@bitsadmin profile picture
Arris Huijgen @bitsadmin
Joined March 2016
  • Tweets 237
  • Following 106
  • Followers 1,738
42 Photos and videos
Arris Huijgen retweeted
CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿@_EthicalChaos_
Mar 28
Small updated to DRSAT just pushed that will also allow Group Policy Editor and Certificate Authority / Templates MMC snap-ins work over a TCP only SOCKS connection. github.com/CCob/DRSAT

GitHub - CCob/DRSAT: Disconnected RSAT - A method of running Group Policy Manager, Certificate...

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies - CCob/DRSAT

github.com
4
62
155
14,915
Because the last release of #NoPowerShell was 2 years ago and to celebrate the repo has 999 stars, I just merged DEV ➡️ MASTER and published Release 1.50 containing over 60 offensive cmdlets! 🥳 github.com/bitsadmin/nopower… See examples of some of the cmdlets below 👇

GitHub - bitsadmin/nopowershell: PowerShell rebuilt in C# for Red Teaming purposes

PowerShell rebuilt in C# for Red Teaming purposes. Contribute to bitsadmin/nopowershell development by creating an account on GitHub.

github.com
1
46
139
8,358
more replies
🔎 Inspecting ACLs and file hashes using the Get-Acl and Get-FileHash cmdlets.
1
222
Many more examples are in the CHEATSHEET at github.com/bitsadmin/nopower… or use the Get-Help/man command followed by the cmdlet, e.g. man iwr. Regularly new cmdlets are added in NoPowerShell's DEV branch so keep an eye there to get the latest and greatest! 🔥 github.com/bitsadmin/nopower…
1
2
201
Arris Huijgen retweeted
Yuval Gordon@YuG0rd
21 May 2025
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-res…
22
371
876
167,702
Arris Huijgen retweeted
Yehuda Smirnov@yudasm_
16 May 2025
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution? We explored process injection using nothing but thread context. Full write-up PoCs: blog.fndsec.net/2025/05/16/t…

New Process Injection Class: The CONTEXT-Only Attack Surface

What happens when you skip memory allocation, skip writing, and weaponize thread context alone? This post explores a new class of process injection that lives entirely in the execution layer — no a…

blog.fndsec.net
6
75
222
13,869
Arris Huijgen retweeted
S3cur3Th1sSh1t@ShitSecure
7 May 2025
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥 r-tec.net/r-tec-blog-windows…

r-tec Blog | Windows is and always will be a Potatoland

This blog post will dive into the world of some of the recently published potato techniques that can lead to more serious risks than

r-tec.net
3
111
304
26,067
Arris Huijgen retweeted
Atsika
@_atsika
30 Apr 2025
ProxyBlob is alive ! We’ve open-sourced our stealthy reverse SOCKS proxy over Azure Blob Storage that can help you operate in restricted environments 🔒 🌐 github.com/quarkslab/proxybl… Blog post for more details right below ⬇️

GitHub - quarkslab/proxyblob: SOCKS5 proxy tool that uses Azure Storage services as a means of...

SOCKS5 proxy tool that uses Azure Storage services as a means of communication. - quarkslab/proxyblob

github.com
quarkslab@quarkslab
29 Apr 2025
Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS? It's ProxyBlob, a reverse proxy over Azure. Check out @_atsika's article on how it came to exist after an assumed breach mission ⤵️ 👉 blog.quarkslab.com/proxyblob…
Proxybloby is the red teamer's mascot. Be careful, if left alone in you network it will byte your SOCKS

ALT Proxybloby is the red teamer's mascot. Be careful, if left alone in you network it will byte your SOCKS

3
45
111
9,155
Cool, novel, lateral movement technique by @william_knows by dropping a .dll file on a remote host obtaining code execution! 💡
William Knowles@william_knows
28 Apr 2025
.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-an…
23
153
16,932
Arris Huijgen retweeted
Andrea P@decoder_it
24 Apr 2025
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

From NTLM relay to Kerberos relay: Everything you need to know

While I was reading Elad Shamir recent excellent post about NTLM relay attacks, I decided to contribute a companion piece that dives into the mechanics of Kerberos relays, offering an analysis and …

decoder.cloud
2
150
352
19,640
Arris Huijgen retweeted
Orange Cyberdefense's SensePost Team@sensepost
14 Apr 2025
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP. By @Defte_ Writeup: sensepost.com/blog/2025/is-t… PR to impacket: github.com/fortra/impacket/p… Demo: youtu.be/3mG2Ouu3Umk

1
43
119
9,938
Arris Huijgen retweeted
Airbus Security Lab@AirbusSecLab
3 Feb 2025
We’re glad to announce we released Soxy!🚀 A Rust-powered suite of services for Citrix, VMware Horizon & Windows RDP. Red teams & pentesters can use it to pivot for deeper access. Get the tool and more details: 🔗 github.com/airbus-seclab/sox…

GitHub - airbus-seclab/soxy: A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware...

A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels. - airbus-seclab/soxy

github.com
61
147
7,472
Arris Huijgen retweeted
Neodyme
@Neodyme
17 Jan 2025
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: neodyme.io/blog/bitlocker_sc…

Windows BitLocker -- Screwed without a Screwdriver

Breaking up-to-date Windows 11 BitLocker encryption -- on-device but software-only

neodyme.io
2
29
85
5,923
Arris Huijgen retweeted
Frank
@jedisct1
5 Jan 2025
How to bypass BitLocker encryption on Windows 11 noinitrd.github.io/Memory-Du…

Intro

Memory-Dump-UEFI is a UEFI application for dumping the contents of RAM.

noinitrd.github.io
42
167
12,371
Arris Huijgen retweeted
Matcluck@doopsec
22 Dec 2024
Just released SCCMHound! A BloodHound collector for SCCM. SCCMHound allows both attackers and defenders to construct BloodHound datasets using the vast amount of information that is stored/retrievable through SCCM. Feel free to take it for a spin! github.com/CrowdStrike/sccmh…
101
341
26,953
Load more