I didn't want to rush it. Though, I finally took the decision to leave Twitter. 😢 See you on the other side. 👋 @itm4n@infosec.exchange https://t.co/eiUDbrP2Iz

The python BloodHound ingestor was updated to support GPO/OU/container collection. Thanks to @_zblurx for the PR. The python version is now functionally equivalent to the official C# version for DCOnly collection. Also thanks to @itm4n who added registry based session enum 🔥

Here is my new blog "Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis", Part 2 will be released soon. Stay tuned!

Save the Date ! Insomni'hack 2023 will be on March 20th - 25th 2023 and we will be at a brand new venue in Lausanne ! More details: https://t.co/3Pyvk4IID5 #INSO23 #CTF #STCC Photo: STCC

For the beady eyed, even on patched machines this should open up a new lateral movement technique too.

Some news about PrivescCheck! 📰 If you are a Metasploit user, please note that I finally solved a (stupid) issue that prevented the script from working properly with "powershell_execute". 🥳 More info on GitHub. 👉 https://t.co/OZfgHlAq8S 👉

Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more! https://t.co/h85p3cCO1N

The July 2022 update of Windows 10/11 killed PPLdump 💀😢 Find out how in this blog post... 👉 https://t.co/o0izvkkSm0

🧵In part 5 of the blog series we're looking at implementing and bypassing common EDR functionality. As a part of this we look at Kernel Callbacks, Hooks, and Thread Call Stacks: https://t.co/l5C7jnBYTw 1/3

Cheers to @itm4n for inspiration, @topotam77 for PetitPotam, and @tiraniddo for NtObjectManager. New post detailing #RPC auditing with NtObjectManager https://t.co/7brWus4LoV

I revisited the Credential Guard bypass originally discussed by @N4k3dTurtl3. Have a nice reading! 🙂 👉 https://t.co/tlXLLlsW5M TL;DR It is possible to get rid of hardcoded offsets...

You like NTLM relays to LDAP? Same. There's a unique error that will identify whether LDAP EPA (channel binding) is enforced, and it can be determined from an unauthenticated perspective. Here's a PoC to check for both channel binding and server signing: https://t.co/s7qGACH4DY

There is now a check for this in PrivescCheck (available through the "-Extended" mode). Thanks @splinter_code ! 🙏

My last blog post for 2021 is out! 🔥 The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory Enjoy the read :D https://t.co/Vsgy3GHLPy

Exploit for CVE-2021-40449 released S/O to @RedDrip7 who created an exploit based on my original PoC, and then I made an exploit based on their exploit, which is based on my PoC. Funny. Features a neat technique from RedDrip that I hadn't seen before https://t.co/teaKElpIWZ

Some of you asked for a part 2, so here you go! 🔥 From RpcView to #PetitPotam 🔥 👉 https://t.co/4DBBIExqGW In this post I explain how you can reproduce the #PetitPotam trick using RpcView, but the same principle can be applied to any Windows RPC interface. 🙂

Thanks to @SAERXCIT, #PrivescCheck now enumerates volume shadow copies and checks whether SAM/SYSTEM/SECURITY files are readable as a low-priv user. #HiveNightmare #SeriousSAM 👉 https://t.co/GS4Clqyomf

NTLM relay over and over again! Great blog post by @sploutchy explaining a new NTLM relay attack vector over RPC using MS-DCOM... and #impacket 😀 https://t.co/BcoNzkb1Hp

#RemotePotato0 new release! Now you can also grab and steal the NTLMv2 hashes of every user logged on a machine from an unprivileged user! ✅ works fully local - no network interaction (except win 2019) ✅ ntlm related ✅ won't fix Windows in 2k21 cc @decoder_it