The slides of our joint research talk “10 Years of Windows Privilege Escalation with Potatoes” at #POC2023 are out! 👉 https://t.co/nowgGQHA73 cc @decoder_it

Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅 https://t.co/2YxXlaRMMC

Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: https://t.co/KnuLXeNLUc 🙃

Remember the CredMarshalInfo trick? If you hadn’t applied the June 2025 patch, CVE-2025-33073 would have been critical. We know that in NTLM local auth, msg 3 is empty:You can drop sign/seal -> from Domain User to DomainAdmin escalation. 😅

Why lock your coding agent to one model when you can use them all? Cline is the open-source coding agent that connects to any inference endpoint - Bedrock, Vertex, Azure, or on-prem. Works everywhere your developers do: VS Code, JetBrains, CLI, and CI/CD.

my simple poc:

Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used. Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.

Better socket handle visibility coming soon to @SystemInformer 🔥 When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩

Apply here → https://t.co/0bH9DST7Nc Happy to chat if you want to learn more.

The role is opened in multiple locations in Europe (we’re hiring across Italy, Spain, Poland, Czech Republic, Slovakia and France), with optional relocation support to Czechia if you'd prefer to move (must be eligible to work in the EU already at the time of applying).

If you’re into Windows internals, reverse engineering, exploits and anti-tampering research, breaking and defending at kernel level and want your work to power detection at scale this is your chance to do hands-on impactful research with a passionate and highly skilled team.

I’m hiring Staff Windows Security Researchers to join my XAT (eXploits and Anti-Tampering) team at @SentinelOne! 🔥 👉 https://t.co/0bH9DST7Nc More details 👇

In my long history of submissions, I think this is the first time one has been marked as critical😅

Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 https://t.co/P793dQAZdu #infosec #securityconference

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️ https://t.co/OztMeuoU5L

Microsoft has discovered post-compromise exploitation of CVE 2025-29824, a zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS), against a small number of targets.

NTLM relay is still a major threat and is now even easier to abuse. We just added new NTLM relay edges to BloodHound to help defenders fix and attackers think in graphs. Read my detailed post - the most comprehensive guide on NTLM relay & the new edges: https://t.co/6MnmlzVjNq

We (me + @2igosha) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll”

Check out our new blog post!

new #elastic defend rules out : - PPL bypass via ComDotNetExploit - Execution via Windows-Run (trending delivery method ITW) https://t.co/YowLJu4IIJ

Do you want to invest like a champion? Get the best research tools available. Join @MarketSurge for the best trading platform —> https://t.co/M9dl0wflVQ

Hey, we should really switch from NTLM to something like Kerberos, yet another good reason, right? cc @ShitSecure @splinter_code 😂🤣

KrbRelayEx-RPC tool is out! 🎉 Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;) https://t.co/Aebt5iFIjC