Hyperher

"Entras. Seleccionas tu comunidad autónoma. Dices si eres asalariado, autónomo, o ambos. Marcas tu situación: si tienes hijos, si alquilas, si inviertes, si cuidas a alguien. Y te dice cuáles de las 375 deducciones te corresponden. Con una estimación de cuánto puedes ahorrarte. Sin pedirte el NIF. Sin registro. Sin datos personales. La información es de la AEAT. Yo solo he hecho legible para ti y para mí." larenta.es Productazo que acaba de lanzar @paumrch

🚨Someone just open sourced a computer that works when the entire internet goes down. It's called Project N.O.M.A.D. A self-contained offline survival server with AI, Wikipedia, maps, medical references, and full education courses. No internet. No cloud. No subscription. It just works. Here's what's packed inside: → A local AI assistant powered by Ollama (works fully offline) → All of Wikipedia, downloadable and searchable → Offline maps of any region you choose → Medical references and survival guides → Full Khan Academy courses with progress tracking → Encryption and data analysis tools via CyberChef → Document upload with semantic search (local RAG) Here's the wildest part: A solar panel, a battery, a mini PC, and a WiFi access point. That's it. That's your entire off-grid knowledge station. 15 to 65 watts of power. Works from a cabin, an RV, a sailboat, or a bunker. Companies sell "prepper drives" with static PDFs for $185. This gives you a full AI brain, an entire encyclopedia, and real courses for free. One command to install. 100% Open Source. Apache 2.0 License.

VMkatz. Extract Windows credentials directly from VM memory snapshots and virtual disks, by @Nikaiw github.com/nikaiw/VMkatz

WINDOWS SERVER 2025 GROUP POLICY UPDATES: Administrative Templates (.admx) for Windows Server 2025 (March 2026 release) microsoft.com/en-us/download… Group Policy Settings Reference Spreadsheet for Windows Server 2025 (March 2026 release) microsoft.com/en-us/download… HT: Abbodii on the PatchManagement.Org DL

Kerberoasting Attack in Active Directory 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Kerberoasting is a post-exploitation attack that targets service accounts in Active Directory by abusing the Kerberos authentication protocol. Attackers request service tickets (TGS), extract them, and crack the encrypted hashes offline to recover plaintext credentials. () 📚 Techniques Covered in This Guide 🔎 Enumerating Service Accounts (SPNs) 🎟 Requesting Kerberos Service Tickets (TGS) 📦 Extracting Service Ticket Hashes 🔐 Offline Password Cracking (John / Hashcat) 💻 Using Impacket (GetUserSPNs) ⚡ Kerberoasting with NetExec (NXC) 🧰 Metasploit SPN Enumeration Module 🖥 Rubeus Kerberoast Module 📜 PowerShell Kerberoast Script 📖 Article: hackingarticles.in/kerberoasting-… #CyberSecurity #EthicalHacking #ActiveDirectory #Kerberoasting #RedTeam #InfoSec

Windows Hello for Business – Faceplant: Planting Biometric Templates, by @insinuator insinuator.net/2025/08/window…

Hide the threat – GPO lateral movement intrinsec.com/hide-the-threa…

ConditionalPolReviewer. PowerShell-based tool for auditing Microsoft Entra ID (Azure AD) Conditional Access policies and Multi-Factor Authentication (MFA) compliance across an organization github.com/ChiefW0mbat505…

Active Directory Security Assessment: Password Spraying, Privilege Escalation, and Kerberoasting Active Directory (AD) environments remain a primary target in enterprise security assessments due to their central role in authentication, authorization, and resource management. During a recent internal penetration test of the `hive.local` domain, several critical weaknesses were identified that demonstrate common attack paths from credential abuse to privilege escalation and service account exploitation. The assessment began with password spraying via SMB using a known weak password (`P@ssw0rd!`) across a list of domain users. Unlike brute-force attacks, password spraying targets many accounts with a single password to avoid triggering account lockouts. This approach successfully identified multiple valid credentials, with several users able to authenticate to the domain controller. Notably, three accounts including `alice.wonderland`, `bruce.wayne`, and `diana.prince` were found to possess administrative privileges on the Domain Controller. The presence of these privileges underscores the significant risk posed by shared or weak passwords and demonstrates how administrative access can be obtained without exploiting any software vulnerabilities. Following successful credential discovery, Kerberoasting attacks were conducted against service accounts with Service Principal Names (SPNs). Accounts such as `http_svc` and `mssql_svc` yielded Kerberos Ticket Granting Service (TGS) hashes retrievable via LDAP queries. These hashes, once obtained, can be cracked offline, potentially exposing high-privilege credentials for critical services like web servers or SQL databases. Kerberoasting highlights a systemic risk: even service accounts intended for automation can become a vector for privilege escalation if their passwords are weak or mismanaged. This assessment demonstrates a classic AD attack chain: starting from credential discovery, moving through password spraying and escalating privileges via administrative group membership, before targeting service accounts for Kerberoasting. The test illustrates that attackers often rely on weak credentials and improper privilege management rather than exploiting software vulnerabilities to gain significant domain control. Recommendations: arising from this assessment focus on mitigating the most common attack vectors identified. Organizations should enforce strong, unique passwords for all user and service accounts, implement privileged access management to restrict administrative rights, and apply the principle of least privilege to reduce the number of users with elevated access. Additionally, monitoring for abnormal Kerberos ticket requests and reviewing administrative group memberships regularly can help detect and prevent unauthorized privilege escalation attempts. This assessment reinforces that credential hygiene and privilege management remain the most critical elements of AD security. Even in well-patched environments, weak passwords and poorly controlled administrative access can provide attackers with a pathway to full domain compromise. Effective AD security requires not only technical controls but also rigorous operational policies governing account and privilege management.

