92 Photos and videos
PSA technique is not completely dead
The implied attack path of the post is coerce auth from system -> relay to LDAP -> computer account writes its own attribute
Post patch, there are still use cases for shadow creds. (GenericAll, GenericWrite, or AddKeyCredentialLink, etc).
Jan 28
Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D
2
10
34
3,633
Ash retweeted
Excited to disclose my research allowing RCE in Kubernetes
It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout.
Unfortunately, this will NOT be patched.
47
376
2,575
413,983
Optimistic pragmatist red team take: writing engagement specific code tailored to your client environment is now easier than ever
just make sure to test it first
Jan 21
Using AI for coding is literally the single greatest thing that has happened in my lifetime around coding except for the creation of Python 😂
1
2
11
3,398
Ash retweeted
16 Nov 2025
They don’t teach you this in school but you can just have a delusional sense of optimism towards the world and believe everything is going to work out and you’ll succeed in every facet of life.
281
4,932
38,503
819,730
Ash retweeted
16 Nov 2025
The Agentic SOC is here.
🛡️Introducing the Alert Triage and Investigation Agent in Google SecOps (Public Preview). It autonomously investigates alerts, runs YARA-L queries, and applies @Mandiant expertise to deliver clear verdicts.
See how it works: bit.ly/4i1jj8Q
ALT Alert Triage and Investigation Agent in Google Security Operations
12
142
882
105,024
This is the disruption the C2 market has needed
14 Nov 2025
Chad C2 (@SpacialSec) is the brainrot C2 framework
Beacons take 1-5 minutes between callbacks - too long to ignore, to short to start something new
Chad C2 integrates your brainrot (X, TikTok, Stake, etc) into your operational workflows.
Less doom-scrolling. More pwning.
1
1
166
It's really cool to see how Ghostwriter has grown over the years. Awesome release @cmaddalena!
23 Jul 2025
Real-time collaboration has landed in Ghostwriter v6.0! 👻
Multiple users can now edit observations, findings, & report fields simultaneously w/o the chaos of overwriting each other's work.
@cmaddalena dives into the details in his latest blog update. ghst.ly/3TTSrwc
4
236
Forced myself to do this over the last 2 years and I:
- can confirm it's painful at first
- found it results in more thorough testing. You have to fully document the paths you go down
- think it leads to a better work life balance
also have to constantly force yourself to do it
13 Jul 2025
The one tip I will give to anyone starting out in any pentest / red team role is the one thing after 20 years of it I still never manage to do properly….
Report as you go ✅✅✅
That way you don’t end up spending your Sundays writing reports. Writing a report on a 3.5 month project with minimal notes is brutal 😆❌❌❌
9
565
Ash retweeted
13 Jul 2025
The one tip I will give to anyone starting out in any pentest / red team role is the one thing after 20 years of it I still never manage to do properly….
Report as you go ✅✅✅
That way you don’t end up spending your Sundays writing reports. Writing a report on a 3.5 month project with minimal notes is brutal 😆❌❌❌
30
27
236
24,970
Ash retweeted
16 Jun 2025
I haven't posted in a long time but wanted to support my region and help announce the very first Mandiant community night! Enjoy presentations from the Mandiant team and network with like minded people over food and drinks! Great opportunity! linkedin.com/posts/activity-…
2
2
543