Hugow
@hugow_vincent
Followers
913
Following
6K
Media
81
Statuses
3K
Red Team and research @synacktiv @rustyphasm.bsky.social
Joined January 2014
Are you a cool kid ?.
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB š.Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:.
0
1
15
RT @lampnout: Looking at a Roadrecon collection through the lenses of SQLiteBrowser may pay dividends. It allows you to perform custom SQLā¦.
stmxcsr.com
This post provides a list of SQL queries for the Roadrecon database to audit various areas of Microsoft Entra tenant configuration
0
22
0
RT @watchtowrcyber: We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-5ā¦.
labs.watchtowr.com
Weāre back, and weāve finished telling everyone that our name was on the back of Phrack!!!!1111 Whatever, nerds. Today, we're back to scheduled content. Like our friendly neighbourhood ransomware...
0
41
0
RT @_dirkjan: If you didn't find my Black Hat / Def Con slides yet, they are available on . Also includes the demoā¦.
dirkjanm.io
0
69
0
RT @noperator: A new tool: Slice šŖ With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discoverā¦.
0
41
0
RT @adnanthekhan: I donāt think people realize how bad this bug could have been. The fact they were vending a multi-tenant GitHub app privaā¦.
0
10
0
RT @wil_fri3d: gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: It is a specialized utilā¦.
github.com
gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory environment. - synacktiv/gpoParser
0
169
0
RT @Synacktiv: Don't miss @kalimer0x00 at #DEFCON33! .His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths aā¦.
0
20
0
RT @Synacktiv: Catch us at #DEFCON33!.@quent0x1 and @wil_fri3d will show how to turn your Active Directory into the attackerās C2. They'llā¦.
0
15
0
RT @TheLaluka: Vous ĆŖtes vous dĆ©jĆ demandĆ© pourquoi PARFOIS il n'y a pas stream ???.Well, soit boulot, soit. CA ! š..
0
2
0
RT @vcslab: šØ Shocking impact from the SharePoint vulnerability we found at Pwn2Own! š±.Despite our efforts to patch it š¤, many systems areā¦.
0
9
0
RT @frodosobon: Red teaming will go back ten years ago. Proxy Socks (nothing better than chisel) and no Fork&Run / BOF . Only proxychains.
0
3
0
RT @Synacktiv: š Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja @_remsio_ studied the impact of itsā¦.
synacktiv.com
Laravel: APP_KEY leakage analysis
0
39
0
RT @_dirkjan: How not to do multi-tenant apps. Nice find by @_harleo from modzero, compromising Synology Active Backup client secrets (fromā¦.
modzero.com
0
41
0
RT @coffinxp7: Finally, hereās the detailed article where I walk you through, step by step how to find this vulnerability in real bug bountā¦.
infosecwriteups.com
Hackers Are Earning šø$XX,000+ With This Secret TrickāāāNow Itās Your Turn
0
46
0
RT @TheLaluka: š£ Hello š£. Rien de prĆ©vu le 1er Juiller au soir ?.Cool. Maintenant oui ! š. RDV Mardi 1er Juillet Ć 21h sur .
0
20
0
RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromiā¦.
0
261
0
RT @Synacktiv: For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! š„ Congratulations to @gmoā¦.
0
23
0
RT @compasssecurity: Many CI/CD tools promise to keep your dependencies up to date - but if misconfigured, they can expose your organizatioā¦.
0
2
0
RT @YuG0rd: š We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability.It allowsā¦.
0
373
0
RT @UK_Daniel_Card: I don't bypass an EDR. I might avoid one, or I might just use a legitimate tool that is signed and doesn't alert. Thā¦.
0
10
0