Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix huntress.com/blog/unpatched-…

Useful to have in the toolkit.

Just noticed this change in the @MITREattack Enterprise Matrix V19. Defense Evasion has been split into the tactics Stealth and Defense Impairment. attack.mitre.org/resources/u…

Gaining Initial Access and Outsmarting SmartScreen .zip email attachment that includes a VHDX (Hard Disk Image File) Mark of the Web and SmartScreen bypass using Trusted Executable Reputation and DLL Sideloading github.com/g3tsyst3m/Codefro… #dfir #blueteam #redteam #pentesting #ThreatHunting

If you’re doing #cloud #security penetration testing and Azure is in scope, AZexec should already be in your toolkit! AZexec brings a NetExec-style workflow to Azure & Entra ID, finally giving cloud pentesters the same speed, clarity, and offensive ergonomics we’re used to on-prem. What makes it a must-have: - Unauthenticated & guest-based enumeration (yes, the Azure “null session” problem is very real) - Two-phase password spraying using Microsoft’s own APIs (stealthy, lockout-safe, MFA-aware) - Deep Entra ID & ARM reconnaissance: users, roles, apps, Key Vaults, storage, networks, VMs - Remote command execution across Azure VMs, Arc, MDE, and Intune - Credential extraction & token abuse tailored for cloud-native environments - NetExec-style output reporting (CSV / JSON / HTML) for clean ops and clean reports If you know CrackMapExec / NetExec, AZexec will feel instantly familiar, just adapted for how Azure actually works. Cloud attacks deserve cloud-native tooling. 🔗 GitHub: github.com/Logisek/AZexec #CloudSecurity #Azure #EntraID #Pentesting #RedTeam #OffensiveSecurity #AzureAD #NetExec #AZexec #Logisek

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Impressive work from team at @burpsuite

3 words 👉 Reduce false positives. 😌 Burp AI can automatically audit broken access control vulnerabilities to reduce false positives.

24 million websites compromised. 🧵 PortSwigger's Director of Research, James Kettle (@albinowax), & AppSec expert John Hammond (@_JohnHammond) reveal the fatal flaws in HTTP/1.1 that attackers are abusing right now. #HTTP1MustDie

Need to keep under the radar:

RemoteMonologue is a new Windows technique that uses DCOM to coerce NTLM authentications, enabling remote credential harvesting and privilege escalation for attackers. #RemoteMonologue #CredentialHarvesting #WindowsSecurity #NTLM #Cybersecurity meterpreter.org/remotemonolo…

Active Scan just got sharper - we’ve added new checks for OS command injection, powered by our latest ASCII Control Characters research. Install via Extensions -> BApp Store

‼️ Evilginx Pro 4.1 - Google Safe Browsing evasion 🛡️ I've just uploaded a short demo video demonstrating how Evilginx Pro is able to evade Enhanced protection in Google Chrome browser. The update is coming soon! 🔗 youtube.com/watch?v=6AJ6dYt9…

Need another route to Active Directory? Check out SharpADWS, it has the ability to extract or modify Active Directory data without communicating directly with the LDAP server. github.com/wh0amitz/SharpADW…

Building a custom Mimikatz binary by @ShitSecure s3cur3th1ssh1t.github.io/Bui…

Source details: birkep.github.io/posts/Windo…

Need some cleartext password from TGT or NTLM hash? Always useful on internal penetration testing. Nice work @malcrove their blog post - malcrove.com/seamlesspass-le…

Always useful to have a few tricks like this #betterpentesting #attacksecurity

Great series on Linux privilege escalations tbhaxor.com/linux-privilege-… Credits @tbhaxor #infosec #Linux

Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them