Kerberos downgrade attack (@tiraniddo), Havoc C2 (@C5pider), ASNmap (@pdiscoveryio), static vs behavioral detection (@ShitSecure), Freeze payload toolkit (@Tyl0us), multiple tools from @D1rkMtr, cheap Yubikeys, Playstation 5 jailbreak, and more!
AttachMe Oracle Cloud vuln (@eladgabay_), JuicyPotatoNG service to SYSTEM privesc (@decoder_it + @splinter_code), personal phishing (@Direct_Defense), AD CS pwnage (@theluemmel), Kerberos FAST protection (@4ndr3w6S), service exploitation via pipes (@x86matthew), and more!
CloudFox (@sethsec + @cvendramini2), MiraclePtr in Chrome, Jetty hacking (@m1ke_n1), ExternalC2 myths (@RET2_pwn), NTLMv1 attacks (@n00py1 + @an0n_r0), Golden Ticket patches soon (@varonis), plaintext Citrix passwords (@gentilkiwi), and more!
Avoiding memory scanners (@kyleavery_), EvilnoVNC critiques (@TheXC3LL), Athena 0.2 (@checkymander), Monkey365 (@tr1ana), reFlutter (@lmpact_l), gTunnel/SOCKS (@greycatsecurity + @hotnops), cobaltstrike-headless (@codex_tf2), and more!
Nmap turns 25 (@nmap), PersistAssist (@Grimmie), SCM attack toolkit (@h4wkst3r), nf_tables privesc (@saidelike), the BloodHound Attack Research Kit (@_wald0), MS Teams Phreaking (@moritz_abrell), blinding Sysmon (@testert01 + @thefLinkk), EvilnoVNC (@JoelGMSec), and more!
AceLdr (@kyleavery_), DLL fun (@Wietze + @ConsciousHacker), CI/CD pwnage (@smarticu5), Kerberos LPE (@monoxgas + @tiraniddo), Burp ➡️ C2 profile (@codex_tf2), AD CS + PIV (@_EthicalChaos_), and more!
The end of PPLdump (@itm4n), beacon detection (@domchell), 30k Wordpress XXS+SQLi (@MrTuxracer), string encryption in c++ (@mcbroom_evan), create a DLL hijack (@x86matthew), and more!
Oauth hijacks (@fransrosen), Macros are back, but also not (@serghei), AD magic (@_dirkjan), Altiris for lateral movement (@__invictus_), next level token stealing (@harmj0y), xss to cread stealing (@hoodoer), and more!
In the wild 0days (@maddiestone), new Win11 primitive (@yarden_shafir), Cloudflare ZeroTrust for C2 (@zux0x3a), macOS LPEs (@LinusHenze + @zhuowei + Jack Dates of @ret2systems), SCCM abuse (@subat0mik + @_Mayyhem), Diamond Tickets (@4ndr3w6S), and more!
Pre-auth RCE on Oracle Cloud (@peterjson + @testanull), Global Jacuzzi hack (@XeEaton), goodfaith scoping (@ryanelkins), Tailscale SSH (@MayaKaczorowski), WerFault lsass dumper (@asaf_gilboa + @s4ntiago_p), ADFSRelay (@praetorianlabs), modern C2 (@preemptdev), and more!