account inactive, goto mastodon if you want to follow me
Joined July 2014
- Tweets 5,165
- Following 574
- Followers 976
- Likes 3,274
212 Photos and videos
Pinned Tweet
NFS has not received much attention of the offensive security community in nearly a decade. Today, we are happy to share our research on the topic: hvs-consulting.de/en/nfs-sec…. I'll give you a short overview in this thread 🧵 (1/5) #redteam #pentest
5
63
146
20,186
@edermi@infosec.exchange (inactive) retweeted
Took me two grok requests to return to default (or at least something that looks like it)
See you over in the sane part of the internet!
1
45
Took me two grok requests to return to default (or at least something that looks like it)
See you over in the sane part of the internet!
1
45
@edermi@infosec.exchange (inactive) retweeted
Jan 28
Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D
11
30
131
43,975
@edermi@infosec.exchange (inactive) retweeted
Net-NTLMv1 is outdated, insecure, and must go. 🛑
To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment.
Read more: bit.ly/4qpV6MJ
ALT Disable Use of Net-NTLMv1 Protocol
3
85
281
44,195
@edermi@infosec.exchange (inactive) retweeted
Jan 16
NetExec v1.5.0 is now available on kali!
Go ahead and apt update && apt upgrade your system to get all the new features🚀
ALT NetExec v1.5.0 is now available on Kali
24 Dec 2025
NetExec v1.5.0 has been released!🔥
Merry Christmas everyone!🎉 It's been a very long time since the last release, so there are a TON of new features!
Some of the highlights:
- Built-in LDAP signing and channel binding checks
- RDP command execution
- certipy find integration
ALT NetExec v1.5.0 has been released!🔥
5
89
597
37,371
@edermi@infosec.exchange (inactive) retweeted
Jan 13
SCCM attack paths are messy until you can see them. 👀
ConfigManBearPig from @_Mayyhem extends BloodHound with SCCM nodes edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out! ghst.ly/4svbcWO
1
42
135
11,228
@edermi@infosec.exchange (inactive) retweeted
Jan 15
We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯
How did we do it? Just two missing characters was all it took.
This is the story of #CodeBreach 🧵👇
158
850
7,424
1,334,633
@edermi@infosec.exchange (inactive) retweeted
Jan 15
The blog with how to use the rainbow tables for Net-NTLMv1 is finally live!
cloud.google.com/blog/topics…
My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created.
content.burningrivercybercon…
6
87
223
37,978
@edermi@infosec.exchange (inactive) retweeted
17 Nov 2025
I just released SAMDump, a tool that extracts SAM and SYSTEM files via Volume Shadow Copy (VSS) API with optional exfiltration (local save or network transfer) and XOR obfuscation. Plus, it uses NT APIs for file operations github.com/ricardojoserf/SAM…
42
117
6,557
@edermi@infosec.exchange (inactive) retweeted
31 Dec 2025
Responder now supports much more LDAP authentications, the LDAP rogue server has been rewritten to support SASL mechanisms.
You'll see a lot of these on your screens :)
3
49
198
14,317
New Windows AD Lab "Pirates of the Caribbean" themed lab is live ! 🔥
🔷NTLMv1/RBCD
🔷GMSA & MSSQL Impersonation
🔷Kerberos Delegation
🔷NTDS Forensics
Build on VMware, VirtualBox, or Ludus.
Thanks @mael91620 for the help!
Full treasure here⬇️
github.com/Pennyw0rth/NetExe…
2
104
391
23,774
@edermi@infosec.exchange (inactive) retweeted
Jan 5
Singularity rootkit now can bypass SELinux enforcing mode without audit logs on ICMP trigger, conntrack/netlink filtering (conntrack, ss, SOCK_DIAG), UDP hiding setup script
github.com/MatheuZSecurity/S…
#linux #rootkits #malware #evasion #antiforensics
4
45
135
9,251
@edermi@infosec.exchange (inactive) retweeted
Jan 4
We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks.
You can read our blog post here: blog.digitrace.de/2026/01/us…
2/2🧵
2
69
189
12,280
@edermi@infosec.exchange (inactive) retweeted
Jan 4
Using ADCS to Attack HTTPS-Enabled WSUS Clients:
@cookieTheft and I have extended the research by @Coontzy1 on WSUS attacks and explored how to leverage misconfigured ADCS templates to gain code execution on HTTPS-enabled WSUS clients.
1/2🧵
ALT So WSUS with HTTPS is secure u said?
2
79
290
25,962
@edermi@infosec.exchange (inactive) retweeted
22 Dec 2025
Enumerate DNS zones that allow unauthenticated updates using NetExec🔥
Adding or updating DNS entries without authentication can give attackers a huge advantage.
Thanks to @toffyrak such DNS zones can now be enumerated using NetExec🚀
ALT Enumerate and update DNS zones that allow unauthenticated updates using NetExec.
2
74
363
25,106
@edermi@infosec.exchange (inactive) retweeted
5 Dec 2025
NetExec now extracts even more secrets from the NTDS.dit🚀
With the new --history and --kerberos-keys flags, NetExec will also dump the password history and the AES/DES keys for Kerberos auth from the NTDS.dit🔑
Implemented by @kriyosthearcane, azoxlpf and me.
ALT Dumping password history and Kerberos keys from NTDS.dit with NetExec
7
95
445
17,616
@edermi@infosec.exchange (inactive) retweeted
26 Nov 2025
Dump DPAPI credentials via WinRM with NetExec🔥
A lot of sensitive data is stored in Windows DPAPI, such as the login credentials used in scheduled tasks.
Thanks to tiagomanunes this is now also possible via WinRM!
ALT Dump DPAPI credentials via WinRM with NetExec
3
59
254
11,489
@edermi@infosec.exchange (inactive) retweeted
21 Nov 2025
Dumping juicy secrets from SAM/LSA is always nice right?
I've added an implementation for the --sam and --lsa flags to the MSSQL protocol of NetExec🚀
No need for manual registry hive extraction anymore!
ALT Dumping SAM/LSA secrets via the MSSQL protocol with NetExec.
9
65
318
12,832
@edermi@infosec.exchange (inactive) retweeted
13 Nov 2025
🚨8 months after public disclosure, @RHEL @AlmaLinux @rocky_linux are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
2
17
66
6,015