kalimero
@kalimer0x00
Followers
464
Following
605
Media
2
Statuses
532
Joined July 2016
RT @SpecterOps: SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequence….
specterops.io
Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by relaying a remote management point site system to the site database server.
0
80
0
👀.
CVE-2025-47178 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code …
0
0
6
RT @x33fcon: "Owning #SCCM: A Journey from #Research to Critical Discovery" presented by @kalimer0x00 - #x33fcon #windows #red - https://t.….
0
24
0
RT @Synacktiv: Our ninja @kalimer0x00 is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the….
0
24
0
RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromi….
0
262
0
RT @x33fcon: Got SCCM? You need to hear this! At #x33fcon, @kalimer0x00 will share insights from his SCCM research, including tradecraft fr….
0
7
0
RT @Synacktiv: A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in….
synacktiv.com
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
0
64
0
RT @netero_1010: Something interesting I found in SCCM remote control.
netero1010-securitylab.com
20 October 2024
0
44
0
RT @Synacktiv: In our latest blogpost, @croco_byte explores the inner workings of SCCM policies and introduces a t….
0
56
0
0
8
0
RT @Synacktiv: WHFB on an Entra ID enrolled laptop? Dig with @___t0___ ,@yofbalibump and @netsecurity1 on the cache mechanisms in place !.h….
synacktiv.com
WHFB and Entra ID : Say Hello to your new cache flow
0
29
0
RT @Synacktiv: Want to know how deleted photos reappeared in iOS 17.5? Check out today's blogpost by @Lefnui 🍎.
synacktiv.com
Inside the iOS bug that made deleted photos reappear
0
34
0
RT @Synacktiv: Optimize your password spraying attacks & defenses by checking our latest blogpost on the Banned Password Lists (BPL) mechan….
synacktiv.com
Entra ID Banned Password Lists: password spraying optimizations and
0
18
0
RT @Synacktiv: And since good news never come alone, we also have 4 talks accepted for @sstic! GG @Julien_Legras, @kalimer0x00, @hugow_vinc….
0
5
0
RT @Synacktiv: Ever faced a WAF/EDR while exploiting a Java deserialization? Checkout our latest blogpost by @loadlow for a stealthier expl….
synacktiv.com
Java deserialization tricks
0
55
0
RT @Synacktiv: Bored of managing multiple proxychains configurations? @hugoclout developed bbs, a swiss army knife proxy manager for red te….
github.com
bbs is a router for SOCKS and HTTP proxies. It exposes a SOCKS5 (or HTTP CONNECT) service and forwards incoming requests to proxies or chains of proxies based on the request's target. Routi...
0
41
0
RT @hexacon_fr: Last sponsor we want to introduce is a special one: it's @Synacktiv, the company organizing #HEXACON2023. Leader in offen….
0
52
0
RT @Synacktiv: Have you ever wanted to extract, decode and decrypt all NTDS.dit data? We are glad to share with you a new tool: ntdissector….
synacktiv.com
Introducing ntdissector, a swiss army knife for your NTDS.dit files
0
73
0
RT @Synacktiv: During a security assessment, our ninjas @kalimer0x00 and @us3r777 found multiple vulnerabilities on the DELMIA Apriso softw….
0
12
0
RT @Synacktiv: Got access to a #CICD environment? Check out our latest article by @0hexit and @hugow_vincent to loot all the secrets that a….
synacktiv.com
CI/CD secrets extraction, tips and tricks
0
20
0