ret2src

Introducing RelayKing. github.com/depthsecurity/… Blog: depthsecurity.com/blog/introduci… Automatically identify relay attack paths. No longer will you be left to manually detect a comprehensive inventory of all the relaying vectors on your engagements. It will detect signing/EPA settings on all protocols you specify, NTLM reflection CVEs, and WebDav WebClient presence. Then, produce a comprehensive report of the relaying vectors on the network in your preferred output format. This ensures that you report ALL vulnerable instances easily, without the need for manual patching together of results from various tools. Ideal usage is with a set of low-privilege AD credentials, but it also supports unauthenticated scanning (with far less coverage). See GitHub and the blog post for more details. Please note that there ARE bugs. The LDAP(S) detection has been annoying but SHOULD be mostly solid. If you get suspicious results from it, please report an issue on GitHub with the config RelayKing reported, versus the actual one. Enjoy!

@Defte_ Patched version available from archpkgs (github.com/dadevel/archpk…) by @0x64616e tomorrow (as soon as the nightly build ran).

Self shadow cred is back again 🔥🔥🔥🔥🔥🔥🔥🔥🥳

@Defte_ Update: Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements: github.com/fortra/impacke… Now Shadow Creds are working again 😀

@ShitSecure Another way is to look for snapshots of a target VM and get the memory .vmem file. After converting the memory dump it should open in WinDbg and extract some secrets with Mimikatz extension.

Welcome to the EU, where the lunatics in Brussels take everything from us. While it was narrowly prevented this time, the next act of pure fascism disguised as safety will come. 1984 in all its glory.

@VNchocoTaco When have the insides of Apple products become so ugly? Looks like a cheap Android phone, some parts don’t even seem to be straight. Is this the company so obsessed about details and perfection?

iPhone 17 pro teardown This year it is even easier to replace battery, the battery is now glued to the midframe and can be detached. You unscrew the midframe, the battery come out with it. The vapor chamber is on the midframe, connect the motherboard to the rest of the phone

My colleague Mathias and I just finished our talk about "Relaying Unprivileged Users to RCE" at @MCTTP_Con. You can find our slides at github.com/svaredteam/tal…

Active Directory Pentest Mindmap v2025.03 Full view and updated map : orange-cyberdefense.github.io/ocd-mindmaps/i…

@nickvangilder @eliedelkind Funny, all of them are basically saying the same thing…what a coincidence

Microsoft: After extensive deliberation, Microsoft has decided to not participate in the evaluation this year. This decision allows us to focus all our resources on the Secure Future Initiative and on delivering product innovation to our customers. (techcommunity.microsoft.com/blog/microsoft…’s-participation-in-mitre-attck®-evaluations-enterprise-2025/4422639) S1: This decision was reached after a thorough review internally and is being made so that we can prioritize our product and engineering resources on customer-focused initiatives while accelerating our platform roadmap. (sentinelone.com/blog/sentinelo…) Palo Alto: After thoughtful evaluation of our priorities, we have decided to adjust the focus of our engineering and testing resources and will not be participating in this year’s MITRE evaluation. This decision enables us to further accelerate critical platform innovations that directly address our customers' most pressing security challenges and respond even faster to the evolving threat landscape. (paloaltonetworks.com/blog/security-…)

Intel on this?

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Better watch out for the TCP, I’ve seen it being abused by those pesky hackers over and over again!

no matter how hard you cyber, there will ~ALWAYS~ be another registry persistence you've never heard of.

@techspence @Abdulmalik_TTG Will you still be reporting ESC1, even without a PoC? In our reports, we use a special tag called “inconclusive” for such cases.

@Abdulmalik_TTG Couldn’t figure it out, and my engagement ended on Friday :-/

Has anyone seen this error when attemptin to abuse an ESC1? "KRB_AP_ERR_USER_TO_USER_REQUIRED"

Here's an initial release of a LDAP browser written in python with a nice GUI and some integrations with #BloodHound github.com/ZephrFish/pyLD…

#redteam Now, you can dump the #Windows password from the LSASS process with help from the past: WerFaultSecure.exe Github: 2x7EQ13/WSASS Experimental version: Windows 11 24H2 #Blueteam

So embarrassing

the jump scare of the morning award goes to @J0R1AN (it even adapts to different native calculators using UA-based OS detection :))

@vysecurity LinkedIn is a huge cesspool of ass kissers. Can’t stand more than three of the BS posts on there before I feel a strong urge to close the app again.

Man FML, every time I go on LinkedIn. It makes me realise how dumb it is.

The memes are on point today