parzel

I will try to move to bsky permanently from now on. A lot of #itsec people are showing up there recently, and I am positive that finally, it will be possible to leave the toxic site Twitter has become. You can find me at parzel.bsky.social, happy to connect there!

During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

I did not approve of the timing of this release but here it is. Blog coming soon. github.com/ly4k/Certipy/p…

Following up on my earlier tweet (x.com/decoder_it/sta…) regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it! github.com/decoder-it/Krb…

During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here: itm4n.github.io/printnightmare… #itsec

The entire disclosure seems to have been leaked online gist.github.com/stong/c8847ef2… Here is the report and POC

A big thank you to our Review Committee @BalthasarMartin @parzel2 @vinulium, Luca Melette and Diana Janetzky. We now have an amazing schedule featuring their favourite talks which you can check out here: bsides.berlin #BSidesBerlin #appsec #infosec #BSides

#BSidesBerlin is back! Will you be joining us this year at @Festsaal on Saturday 26.10? Our CFP is open until 16.08 👉cfp.bsides.berlin/bsides-berlin-… Early Bird Tickets are available until end of July 👉 bsides.berlin @SecurityBSides @cfp_time

Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/cert… Source code: github.com/srlabs/Certice… Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…

Lovely to see the Email RFCs abused to embed a command injection payload in the local-part of the address! Nice work Michael Imfeld & @parzel2 modzero.com/en/blog/beyond…

@garethheyes That's a big compliment coming from you, thanks! :)

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @born0monday@chaos.social will also present at @a41con today.

🎟️📢Don't miss your chance to attend or present at BSides Berlin on October 26 in Festsaal Kreuzberg. Ticket sales and the Call for Papers are NOW OPEN!! bsides.berlin

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to @born0monday" target="_blank" rel="nofollow noopener">chaos.social/@born0monday and @parzel" target="_blank" rel="nofollow noopener">chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc_de has you covered and added functionality to use DCOM instead of good old RPC #redteaming github.com/ly4k/Certipy/p…

We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 #certifieddcom--the-privilege-escalation-journey-to-domain-admin-with-dcom-37519" target="_blank" rel="nofollow noopener">blackhat.com/asia-24/briefi… and introduce more interesting attacks.

🇷🇺 Doppelgänger | Russia-Aligned Influence Operation Targets Germany We have been tracking the activities of the suspected Russia-aligned influence operation network Doppelgänger since late November 2023. Here is what we found... 🧵 sentinelone.com/labs/doppelgan… #threatintel

#threatintel someone just leaked a bunch of internal Chinese government documents on GitHub github.com/I-S00N/I-S00N/

I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings. tiraniddo.dev/2024/02/sudo-o… The main take away is, writing Rust won't save you from logical bugs :)

Today we release the proof-of-concept exploits for the vulnerabilities we identified in HP #Poly VoIP devices. At the #37C3 we presented how these issues allow an attacker with network access to gain RCE and transform your devices into wiretaps. github.com/modzero/MZ-23-…