Ladies and gentlemen - here is a Notepad* RCE you've always wondered whether it was possible. https://t.co/BIJtHdcPOZ *Well, the modern, AI-powered one.. Who could have thought that with more features you bring more bugs.

Non-malware schizos asking about why the Notepad++ malware payload was so interesting. Okay, we'll discuss it without getting too schizo. First, Rapid7 (and other various Cyber Threat Intelligence vendors) seem to generally attribute the Notepad++ compromise to Chinese APT

There are two main password attacks leveraged by adversaries; one is called Password Spraying and the other is called Kerberoasting. This post focuses on identifying accounts that may be targeted for Kerberoasting and how to harden the environment against Kerberoasting.

Yes, it's basically this #NotepadPlusPlusCompromise

‼️🚨 BREAKING: Notepad++ Hijacked by Chinese State-Sponsored Hackers Traffic from targeted users were selectively redirected to malicious update servers.

A small rant: The State of Art in Red Team is whatever you want to believe

New from @KingOfTheNOPs + @senderend: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents: 🐍 Medusa 🪽 Pegasus (new test agent) ❤️ Your fav agent (with simple integration guide) https://t.co/0jNpt5978o 🧵: 1/2

We published a new tool named PrefetchFileParser that enumerates and parses Windows Prefetch files (.pf) for extracting execution history. This tool can be utilized for both offensive and defensive purposes (see the README). https://t.co/Jnn6RWBL8Z

@Defte_ Update: Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements: https://t.co/g42CHDxQdB Now Shadow Creds are working again 😀

Introducing RelayKing. https://t.co/EiVApPiXzi Blog: https://t.co/0Vi6WxyAYq Automatically identify relay attack paths. No longer will you be left to manually detect a comprehensive inventory of all the relaying vectors on your engagements. It will detect signing/EPA

90% of cybersecurity is ‘who gave you that permission’

I can't believe Microsoft killed one of my favorite labs in my Entra ID training 😭. The Azure CLI and Azure PowerShell are no longer FOCI clients. On a serious note: good for security!

Architecture model for red team operations https://t.co/H39NEOZeLQ

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 https://t.co/2e2DBIndcU

me at my me for today’s wedding Maki episode

What an episode 🙌🏾

Adversaries weaponizing signed drivers as EDR killers? This is exactly why we built #loldrivers. wsftprm.sys (CVE-2023-52271) - legitimately signed, terminates AV/EDR via kernel access, NOT on MS blocklist. https://t.co/eM4F3uGXfb We've tracked it since Sept 2024. Defenders

Net-NTLMv1 is outdated, insecure, and must go. 🛑 To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment. Read more: https://t.co/g4gjEAhCiv

The Champions of Africa 🏆🇸🇳