Defte_ Profile Banner
Aurélien Chalot Profile
Aurélien Chalot

@Defte_

Followers
3K
Following
3K
Media
60
Statuses
1K

Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.co/SqDDhIGGGh 📖 🔥 Hide&Sec 🔥

The grid
Joined November 2017
Don't wanna be here? Send us removal request.
@Defte_
Aurélien Chalot
3 months
If you have seen the WinRM relay blogpost. Let me apologize. I realized too late that this technique worked because of NTLMv1 being activated. It won't work for NTLMv2. Nonetheless, I believe the feature is still interesting and have corrected the blog
3
23
145
@Defte_
Aurélien Chalot
8 days
RT @sensepost: Adriaan was struggling to get an interactive shell on the *nix application server he had popped, so he wrote a turn-based mi….
0
17
0
@Defte_
Aurélien Chalot
10 days
RT @OrangeCyberFR: 🎙 La conférence @_leHACK_ se tiendra du 27 -29/06 à @citedessciences #leHACK. 🛡 Retrouvez les talks de nos 3 collaborate….
0
5
0
@Defte_
Aurélien Chalot
11 days
RT @mrd0x: FileFix - A ClickFix Alternative.
Tweet media one
0
178
0
@Defte_
Aurélien Chalot
12 days
RT @al3x_n3ff: Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥. TL;DR:.If the Windows Se….
0
146
0
@Defte_
Aurélien Chalot
22 days
RT @RedTeamPT: And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 h….
0
14
0
@Defte_
Aurélien Chalot
24 days
RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromi….
0
262
0
@Defte_
Aurélien Chalot
1 month
RT @infosec_au: IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic thr….
0
235
0
@Defte_
Aurélien Chalot
1 month
👀.
@_leHACK_
leHACK
1 month
🇬🇧 Payloads in cache, fake creds, stealth backdoors. #leHACK 2025 talks are not here to play. 👀 Check the lineup → 🎟️ Still a few spots:
Tweet media one
Tweet media two
0
0
3
@Defte_
Aurélien Chalot
1 month
RT @DirectoryRanger: Active Directory Hardening Series.Part 1 Disabling NTLMv1 Part 2 Removing SMBv1 .
0
104
0
@Defte_
Aurélien Chalot
1 month
RT @theluemmel: Took @akamai_research's script for BadSuccessor and improved it a bit. - runs from non domain joined systems.- works in fo….
0
116
0
@Defte_
Aurélien Chalot
1 month
RT @YuG0rd: 🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability.It allows….
0
371
0
@Defte_
Aurélien Chalot
2 months
RT @DebugPrivilege: Decided to dive into the internals of Volume Shadow Copy (VSS). If you're curious about how the different VSS component….
0
72
0
@Defte_
Aurélien Chalot
2 months
RT @ly4k_: 👇.
0
125
0
@Defte_
Aurélien Chalot
2 months
RT @0gtweet: WHAT?! 😂.If you provide /FS:FILESYSTEM parameter to the format[.]com utility, the resulting process will try to load ("U"+FILE….
0
525
0
@Defte_
Aurélien Chalot
2 months
Wtfffffffffffff.
@vxunderground
vx-underground
6 months
Shoutout to the homies at "IObit Malware Fighter". Their IMFForceDelete driver is so wildly vulnerable, and poorly written, you can have their driver arbitrarily delete any file on the machine with 0 privileges and literally 1 line of code. Thanks @_mmpte_software for sharing
Tweet media one
0
0
4
@Defte_
Aurélien Chalot
3 months
Amazing.
@xaitax
Alex
3 months
Easter drop 🐣: Chrome App-Bound Encryption Decryption (CreateRemoteThread + LoadLibrary Injection). • No more admin rights.• No path constraints - run anywhere.• Chrome / Brave / Edge.• No Alert on Defender 4.18.24030.5.
0
0
1
@Defte_
Aurélien Chalot
3 months
Today I have learnt to double/triple/quadruple checks my research results before publishing. Won't do the mistake again. And once again sorry for the false information :/.
2
0
14
@Defte_
Aurélien Chalot
3 months
Nonetheless this module can still be used on specific uses cases (mitm, ntlmv1 downgrade attack, misconfigured WinRM). So I'll leave the PR on impacket for these use cases.
1
0
4
@Defte_
Aurélien Chalot
3 months
ERRATUM: few people pointed out that the technique didn't work in their lab and indeed it shouldn't. I realize a bit too late that NTLMv1 was enabled on the domains I tested it and it does not support CBT hence the success. Sorry guys for spreading partially wrong informations. .
1
3
9