Finally releasing Sekken-Enum, an ADWS enumeration BOF we've been using internally for a while now. Based on the research from SOAPHound/SoaPy moving away from relying on .NET execution or proxying. Output works with BOFHound for Bloodhound ingesting. https://t.co/wVF2safhXC

🦀🦀 https://t.co/K5NSxUrLoM

Password cracking with https://t.co/Yoyypck3N8 made easier :) Enjoy. https://t.co/1xXYbuJaWG

My hot take on AI 🌶️. It's less about efficincy and more about scale. https://t.co/89AtZ7EOeg

Another awesome bit of linux Maldev research work from @k0zmer

🔥 https://t.co/cMhyy97kBR

Nice new feature incoming for those RT's out there using Tailscale for inf. https://t.co/tzOe7CPD8L This change imo, addresses the what if on tail-scale being compromised. Cant really see any reason for headscale in prod if this is correctly rolled out now?

Looks sick, gui and automate all the things :)

We've been putting these to good use lately on some ops. https://t.co/kpigB11j79 Keep an eye on future updates from @k0zmer. #redteam

I'm calling it. Security has been solved.

🫡🫶

Excited to share that the @malcrove Red Team just dropped new blog and new tool SeamlessPass! utilizing Microsoft’s Seamless SSO feature to acquire access tokens for Microsoft 365 services by leveraging on-premises Active Directory Kerberos tickets https://t.co/pcYuhU7sbg

I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code. The client is now fully extendable and scriptable via the Python API

One persons outage, is another persons OSINT op 😂

My talk on automating red team inf is out! There is a slight change to the release schedule mentioned in the talk. The API poc will be coming soon, but there have been some delays. Keep an eye out. Thanks for having me #x33fcon ! Looking forward to the next one!

Linux symbol obfuscation using `dl_iterate_phdr`. Great bit of research and blog from @k0zmer https://t.co/eCzuarw6uW

Great talk on the process and results of hunting logic bugs in Mac land.

So... this is a pretty accurate description of the current situation...

I can make you click a phishing link. Want to know how? Just click this link and I will teach you ;) Don't worry. This is not a test. Nobody will know. Just do it:

A few weeks ago I gave a talk at @a41con on how to phish for PRTs and phishing resistant authentication methods 👀. The slides, plus a demo video on how to do this with credential phishing are now on my blog: