And the source code:

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

#pypykatz new version 0.6.11 is out on github and pip. Big thanks to all awesome contributors!! Besides the fixes, the two important things in this version: - Kerberos aes keys extraction is now supported - !!!!Windows 24H2 support is here!!!!! https://t.co/BFvq0VMkWD

Introducing PowerHuntShares 2.0 Release! NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares: https://t.co/t04BNLmuot

Just got some nice swag from @vulnlab_eu 😄

CcmPwn is equipped with various modules. The “exec” module runs an AppDomainManager Injection payload for every logged-in user. The “coerce” module coerces SMB/HTTP authentications, which can then be used for password cracking or relay attacks. 👇 https://t.co/QrfZr4VGKB

Found a flaw in NetBSD's utmp_update allowing injection of ASCII escape sequences into utmpx logs, leading to unexpected terminal emulator behavior and utmpx database integrity concerns. https://t.co/tNbdfD3zT3 #NetBSD #Security

Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc_de has you covered and added functionality to use DCOM instead of good old RPC #redteaming

It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!).

Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇

Did Bethesda hire the Microsoft UX team to work on Starfield? This is so shit. Really disappointed with the game so far.

Thanks to the generous folks @bcsecurity @hackthebox_eu @SANSOffensive @sektor7net and @nostarch for sponsoring prizes at the DEF CON Red Team Village CTF!

You can use the Windows Search Protocol to coerce authentication from hosts running the Windows Search Service (Win10/11 only by default) as a regular domain user. Haven't been able to do WebDAV with it though so usefulness is limited. PoC:

🔥 Excited to share my latest @Mandiant Red Team blog on "Escalating Privileges via Third-Party Windows Installers" https://t.co/01nYd4DmzJ Learn how attackers exploit this privilege escalation vector and ways to defend against it. Includes BOF release and a couple CVEs!

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam

Been playing with the .zip TLD for phishing, apparently Outlook on Windows doesn't let you click links containing credentials, mitigating the "attack". haven't seen anyone talk about this, weirdly. after looking into this a bit, I found a way to bypass this behaviour!

https://t.co/Ht6t7UthJq

Introducing ETWHash! ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline. https://t.co/wLmsQf71J8

More quality video content by @xct_de. Those labs are really great.

Vulnlab just released a new Active Directory lab called Wutai! Like Shinra, it’s a simulated corporate environment with about 15 machines spread across multiple networks, domains & forests. The lab focuses on exploiting misconfigurations & users - not CVEs.