Our ninjas are in Vienna for the T-REX conference! 🎤 @k3vinTell delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts. Thank you to the @oenb for hosting such a great event!

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00 @quent0x1 @wil_fri3d

🚨 Les experts français de @Synacktiv transforment le Thermomix en démonstration de hacking :) Manipulation de température, messages personnalisés... tout est possible ! On vous raconte ça 👉 https://t.co/PEMzzMrvAA #thermomix

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. https://t.co/EY5Z53w1ZT

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

To those who set the bar 🥂 Global Cyber Skills Benchmark 2025 is over, and the leaderboard has spoken. Huge congrats to the top corporate #cybersecurity teams who crushed it in this global competition: 🥇 @Synacktiv 🥈 @GMOsecurity24 🥉 https://t.co/ScP85R5ljR #HackTheBox

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to @gmo_ierae and Downscope and thanks to @hackthebox_eu for the fun challenges! 🥳

Our ninjas are attending SO-CON! Come and say hi 👋

I'm out, see you on the other side : https://t.co/tDdbG6pf4g

You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from @b1two_ (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :

You can now relay any protocol to SMB over Kerberos with https://t.co/5RNe2ykLAY and the latest PRs from @hugow_vincent. Thanks @_dirkjan for merging it! Here is an example from SMB to SMB:

I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! https://t.co/ruQJlXgLqV https://t.co/Yp25P6pZvH

Coffee break thoughts: "is it possible to bruteforce RPC endpoint to perform code exec if you can't access EPM/SMB?" 99% impacket atexec + 1% "for loop" = 100% prod ready https://t.co/1jecAPhXW0 (silent command only) h/t @saerxcit 🌻

https://t.co/rrK8yn7aPO. SCCM policies exploitation tool, by @croco_byte https://t.co/QCGKQeXFrC

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: https://t.co/4Drnk4BoBz

Octoscan, our GitHub actions vulnerability scanner, is now available as a GitHub action! It will find vulnerabilities in new commits and pull requests, and upload it to GitHub as it now supports the SARIF file format! https://t.co/lEcnccw8H3

Hi! We'd like to share our new research with you. You've probably heard about COM Hijacking, but we've found another way of persistence via COM. Typelib! Read the article here: https://t.co/UNujo5gwzU

Administrator Protection, introduced in the latest Windows Insider Canary build, is a solid security enhancement... uhh.. really?? can be bypassed with @splinter_code's clever SspiUacBypass tool. Check it out here: https://t.co/e1WWHi2Rnk

During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog!

Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!