Bang on Iain! As much as the example in the blog post works, getting c2 over any form of filesystem, is the real gem here. Even locally for privesc, get a system shell without worrying about proxies for example. Looking forward to see what folk come up with use case wise.

"OpSec is hard" if you think this and you've only worked on an external team. Just wait until you work for an internal one. 😅

Just released a blog exploring python package management: https://t.co/bbiCqImuv1

Really great training sesh with @SinSinology brill workshop. Definitely recommend it and the 4 day training with @watchtowrcyber

Croeso BSides Aberystwyth, bydded i ni fod y cyntaf i'ch croesawu a phob lwc ym mis Tachwedd! https://t.co/LDXdv958mU #Security #BSides #Aberystwyth #BSidesAberystwyth

FileFix - A ClickFix Alternative https://t.co/OMU7UADf9J

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. https://t.co/GY37MMfCGl

When your team is reading TI reports for an upcoming exercise and goes "No way, There is no way a proper APT would ever do something as basic as this..." introducing APT herptyderp

This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range. https://t.co/mGWU5Hdwi6 And yet... they got caught doing this!

Just made an account over on BSky. Come find me :) https://t.co/zsZdHXjbkf Gives off real classic twitter vibes.

Great article with lots of details about attacks that happen irl. We should remember that many orgs don't require MFA from on-prem. Also, service accounts (i.e. entra sync account) won't have MFA. Threat Actors can also use PRTs and Access tokens to access M365/Azure.

Understanding EVERY Token in Entra ID 🔎 Not all tokens are equal. There are many different types with different uses and benefits. In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain. Full blog

The typical right-wing nutter... In response to JSO: "Protesting shouldn't inconvenience the public! This is illegal! People should run them over! They hurt our emergency services!" In response to #UKRiots: "i'm gonna nick some crocs, punch a copper and set fire to a shop"

Teaching the Old .NET Remoting New Exploitation Tricks – read how @mwulftange developed novel techniques to exploit Apache log4net's hardened .NET Remoting service:

📢 New blog post out! 💡 I've been working on this blog for quite some time and I am honored and very happy I was given the opportunity from @alexverboon and @castello_johnny to present this in today's @KqlCafe. ➡️ Windows Linux Subsystem (WSL) by itself is a blind spot within

Another year, another @Steel_Con. Once again proving why its one of my favourite cons to go to. Great time seeing old friends, meeting new ones and catching great talks including one on norse mythology and threat modelling 😁 also my arm now belongs to a sponsor 😅

CTF details. Link below for our awesome Ctf brought to you by our partners @hackrocks_ and @hacktoria. 6 awesome challenges that give you the APIs for our arena, wanna fire our flipper ??? Get registered and crack our awesome challenges @BSidesBSK

I've made some long awaited updates to SQLRecon! Here's a couple of videos highlighting some of the big additions. Tool: https://t.co/lACpTXx94o Check out this thread ⬇️

Teams needs a "don't notify on @everyone or @<channel name>" like discord. Stat. This is worse than "reply all".

Domain Admin credentials delivered across the network to workstations and servers

Laughs in ham radio.