Snowscan

Relayed NTLM creds are powerful, if you can use them. @senderend shows why browsers fail through ntlmrelayx SOCKS and introduces ghostsurf to make NTLM-authenticated web apps accessible. Read more ⤵️ ghst.ly/4tnJOtx

@b13bs_ AWS explicitly prohibits using Amazon API Gateway for outbound pentesting now: See prohibited activities -> aws.amazon.com/security/penet…

Didn't see much noise around this, but is IP rotation through AWS API Gateway now being detected and blocked? I never had an issue with Fireprox before, but I'm definitely hitting some walls now. This might be why Flareprox and OmniProx were released in the past few months.

And the source code: github.com/hasherezade/wa…

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

#pypykatz new version 0.6.11 is out on github and pip. Big thanks to all awesome contributors!! Besides the fixes, the two important things in this version: - Kerberos aes keys extraction is now supported - !!!!Windows 24H2 support is here!!!!! github.com/skelsec/pypyka…

Introducing PowerHuntShares 2.0 Release! NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares: ow.ly/6Rjo50U7tNr

@Bell Is this a standard fiber cabling installation? Running the fiber over my neighbor's driveway?

Just got some nice swag from @vulnlab_eu 😄

CcmPwn is equipped with various modules. The “exec” module runs an AppDomainManager Injection payload for every logged-in user. The “coerce” module coerces SMB/HTTP authentications, which can then be used for password cracking or relay attacks. 👇 github.com/mandiant/CcmPwn

Found a flaw in NetBSD's utmp_update allowing injection of ASCII escape sequences into utmpx logs, leading to unexpected terminal emulator behavior and utmpx database integrity concerns. ftp.netbsd.org/pub/NetBSD/sec… #NetBSD #Security

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc_de has you covered and added functionality to use DCOM instead of good old RPC #redteaming github.com/ly4k/Certipy/p…

@MarcOverIP @podalirius_ @OutflankNL @msftsecresponse Pretty sure this is using the Windows Search Service. My own implementation here: github.com/slemire/WSPCoe…

@podalirius_ @OutflankNL @msftsecresponse What makes you think we do not report to vendors?

New BOF released to our OST customers: Coercer Coercer triggers a novel and non-public coercion method that forces SMB authentication from the computer account on workstations. From there on, you can for example relay to ADCS for generating a computer certificate.

It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!). github.com/dirkjanm/blood…

Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇

@splinter_code I think this only works if the service start type is not disabled, otherwise triggers are inactive.

@reversebrain congrats!

@snowscan I passed it and also get OSCE3 ❤️

Just finished my OSED exam. Finger crossed for the report submission 👀

Did Bethesda hire the Microsoft UX team to work on Starfield? This is so shit. Really disappointed with the game so far.

Thanks to the generous folks @bcsecurity @hackthebox_eu @SANSOffensive @sektor7net and @nostarch for sponsoring prizes at the DEF CON Red Team Village CTF!

@rootsecdev @infosecdoc For sure that's at least 20$ right there

I’m living large today @infosecdoc