Technical architect @SpecterOps. Code: Empire | BloodHound | GhostPack | PowerSploit | Veil-Framework. One time I broke forest trusts with @tifkin_

Seattle, WA
Joined August 2012
All the details for CVE-2020-17049 are now available! The overview contains a summary of the vulnerability and its exploit, including links to 2 deep dive posts which cover much more. blog.netspi.com/cve-2020-170…
6
174
284
Show this thread
New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
5
215
423
Show this thread
Will retweeted
With a few small modifications @MDSecLabs' Office 365 attack toolkit works with ROADtools tokens. This makes it a nice GUI for API tokens obtained with SSO abuse or via other means. cc @0x09AL
3
60
203
I'm excited to share that CVE-2020-17049 has been issued for a vulnerability that I found. There are more details to come, but I'll be holding off publishing for now while the patchwork is still ongoing. msrc.microsoft.com/update-gu…
3
12
59
It may surprise you, but 'sekurlsa' is not the first module I have in mind when re-creating #mimikatz 3 🥝 Ho yes, it now has submodule(s) support to avoid giant modules🤪 (and it's not detected as dangerous until now)
2
83
323
We should limit the use of open source defensive tools as bad guys can use them to detect/prevent legal LE implants and stop good guys from catching them.
4
5
35
Late addition to the SO-CON swag store. Original Red and Blue BloodHound shirts! Proceeds go to Black Girls Code customink.com/fundraising/so…
0
11
23
Wanna exploit office documents but don't know where to start? Me too! I'll be rambling about my journey into researching some old Microsoft Office technologies next Friday at SO-CON!
SO-CON Talk Announcement - Phishing in a Macro-less World @hotnops will discuss some of the old and forgotten technologies in Microsoft Office that can be leveraged to produce (and detect) malicious office documents. Sign up here: so-con-2020.eventbrite.com
0
17
72