5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post + a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6].

RT @Flangvik: New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when workin….

RT @Oddvarmoe: Thrilled and humbled to be awarded Microsoft MVP for the 10th year! 🙏 Grateful for the amazing community, endless learning,….

RT @h4wkst3r: A little over a week left to register for @retBandit and I's @BlackHatEvents #BHUSA training on attacking MLSecOps and AI-as-….

RT @_xpn_: Awesome talk from @Cyb3rWard0g on AI Agents. this for me is the immediate future of LLM's and it's so exciting! .

RT @vxunderground: Dear Red Team nerds,. If you're curious what a successful and serious malware campaign looks like (if you want to make a….

RT @_xpn_: Just found the TokenBreak paper referencing my Tokenization Confusion research. Some overlap in manipulating based on tokenizati….

RT @_Dwyer_: Dudes. please enable Detailed File Share auditing in your environment. All these attackers who switched over to the Impacket….

RT @SpecterOps: Struggling with reports? 😖 . As part of our Mythic Operator series, @its_a_feature_ guides you through the entire process -….

RT @Yeeb_: Created small tool that joins a device to a Tailscale network and exposes a local SOCKS proxy. It’s built for red team pivots an….

RT @unsigned_sh0rt: Last week we added ELEVATE-4 to Misconfiguration Manager. tl;dr If SCCM uses AD CS for PKI, cl….

RT @__mez0__: Under-the-hood, Ember uses LightGBM to score a sample from 0 to 1. I added this functionality into Citadel so any binaries ad….

RT @SpecterOps: ‼️ @mcbroom_evan will be presenting soon at @reconmtl! . Join his talk diving into LSA credential recovery and learn the re….

Happy Friday! @tifkin_ and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release

RT @_atsika: Wanna talk about Maldev, Red Team or Pentest ? I’ll be with @rayanlecat at @quarkslab booth, come to see us 🔥. #lehack https:/….

RT @TheOffensiveX: Wrapping up Offensive X 2025!. Thanks to everyone who made this event what it was. To the speakers, participants, the te….

RT @DrAzureAD: Slides from my @WEareTROOPERS talk are available at

RT @SpecterOps: In the year since Misconfiguration Manager's release, the security community has been actively researching new tradecraft &….

RT @h4wkst3r: Thanks to everyone who came to my @WEareTROOPERS #TROOPERS25 talk today! The slides are available here - .

RT @MarcOverIP: An attacker on your network is indistinctable from IT admins. As long as this is true, attackers win. (Loosely borrowing La….

RT @4ndr3w6S: Happy to finally share a new blog with @exploitph on our work revisiting the Kerberos Diamond Ticket. ✅ /opsec for a more ge….