Joined January 2017
- Tweets 952
- Following 174
- Followers 8,431
- Likes 625
179 Photos and videos
Pinned Tweet
5 Dec 2022
Wir haben eine Mission: Werde eine*r von uns! 👩🚀👨🚀
Finde gemeinsam mit uns die Schwachstellen von morgen 🔑 und manchmal auch welche aus längst vergangener Zeit 🗝️
Mehr erfahrt ihr unter jobs.redteam-pentesting.de 🚀
#infosec #cybersecurity #aachen #hiring #ITJobs #Pentesting
1
8
Jan 30
🚀Our tool keycred for KeyCredentialLinks and Shadow Credential attacks now works with updated domain controllers again!
It turns out, Microsoft violated their own specs.
Try it out: github.com/RedTeamPentesting…
Jan 28
Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D
2
79
240
29,251
Jan 30
Originally, Microsoft did not enforce their own specs for validated writes at all and only checked if a KeyCredentialLink is already present. Now they require a CustomKeyInformation field with the "MFA Not Required" flag to be present and the last logon timestamp to be absent.
2
3
15
2,075
Jan 30
This is kind of funny because CustomKeyInformation is actually forbidden for validated writes according to Microsoft's specs 🤡
learn.microsoft.com/en-us/op…
13
1,453
4 Dec 2025
🚨Nextcloud was vulnerable to XSS in PDF.js (CVE-2024-4367) found by @thomasrinsma at @CodeanIO.
Although Nextcloud mitigated the vulnerability in their portal by disabling eval, the viewer.html component of the vulnerable PDF.js was still exposed.
redteam-pentesting.de/en/adv…
1
5
14
1,773
28 Nov 2025
🎄Care for some Glühwein and flags? The Haix-la-Chapelle CTF 2025 starts tomorrow! 🍷
mastodon.social/@Pwn_la_Chap…
1
2
965
19 Nov 2025
🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29!
We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.
haix-la-chapelle.eu/
1
1
1
657
13 Nov 2025
🚨8 months after public disclosure, @RHEL @AlmaLinux @rocky_linux are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
2
17
66
6,014
13 Nov 2025
This is neither the first, nor the second time that we can't get distros to apply upstream fixes for publicly disclosed RCEs with POCs available in Ghostscript.
x.com/RedTeamPT/status/19081…
4 Apr 2025
🚨 Another month, another critical Ghostscript RCE, with patches rolling out rather slowly to some distros again 👻😱 #infosec #DeprecateUntrustedPostscript
1
1
851
13 Nov 2025
Disclaimer: We did not discover this vulnerability (credits go to zhutyra🎉), we're just wondering why we can still exploit these vulnerabilities in pentests on patched systems 🤷
We received no response on the @RHEL bug tracker:
bugzilla.redhat.com/show_bug…
1
4
700
RedTeam Pentesting retweeted
4 Oct 2025
Why doesn’t pretender from @RedTeamPT get more love? It’s excellent for relaying.
3
27
132
9,294
19 Aug 2025
👀Turns out MS-EVEN can do a lot more than NULL auth:
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
1
46
165
19,745
19 Aug 2025
Another interesting tidbit was that the share path can contain environment variables, which are expanded by the host.
This could reveal system level variables, which could be interesting in some configurations.
1
3
10
1,875
19 Aug 2025
Check out our Impacket PR that adds SMB signing support (NTLM and Kerberos) to smbserver to allow Windows 11 clients that require signing by default to connect:
github.com/fortra/impacket/p…
2
12
47
4,119
17 Jun 2025
We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard 🏆
#rwth #informatik #aachen
ALT Screenshot of the XSS Lab web application showing the leaderboard.
17
1,795