I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution!.

RT @G0ldenGunSec: Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can….

RT @Yeeb_: Created small tool that joins a device to a Tailscale network and exposes a local SOCKS proxy. It’s built for red team pivots an….

RT @unsigned_sh0rt: Last week we added ELEVATE-4 to Misconfiguration Manager. tl;dr If SCCM uses AD CS for PKI, cl….

RT @SpecterOps: So you've compromised a host that isn’t cloud-joined. Antero Guy breaks down how to request OAuth tokens & enumerate an Ent….

RT @ShitSecure: After today’s talk at #TROOPERS25 I’m releasing BitlockMove, a PoC to execute code on remote systems in the context of a lo….

RT @subat0mik: Thanks to everyone who attended our (@unsigned_sh0rt) talk at @WEareTROOPERS! Here is the companion blog post: https://t.c….

RT @SpecterOps: Are you at #TROOPERS25? Don't miss @subat0mik & @unsigned_sh0rt's follow-up to their talk last year, providing an update on….

RT @Jonas_B_K: I publish two blog posts today! 📝🐫 . The first dives into how we're improving the way BloodHound models attack paths through….

RT @SpecterOps: Introducing the BloodHound Query Library! 📚. @martinsohndk & @joeydreijer explore the new collection of Cypher queries desi….

RT @hullabrian: I just released COMmander - a .NET tool designed to provide an easy to use interface for COM and RPC based attacks. It taps….

RT @harmj0y: Thank you so much to @x33fcon and its organizers for an awesome experience! @tifkin_ and I had a blast talking about the new N….

RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromi….

RT @RedTeamPT: 🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:. 🪞 The Reflective Kerberos Relay Attack - Remo….

RT @SpecterOps: Recently, Microsoft changed the way the Entra Connect Sync agent authenticates to Entra ID. Check out our latest blog pos….

RT @SpecterOps: Ready to level up your offensive security career? 📈. Join our Consulting Services team as a Senior Offensive Security Consu….

RT @SpecterOps: BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escala….

RT @theluemmel: Extended on @_logangoins work for BadProcessor.Fully native PowerShell.Domain joined or not doesn't matter.Check DCs.Check….

RT @YuG0rd: Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump….

RT @Shikata_VX: Bad successor.