@[email protected] (inactive)

5.2K posts

@[email protected] (inactive)

@michael_eder_

account inactive, goto mastodon if you want to follow me

Munich Katılım Temmuz 2014

577 Takip Edilen975 Takipçiler

Sabitlenmiş Tweet

@[email protected] (inactive)@michael_eder_·29 Ara

NFS has not received much attention of the offensive security community in nearly a decade. Today, we are happy to share our research on the topic: hvs-consulting.de/en/nfs-securit…. I'll give you a short overview in this thread 🧵 (1/5) #redteam #pentest

English

148

20.2K

@[email protected] (inactive)@michael_eder_·29 Oca

Took me two grok requests to return to default (or at least something that looks like it) See you over in the sane part of the internet!

English

@[email protected] (inactive)@michael_eder_·29 Oca

#NewProfilePic

@edermi@infosec.exchange (inactive) tweet media

QME

@[email protected] (inactive) retweetledi

Aurélien Chalot@Defte_·28 Oca

Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D

English

133

43.3K

@[email protected] (inactive) retweetledi

Mandiant (part of Google Cloud)@Mandiant·17 Oca

Net-NTLMv1 is outdated, insecure, and must go. 🛑 To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment. Read more: bit.ly/4qpV6MJ

Mandiant (part of Google Cloud) tweet media

English

282

44K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·16 Oca

NetExec v1.5.0 is now available on kali! Go ahead and apt update && apt upgrade your system to get all the new features🚀

Alex Neff@al3x_n3ff

NetExec v1.5.0 has been released!🔥 Merry Christmas everyone!🎉 It's been a very long time since the last release, so there are a TON of new features! Some of the highlights: - Built-in LDAP signing and channel binding checks - RDP command execution - certipy find integration

English

596

37.3K

@[email protected] (inactive) retweetledi

SpecterOps@SpecterOps·13 Oca

SCCM attack paths are messy until you can see them. 👀 ConfigManBearPig from @_Mayyhem extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths. Check it out! ghst.ly/4svbcWO

English

136

11.1K

@[email protected] (inactive) retweetledi

Yuval Avrahami@yuvalavra·15 Oca

We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

English

160

857

7.4K

1.3M

@[email protected] (inactive) retweetledi

Nic Losby@Blurbdust·15 Oca

The blog with how to use the rainbow tables for Net-NTLMv1 is finally live! cloud.google.com/blog/topics/th… My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created. content.burningrivercybercon.com/talks/nic-losb…

English

225

37.7K

@[email protected] (inactive) retweetledi

Ricardo Ruiz@RicardoJoseRF·17 Kas

I just released SAMDump, a tool that extracts SAM and SYSTEM files via Volume Shadow Copy (VSS) API with optional exfiltration (local save or network transfer) and XOR obfuscation. Plus, it uses NT APIs for file operations github.com/ricardojoserf/…

English

120

6.5K

@[email protected] (inactive) retweetledi

Secorizon@secorizon·31 Ara

Responder now supports much more LDAP authentications, the LDAP rogue server has been rewritten to support SASL mechanisms. You'll see a lot of these on your screens :)

English

198

14.2K

@[email protected] (inactive) retweetledi

mpgn@mpgn_x64·5 Oca

New Windows AD Lab "Pirates of the Caribbean" themed lab is live ! 🔥 🔷NTLMv1/RBCD 🔷GMSA & MSSQL Impersonation 🔷Kerberos Delegation 🔷NTDS Forensics Build on VMware, VirtualBox, or Ludus. Thanks @mael91620 for the help! Full treasure here⬇️ github.com/Pennyw0rth/Net…

English

103

392

23.6K

@[email protected] (inactive) retweetledi

MatheuZ@MatheuzSecurity·5 Oca

Singularity rootkit now can bypass SELinux enforcing mode without audit logs on ICMP trigger, conntrack/netlink filtering (conntrack, ss, SOCK_DIAG), UDP hiding + setup script github.com/MatheuZSecurit… #linux #rootkits #malware #evasion #antiforensics

English

135

9.2K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·4 Oca

We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks. You can read our blog post here: blog.digitrace.de/2026/01/using-… 2/2🧵

English

191

12.1K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·4 Oca

Using ADCS to Attack HTTPS-Enabled WSUS Clients: @cookieTheft and I have extended the research by @Coontzy1 on WSUS attacks and explored how to leverage misconfigured ADCS templates to gain code execution on HTTPS-enabled WSUS clients. 1/2🧵

English

290

25.8K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·22 Ara

Enumerate DNS zones that allow unauthenticated updates using NetExec🔥 Adding or updating DNS entries without authentication can give attackers a huge advantage. Thanks to @toffyrak such DNS zones can now be enumerated using NetExec🚀

English

361

25K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·5 Ara

NetExec now extracts even more secrets from the NTDS.dit🚀 With the new --history and --kerberos-keys flags, NetExec will also dump the password history and the AES/DES keys for Kerberos auth from the NTDS.dit🔑 Implemented by @kriyosthearcane, azoxlpf and me.

English

440

17.5K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·26 Kas

Dump DPAPI credentials via WinRM with NetExec🔥 A lot of sensitive data is stored in Windows DPAPI, such as the login credentials used in scheduled tasks. Thanks to tiagomanunes this is now also possible via WinRM!

English

251

11.4K

@[email protected] (inactive) retweetledi

Alex Neff@al3x_n3ff·21 Kas

Dumping juicy secrets from SAM/LSA is always nice right? I've added an implementation for the --sam and --lsa flags to the MSSQL protocol of NetExec🚀 No need for manual registry hive extraction anymore!

English

316

12.8K

@[email protected] (inactive) retweetledi

RedTeam Pentesting@RedTeamPT·13 Kas

🚨8 months after public disclosure, @RHEL @AlmaLinux @rocky_linux are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!

English

Keşfet

@_Mayyhem @awscloud @mael91620 @cookieTheft @Coontzy1 @toffyrak @kriyosthearcane @RHEL