smiler

Thanks to @internetarchive, it is possible to find the old tips and tools of HSC (Hervé Schauer Consultants - @Herve_Schauer). Some tips are still used today for APT and fileless attacks. Very useful resources for Pentests / Redteams and Threathunting. web.archive.org/web/2012050321…

Speaking with French people in a business setting is so funny They be 48yo and they’re still asking peers what uni they went to 98% of them peaked in college so they feel obligated to tell you within the first 10 minutes of meeting them that they went to Polytechnique, ENS ULM or HEC What you accomplished since literally doesn’t matter because you attended a top school so you’re part of the « elite » I find it so pathetic Perhaps your country would be doing better if you were proud of your accomplishments the same way you’re proud that daddy paid for HEC Anyways Sorry I am done venting I just had the most cringe call of my life I had to let it out

@alma_dufour bienvenue au club 🦾

Nocturnal Machine - Fractured Circuits. [Deep and Rough Records]. youtube.com/watch?v=dDidlf…

Hello, friends! We started writing a series of articles about Impacket. This will be useful if you have long wanted to understand this tool and create your own tools for Coerce, Lateral Movement and other RPC Abuse :) medium.com/p/impacket-dev…

Automating MS-RPC vulnerability research incendium.rocks/posts/Automati…

I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! deepinstinct.com/blog/forget-ps… github.com/deepinstinct/D…

Je n’ai même plus les mots… Ces personnes ont eu une formation, obtenu des agrégations et ont un salaire. Tout ça pour nous pondre cette magnifique vidéo. Non franchement bravo. 👏 #TeamOL #Lyon

😳😱 SITUATION INEXPLICABLE A SAINT-ETIENNE ! Tolisso se fait plier la jambe par Stassin, Letexier sort d'abord le rouge... avant de se déjuger et ne mettre finalement que le carton jaune. 😳 💔 Tolisso sort en larmes et en civière, devant lui.

🚨📸 La notification LUNAIRE apparue sur l’écran de la VAR de François Letexier lors de l’annulation du rouge de Lucas Stassin. 😳😳 (crédit photo : le V) #ASSEOL #derby #Ligue1 #TeamOL

[Tool & Blog release] - smbtakeover, a technique to unbind/rebind port 445 without loading a driver, loading a module into LSASS, or rebooting the target machine. The goal is to ease exploitation of targeted NTLM relay primitives while operating over C2. Github repo is linked at the bottom of the blog post, which provides technical analysis of the technique. posts.specterops.io/relay-your-hea…

I've published a blog post about engineering learnings from the CrowdStrike global outage. I break down what went wrong, and what engineering practices would have prevented this incident. mazinahmed.net/blog/crowdstri…

@fr0gger_ @H_Miser Non. Distribuer un tool ou une maj bugguée est un problème de sécurité informatique, plus particulièrement un problème chez crowdstrike de pipeline d'intégration et de livraison continues (CI/CD) avant mise en production. En soit, Alain Bauer se pose les bonnes questions.

@H_Miser Moi j’ai pas compris pourquoi on en a fait un sujet de sécurité informatique alors qu’on est clairement sur du support…

Faudra quand même m’expliquer ce qui peut vous amener à consulter Alain Bauer pour un tel sujet…

@jondhoward "C'est la, c'est la, c'est la Salsaaaa du démon"

What is Taylor Swift singing? Wrong answers only.

Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call. tiraniddo.dev/2024/04/relayi…

Microsoft just open-sourced DOS 4 hanselman.com/blog/open-sour… (as well a release of beta binaries, disk images, and PDFs from @rozzie's archives!) (but who did the PR?!)

“It’s almost like people are making more money teaching hacking than actually doing it.” -- @assume_breach link.medium.com/XLQADjq6HGb ^ 100% true statement, and most don't teach good habits, they teach run and gun cowboy BS.

Cybordelics - Aventures of Dama. [Harthouse]. 1993. youtu.be/2ZTBrrS9GNA?fe…

Curious about the inner workings of Windows Authentication APIs? @mhskai2017's new blog post is your guide to demystifying the magic hidden within these APIs, empowering you to unravel the RPC implementations using IDA and the power of static analysis! ghst.ly/46LIm94