Audit your Conditional Access policies in 60 seconds: 1️⃣ Export your CA policies as JSON from Microsoft Entra 2️⃣ Upload them to AccessLens Quick Scan 3️⃣ Get an instant security breakdown You’ll see: 🔍 Policy conflicts ⚠️ Security gaps 📊 Risk scoring 📋 Compliance mapping No sign-in. No permissions. No data leaves your browser. 🔗Free at accesslens.co.uk #MicrosoftEntra #ConditionalAccess #InfoSec #ZeroTrust

ADPulse. Active Directory security auditing tool that connects to a domain controller via LDAP(S), runs 35 automated security checks, and produces detailed reports in console, JSON, and HTML formats github.com/dievus/ADPulse

You deploy a #PowerShell script in #Intune and expect it to run immediately. Reasonable… right? 😅 Not exactly. This blog breaks down what actually triggers the Intune Management Extension (IME) to evaluate and run PowerShell scripts and why pressing Sync doesn’t do what most admins expect. Take a look: bit.ly/4aXmKLS #MSIntune #SysAdmin #ITCommunity #MoreThanJustPatching

🚨 Credential Dumping: Phishing Windows Credentials 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Phishing attacks are commonly used to capture Windows credentials by tricking users into entering their login details on malicious prompts or fake login screens. Once obtained, attackers can reuse these credentials to gain unauthorized access and move laterally inside the network. ⚡ Key Tools Used for Windows Credential Phishing 🛠️ Metasploit Framework 🎣 phish_windows_credentials 🖥️ FakeLogonScreen 🔐 SharpLocker ⚔️ PowerShell Empire 📦 Collection/prompt 🍞 Collection/toasted 💉 Koadic 📩 Password_box 📜 PowerShell 🧪 Invoke-CredentialsPhish.ps1 🔑 Invoke-LoginPrompt.ps1 🎭 Lockphish 📖 Article: hackingarticles.in/credential-dum… #CyberSecurity #EthicalHacking #RedTeam #Pentesting #CredentialDumping #Phishing #InfoSec

@La_SER @MACamposP Igual que Mónica Oltra… no teniu vergonya.

🔴 ÚLTIMA HORA | La Fiscalía se opone a imputar a Mazón por la DANA al no advertir aún indicios de suficiente solidez contra el expresident Informa @MACamposP cadenaser.com/nacional/2026/…

🚨 Credential Dumping: LAPS Abuse 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles In Windows environments, Local Administrator Password Solution (LAPS) stores local administrator passwords inside Active Directory attributes. If an attacker gains permission to read these attributes, they can retrieve the credentials and perform lateral movement across the network. ⚡ Key Tools for LAPS Enumeration & Dumping 🛠️ Impacket ⚔️ NXC Tool 🐍 PyLaps 📦 LAPSDumper 🩸 BloodyAD 🔎 ldapsearch 💣 Metasploit: ldap_query 🔗 impacket-ntlmrelayx 🖥️ ldap_shell 📜 PowerShell 🌐 NetTools 💎 SharpLAPS 🚀 Metasploit: enum_laps 🧠 PowerView 📖 Article: hackingarticles.in/credential-dum… #CyberSecurity #ActiveDirectory #RedTeam #Pentesting #CredentialDumping #EthicalHacking #InfoSec

Technical deep dive of PowerShell and Windows Script Host, performed by @ERNW_ITSec bsi.bund.de/SharedDocs/Dow…

Deceptive-Auditing. updated toolset to deploy deceptive AD objects and audit them to detect activity github.com/SeanMinnick/De…

Kerberoasting Attack in Active Directory 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles This article explores Kerberoasting, a stealthy attack in Active Directory that exploits Service Principal Names (SPNs) to extract and crack TGS ticket hashes, revealing service account passwords. 📘 Kerberoasting Walkthrough 📋 Prerequisites 🧪 Lab Setup 🎯 Method for Exploitation – Kerberoasting Attack (T1558.003)  🧰 NetExec (nxc)  🐍 Impacket - GetNPUsers  🎯 targetedKerberoast Script  💥 Metasploit Module  🔐 Rubeus  🪟 Windows PowerShell – Kerberoast 🔍 Detection & Mitigation #infosec #cybersecurity #cybersecuritytips #microsoft #redteam #informationsecurity #CyberSec #ai #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips

🚨 Active Directory Pentesting with NetExec 🔥 Telegram: t.me/hackinarticles NetExec (NXC) is a powerful tool for Active Directory enumeration and exploitation, helping pentesters discover users, validate credentials, perform Kerberos attacks, and identify privilege escalation paths in AD environments. ⚡ Key Techniques 👤 User & Account Enumeration – Discover domain users and active accounts 🔑 Credential Testing – Validate passwords or NTLM hashes 🎟 Kerberoasting / ASREPRoasting – Extract Kerberos hashes for offline cracking 🧠 BloodHound Collection – Map attack paths in Active Directory 🛡 Privilege Enumeration – Identify admin accounts, group memberships, and misconfigurations 📖 Article: hackingarticles.in/active-directo… #CyberSecurity #ActiveDirectory #Pentesting #NetExec #RedTeam #EthicalHacking