RT @_logangoins: I Just documented a cool way to authenticate proxied tooling to LDAP in an AD environment using C2 payload auth context, w….

RT @SpecterOps: New blog post just dropped!. West Shepherd breaks down extending the Mythic Poseidon agent for ARM64 Dylib injection on App….

Join millions who have switched to Grok.

I wanted to find out if you could start the WebClient service remotely, so I ended up digging into it

RT @GrayHatKiller: Wrote a BOF that extracts access tokens from .tbres files by decrypting DPAPI blobs in the current user context, this to….

I don’t know how widely it was used, but fun fact is assemblyhunter has a way to quickly triage a host for electron apps. Sometimes false positives for apps that aren’t. I figured in the future electron would catch on 🙂

RT @JonnyJohnson_: Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been workin….

RT @M_alphaaa: I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object….

RT @AndrewOliveau: RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM….

RT @elad_shamir: NTLM relay is still a major threat and is now even easier to abuse. We just added new NTLM relay edges to BloodHound to he….

RT @hotnops: A new fun way to set shadow credentials.

I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful.

RT @Tw1sm: New blog up to cover manual AD CS enumeration using ldapsearch and the new release of bofhound 🔍 .

Looking around I hadn’t seen any python tools to interact with the registry that doesn’t use remote registry. So I made one that implements all StdRegProv methods

RT @_xpn_: New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA ove….

RT @FKasler: Dropping another "Phishing School" post. Learn how to select and categorize domains for phishing so you don't get blocked by r….

RT @jaredcatkinson: My On Detection series is back! In this edition I explore how the same behavior (operation chain) can be implemented us….

RT @jsecurity101: Without further ado - here is EtwInspector! . This is a C++ tool to help users interact with ETW providers. This tool sup….

RT @FKasler: Want to be better at phishing? I'm dropping the first two blogs in my "Phishing School" series today. The whole series is desi….

RT @synzack21: Curious about Intune's new EPM feature? So were we. In this blog @subat0mik and I explore the internals of EPM and share som….