the design and methodology of attack graphs in Active Directory, showcasing new approaches with Neo4LDAP.

Hi! I just published a technical deep dive into a complex and fun N-day vulnerability that allows to get RCE in a very popular e-commerce platform. Check it out! hiddeninslack.github.io/posts/from-sst…

Tangled is a social engineering platform that weaponizes calendar event processing in Outlook and Gmail to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction. github.com/ineesdv/Tangled Technical breakdown: tarlogic.com/blog/abusing-c…

Meetings You Didn’t Plan, But We Did In this post, @ineesdv breaks down how calendar event processing in Outlook and Gmail can be abused to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction ➡️Read more: tarlogic.com/blog/abusing-c…

Overly complex ACL graphs? Neo4LDAP now helps you prioritise attack paths without losing visibility. • Editable ACE weights • Shadow Relationships Details + PoC 👇 @kripteria.sec/finding-optimal-attack-paths-in-active-directory-with-neo4ldap-3d2158419f35" target="_blank" rel="nofollow noopener">medium.com/@kripteria.sec…

Kudos to our colleague @_Kudaes_ , who yesterday delighted us at @NavajaNegra_AB with his talk 'Activation Context Hijack,' which can be rewatched here: twitch.tv/videos/2581089…

This Thursday, our colleague @_Kudaes_ will be at @NavajaNegra_AB presenting Activation Context Hijack: a new code execution technique for Windows environments. ➡️ More info: navajanegra.com/2025/speaker/k…

Although direct access to disk is not new at all, especially when it comes to forensics, I think this approach could be useful in a number of contexts during a RT engagement. github.com/Kudaes/MFTool

I've just released Eclipse, a PoC of what I call Activation Context Hijack. This technique redirects any application to load an arbitray DLL, allowing to inject code into any trusted process. More info available on Github. github.com/Kudaes/Eclipse

I created a tool designed to simplify the generation of proxy DLLs (i know, a bit late to the game) while addressing common conflicts related to windows.h when it comes to redefining an existing function when performing proxy DLL. It was a fun project 😁 github.com/Krypteria/Prox…

In a few hours, our colleague @_Kudaes_ will talk at @EuskalHack about call stack spoofing to hide the execution of implants from memory. #ESCVII ➡️ Read more: #ponente7" target="_blank" rel="nofollow noopener">securitycongress.euskalhack.org/ponentes_es.ht…

Are you aware of this technique for achieving fileless persistence? Find out how it works and how to detect it. ➡️ github.com/blackarrowsec/…

🤘🏼 Success. @antuache and @calvaruga, @BlackArrowSec Red Team specialists, not only took control of an EDR but also captured the attention of the entire @rootedcon.

Although it's nothing new, @ineesdv and I are pleased to publish our own ROP-based implementation of the code fluctuation technique. We've tried to keep it simple and functional, avoiding to use common features like Timers, HWBP or APCs. github.com/Kudaes/Shelter

Our colleagues @_Kudaes_ & @ineesdv will be at #HackOn2024 presenting an alternative approach to ROP-based sleep obfuscation technique to evade memory scanners. ➡️ Read more: hackon.es/charlas/In%C3%…

Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…

Are you aware that Threat Actors can use virtualization as an effective evasion technique? Our #ThreatHunting team presents some useful queries to detect this technique. ➡️ github.com/blackarrowsec/…

Seekolver #python tool for searching and filtering subdomains using different APIs: SecurityTrails AlienVault VirusTotal SpyOnWeb Crt sh github.com/Krypteria/Seek… Creator @_kripteria

Watchguard has fixed 4 vulnerabilities in Watchguard EPDR discovered by our researchers @antuache and @Calvaruga. These vulnerabilities can be used to turn-off the defensive capabilities of the product and achieve privilege escalation. ➡️ Advisories: watchguard.com/es/wgrd-psirt/…

In our latest post, @xassiz introduces a new technique to obtain cleartext passwords from MSSQL by abusing linked servers through the ADSI provider. ➡️ Read more: tarlogic.com/blog/linked-se…