a kiwi coding mimikatz, kekeo, wanakiwi, etc. github: github.com/gentilkiwi

France
Joined June 2011
CVE-2020-17049 is not only bypass acount is sensitive. You *CAN* obtain tickets with "Kerberos only delegation", not only with "protocol transition" Pre-requiste are still important, but attack surface is a little bit bigger :) Sorry for bad message @jakekarnes42
2
51
165
I deleted previous tweets, cause I was wrong, and I do not want people to get wrong messages because of it. I suppose my 2016 test domain November update was enough to limit the scope?
1
0
12
Indeed it was , was focused on technical not on real release of updates 😬
0
0
2
🥝 Benjamin Delpy retweeted
If I were an AV vendor I’d offer my small/medium business customers a “threat response” service, in which an analyst checks the telemetry data for highly relevant events &informs the customer by phone/email about a breach/hack/serious threat (E.g. checks with my cheat sheet)
15
98
564
🥝 Benjamin Delpy retweeted
Our third and final speaker in Dec 17th meetup is @UlfFrisk with his topic "DMA Abuses and In-Memory Malware Detection"! Join Ulf and the rest of the HelSec community on Dec 17th!🗓 #helsec
0
2
16
🥝 Benjamin Delpy retweeted
All the details for CVE-2020-17049 are now available! The overview contains a summary of the vulnerability and its exploit, including links to 2 deep dive posts which cover much more. blog.netspi.com/cve-2020-170…
6
174
284
Show this thread
🥝 Benjamin Delpy retweeted
They used to laugh at him. And call him names. So he killed them. He killed them all.
1,224
52,422
365,904
Show this thread
What surprised me with Windows NT5 CryptoAPI/DPAPI reverse was the way MS coders tended to avoid their own APIs, especially for DES/3DES/DESX/SHA1/MDx It gaves some interesting functions still here for legacy reasons Or the way we had to use fake RSA keys to import 3DES keys🤪
0
3
25
Very very close :')
Heeyyy Was not too far away #mimikatz
0
1
15
🥝 Benjamin Delpy retweeted
Challenge completed! Successfully sniffed the BitLocker key from the SPI bus, and decrypted the drive.
88
1,075
5,920