wwwGeneral

La sécurité des protocoles d’authentification NTLM et Kerberos en environnement Active Directory - wwwGeneral wwwgeneral.github.io/posts/la-s%C3%…

Responder now supports much more LDAP authentications, the LDAP rogue server has been rewritten to support SASL mechanisms. You'll see a lot of these on your screens :)

@vxunderground @nikhil_mitt @struppigel CARTP

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.

@vxunderground @Octoberfest73 Please :)

Giveaway. @Octoberfest73 has sponsored two Zero Point Security "BOF Development & Tradecraft" courses. tl;dr Training course on Cobalt Strike and malware C2 stuff. Leave a comment below for a chance to win. Course information: zeropointsecurity.co.uk/course/bof-dev

I will die on this hill .@hackthebox_eu

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

@al3x_n3ff @0xcc00 Can you please explain the difference with shadow copy technic ?

Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by @0xcc00 parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀

Wanna see something cool about RDP and NetExec ?

@techspence If you close you eyes during the pentest maybe you will not see them xD

Internal pentest findings that shouldn't exist in 2025... - credentials on file shares/sharepoint/dms - local admin password reuse - kerberoastable domain admins - ADCS Misconfigs - spooler running on DCs - lack of powershell restrictions - EDR missing on hosts

x.com/RedTeamPT/stat… The efsr_spray module is merged in #NetExec. If you want to coerce an up-to-date Windows 11 and you have a writable share, this will come handy 😎. Thanks for the PR !

I'm not sure everyone realizes it, but as it stands, if you have an Active Directory with default configurations, any machine (except DCs) that hasn't applied the June 10 patch can be compromised by any domain user.

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

⚠️ We’ve reproduced CVE-2025-49113 in Roundcube. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. If you're running Roundcube — update immediately!

How the new Bad Successor dMSA domain takeover attack works. #ThreatHunting #DFIR

I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

Python version of BadSuccessor by Cybrly. github.com/cybrly/badsucc…

Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥 github.com/Pennyw0rth/Net…

@mpgn_x64 Too fastttt, merci bien :)

📢Want to make cool animations like us? Check out our new free 🎞️Attack Animator tool: aceresponder.com/attackanimator #DFIR #ThreatHunting #Pentesting #redteam #CyberSecurity #ACEResponder

Improved bypass for Windows 11 OOBE: 1. Shift-F10 2. start ms-cxh:localonly Only required on Home and Pro editions.