Nice blog post of @cube0x0 about elevating privileges in AD with built-in groups. cube0x0.github.io/Pocing-Bey… - I like the example regarding the 'Schema Admins' group a lot.
Bring a cup of coffee and read our last article from our owl @TheXC3LL. Hijacking connections without injections: a ShadowMoving approach to the art of pivoting adepts.of0x.cc/shadowmove-hi…
New pypykatz version 0.4.0 is out. Not on pip yet, as despite weeks of testing I still treat it as beta.
What's new:
1. new ASCII logo thanks to @thugcrowd 2. kerberos live functions thanks to @harmj0y (rubeus) 3. new DPAPI with Chrome and WIFI secrets 1/N
github.com/skelsec/pypykatz
Operating from a restricted environment without outbound connectivity? Venom allows for port reuse and even works on Windows (to my surprise). Now you can set up a SOCKS proxy without disturbing the original service!
Check it out 👉github.com/Dliv3/Venom
It has taken me a while and a few headaches to understand how Kerberos works across domains, but it is finally implemented in cerbero 🐶🐶🐶. Now you can ask for tickets, perform S4U impersonation and Kerberoasting across domains. gitlab.com/Zer1t0/cerbero/
Nueva temporada en @noconname . Vamos a ver como se desarrollan los acontencimientos. Tenemos todos los videos de #ncn2k20 procesados y los iremos subiendo cada miércoles 🥳
#FF@0xcsandker
I discovered his blog recently, and his articles are of very good quality. He approaches many Windows topics with precision and clarity. You should go and read his articles about IPC internals, authorizations, authentication protocols...
csandker.io/2021/01/10/Offen…
Want to know more about offensive #cloud security? Join Xavier Garceau-Aranda, Managing Security Consultant at NCC Group at #nsec on 27 & 28 May! bit.ly/3ia5iGO