If a website is protected by @CheckPointSW IPS "anti-SQLi" and mysql<=5 is running, you can easily bypass this by using "||" and "&&" instead of "OR" and "AND" which are blocked. Tested on the lastest version R80.20. #bugbountytip #bugbounty #pentest #payfornothing

"Viendez" tester ce petit challenge ! Un peu de network, un soupçon de crypto, une pincée de RE et surtout : 0 guessing.

I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀 Presenting the Continuous Reasoning AI Pentester! Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR. Zero human input. One hundred percent success.

PoC Exploit for the NTLM reflection SMB flaw CVE-2025-33073 github.com/mverschu/CVE-2025…

Il y a bien longtemps que j'avais pas trouvé un chall aussi sympa ! Malgré sa simplicité, on y trouve des vulns très récentes, le cheminement jusqu'à DA est fluide et surtout, c'était l'occasion de jouer avec certipy5 👌 (app.hackthebox.com/machines/…) hackthebox.com/achievement/m…

BadSuccessor ports: ◾️.NET github.com/logangoins/SharpS… ◾️Python github.com/cybrly/badsuccess… ◾️PowerShell github.com/LuemmelSec/Pentes… 🎯 Implemented in these tools: ◾️Netexec: github.com/Pennyw0rth/NetExe… ◾️BloodyAD github.com/CravateRouge/bloo…

I'm super happy to announce an operationally weaponized version of @YuG0rd's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/SharpS…

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

#BadSuccessor - a textbook example of why the security ecosystem is broken - A privilege escalation vuln in Windows Server 2025 AD (via dMSA) - Full domain compromise with default config - Microsoft was told, agreed it’s real, but rated it "moderate" - No patch, No fix - No code execution needed - No need to touch the DC - No RPC, no ntds.dit - Just a write to one attribute on an account you can create - Rubeus already supports dMSA abuse (since February) - Metasploit module is in the works Researchers published everything anyway. Because… "we respectfully disagree with Microsoft’s assessment". So yeah, let’s just drop an end-to-end domain takeover technique online to prove a point. To be fair, Windows Server 2025 isn’t widely deployed yet, so the real-world blast radius today is limited. But this isn’t about today - it’s about trust, process, and what happens when security decisions are driven by vendor priorities and researcher egos. What this tells me: 1. Microsoft either: - Can’t assess bugs anymore - Or stopped caring about on-prem AD completely (because Entra ID is what they want to sell) 2. And the offensive sec crowd? - They knew this would hit hard - But chose to burn the world anyway - Because their urge to be right > everyone else’s security In the end, both sides look bad. Microsoft, for being dysfunctional or apathetic Researchers, for chasing clout over coordinated disclosure Congrats. In a rare show of unity, both sides managed to screw this up. Blog: akamai.com/blog/security-res… LinkedIn: linkedin.com/feed/update/urn… Metasploit issue: github.com/rapid7/metasploit…

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post sensepost.com/blog/2025/divi…

Oh ça, c'est fort ! Même pour les fanboy cli comme moi, toujours pratique d'avoir un tool qui donne une vue d'ensemble rapidement sur certains éléments. apackets.com/

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/At…

The entire disclosure seems to have been leaked online gist.github.com/stong/c8847e… Here is the report and POC

C gang

Encore une dinguerie github.com/darrenburns/posti…

Trippy : un outil combinant traceroute et ping, conçu pour aider les adminsys à résoudre les problèmes de réseau. Il prend en charge les protocoles ICMP, UDP, TCP et les versions IPv4 et IPv6. -> github.com/fujiapple852/trip…

Je ne sais plus si je vous avais partagé cette dinguerie en bash !! Le mec a recodé le "cmatrix" en bash, en ~15 lignes de code utiles... (Pour l'avoir fait il y a plusieurs années avec tput, beaucoup plus de lignes.) (source : raw.githubusercontent.com/wi…)

Notre @_zblurx national va faire un talk à la @DefconParis ce soir sur Netexec, un """petit""" tool qui fait le café en TI interne, et pour lequel il est un des main devs sur son temps libre 😀 N'hésitez pas à passer lui dire bonjour (et à écouter le talk, accessoirement😆)