HTTP418

For the last few weeks I’ve been trying to build a usable AI Vishing model as cheaply as possible, hopefully my post may help others who are considering doing something similar! http418infosec.com/developing-an-…

Some thoughts on how to test against Scattered Spider TTPs and a quick summary on the current available TI. http418infosec.com/simulating-sca…

@theluemmel @pfiatde @lampnout There’s PowerBi as well..

@pfiatde @lampnout WHAT THE FUCK

Reflecting on a recent engagement, I gained new insight on how a standard user can perform searches on Active Directory using native Windows functionality. I was adamant about this functionality and documented it on this post stmxcsr.com/micro/search-a… for future reference

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec! posts.specterops.io/rooting-out-ri…

Today the Cyber Safety Review Board released its independent review of the Summer 2023 Microsoft Exchange Online intrusion laying out what led to the intrusion & what industry & gov't can do to ensure an intrusion at this magnitude does not happen again. go.dhs.gov/JRT

Amazon is the new source for OST 🔥🔥

The GoPhish API can be used for some fun and games, my latest post shows how single use phishing links can be made using GoPhish + AWS SES! http418infosec.com/one-time-phish…

MachineAccountQuota = 0, preventing you from grabbing NAA creds remotely? DPAPI to the rescue! Ported over NAA Extraction via DPAPI to sccmhunter. h/t: @agsolino & @clavoillotte for SystemDPAPI.py

Confused on the basics of C++? Hopefully this little post will help out with some of the confusion! http418infosec.com/deez-words-an-…

@Emiroda @_Mayyhem Extended Protection - prevents NTLM relaying from being possible! learn.microsoft.com/en-us/sql/data…

@_Mayyhem EPA?

You can take over SCCM by granting yourself Full Administrator privileges in the site database all in one go without a SOCKS proxy or waiting for an AdminID by using ntlmrelayx's -q option and nested SQL queries. You can require EPA to prevent this!

@theluemmel Thanks, very kind of you!

@HTTP418InfoSec Really awesome and comprehensive. Thanks. Also like your other blog posts ;)

I have just written a post (http418infosec.com/offensive-sccm…) summarising the various published SCCM attacks, from PXE enumeration through to Site Takeovers 1/2

@vendetce @_Mayyhem @garrfoster @_xpn_ @Raiona_ZA @DiLomSec1 Thanks, appreciate it!

@HTTP418InfoSec @_Mayyhem @garrfoster @_xpn_ @Raiona_ZA @DiLomSec1 Nice work, great read !

We would like to express our condolences to Blue Teamers. Microsoft has announced Microsoft Excel will now support Python. More information: techcommunity.microsoft.com/t5/microsoft-3…

Didn't have time to talk about the newly released TLDs last week, but here we go. File Archiver In The Browser: Emulating file archive software in the browser with a .zip domain for phishing mrd0x.com/file-archiver-…

Additionally, I have done another post on the basics of BloodHound for those who are new to the tool! (2/2) http418infosec.com/2023/05/19/blo…

I've just published a post on how Cypher language can be used to assess & audit an AD environment with some of its more complex features (1/2) http418infosec.com/2023/05/19/blo…

Another amazing article by @KimZetter, grab a cup of tea and make time to read this!

@CyberWarship Thanks!

"SharpRDPHijack: RDP Session Hijacking" #redteam #infosec #pentest http418infosec.com/sharprdphijack…