THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic

New S3 permission concept just released: S3 Access Grants.

Chandrayaan-3 Mission: 'India🇮🇳, I reached my destination and you too!' : Chandrayaan-3 Chandrayaan-3 has successfully soft-landed on the moon 🌖!. Congratulations, India🇮🇳! #Chandrayaan_3 #Ch3

BREAKING : Certified Red Team – CredOps Infiltrator [CRT-COI] course launch! Uncover the Windows Secret Storage Locations from low-level. Course Highlights: 🔍 Explore Windows Cred Storage Internals 💡 Dive into DPAPI, WDigest, LSASS, WiFi, Browser, Registry, Cred Mgr

https://t.co/4YeQWPz1Xw

Did someone say Microsoft Teams can be used for phishing? 😵 Wanna see how its done? 😈 Lets go:

Check out our new blog - A Pentester's guide to NoSQL Injection. https://t.co/RCWOJPT9uU Practice exploiting this at our FREE learning portal - https://t.co/1BpK2cey8g @Vulnmachines #bugbountytips #BugBounty #learning

null - The Open Security Community is looking for volunteers to work on our in-house developed null Swachalit platform ( https://t.co/0sCzIZ62D9) and null jobs portal ( https://t.co/dvju4tGv2R). If you are a full-stack developer or front-end developer and willing to volunteer,

🚨 BREAKING: Microsoft is releasing Copilot for Microsoft 365: - Word - Powerpoint - Excel - Teams Here's the summary:

If you have shell access on an EC2 and want to extract creds, instead of remembering how to get them from the 169.254.169.254 path, recent versions of the AWS CLI allow you to use `aws configure export-credentials --format env`.

I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy. But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! 😊 https://t.co/CPP2EfSKCb

Shocked and pained to hear this news. The country has lost one of the greatest legal luminaries of our times. God bless his soul.

Slides and recording of my Nov 11 2022 @DefCampRO talk "#Abusing #AzureAD #PTA vulnerabilities" is now available at https://t.co/aTUTlqttYy @Secureworks #PTAAgentDump tool I used is available at https://t.co/q0VQ14Oxw9

Our first PenTester certificate, Certified AppSec PenTester (CAPen) is now live. ✅4 Hours Intense Practical Exam ✅CTF Style- Real World Scenarios ✅Instant Result ✅No Lengthy Reports To Submit ✅Modern & Up-To-Date ✅Affordable ✅Online & On-Demand https://t.co/RKOREJBHBV

The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube:

Indian children while living with their parents don’t save on rent as they pay with their mental health.

Oh, a #LOLbin again? 🙄 1. Set HV_SSH_COMMAND to your exe 2. Launch "hvc.exe ssh dummyparam" 3. Enjoy!

Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC. Get TTPs and protection info:

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique https://t.co/uQJ88awWvd

Surprise! #PEbear is Open Source now! https://t.co/kmOynDCBFU - please check it out and let me know what do you think!