Nothing new, but formalized some operator notes on Entra ID/Azure tradecraft I've found to be exceptionally useful on ops. Overlooked this myself for quite some time and thought others in the same boat might find it worth a read! 📖.

Mythic support is not agent specific so any Mythic agent you run the ldapsearch bof from should be compatible with this.

Couple of new and not-so-new commits to bofhound added support for additional parsers.- Mythic logs (connecting to a live Mythic server).- OutflankC2 logs.- Havoc logs. And support to directly upload output to BHCE for you.

RT @RedByte1337: GraphSpy just got scarily powerful!🔥. 🤖Automated device code entry.🖥️Post-comprimise automation (device registration, WinH….

RT @_xpn_: So excited to see this one come out! Awesome post from @n0pe_sled on why IdP's should still be scrutinized! (tl;dr: OneLogin le….

RT @SpecterOps: Wondering how you can maintain persistence while staying under the radar?. Antero Guy just dropped his guide on COM hijacki….

RT @kyleavery_:

RT @_logangoins: I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum o….

RT @podalirius_: 🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!. First release (the core lib….

RT @infosecnoodle: Short post on an alternative method for obtaining Microsoft Entra refresh tokens via Beacon. Proof of concept BOF is ava….

RT @its_a_feature_: Many in the Mythic Community have asked for a way to standardize BOF/.NET execution within Mythic Agents. Today I'm rel….

RT @binitamshah: cuddlephish : Weaponized multi-user browser-in-the-middle (BitM) for penetration testers : . Detai….

RT @RedByte1337: 📧 GraphSpy 1.5.0 is out now and brings a brand new Outlook Graph module!. ✅Read emails in any folder.✅Send HTML-formatted….

RT @AndrewOliveau: RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM….

RT @SpecterOps: Accurately see what permissions are exploitable in your AD environment. @_Mayyhem discusses a recent update in BloodHound t….

RT @unsigned_sh0rt: Along with this blog, I published an update to SCCMHunter that enables credential recovery all from the admin module. N….

RT @freefirex2: Would you like to transition from local user to cloud access w/o having to dump browser cookies or hope SSO via kerberos is….

RT @pentest_swissky: BOFHound: AD CS Integration by Matt Creel (@Tw1sm)

RT @SpecterOps: SlackPirate sets sail again! 🏴‍☠️. In his latest blog post, Dan Mayer intros his new PR to SlackPirate that lets you loot S….

RT @_xpn_: Achievement unlocked, my first blog with SoecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PR….