Jonas Vestberg
@bugch3ck.bsky.social
Privilege Escalation Engineer
Principal Consultant @ Reversec (formerly WithSecure Consulting)
Principal Consultant @ Reversec (formerly WithSecure Consulting)
The World need more @rageagainst.bsky.social
May 27, 2025 at 6:34 AM
The World need more @rageagainst.bsky.social
They didn't even try this time...
New report for LPE incoming.
New report for LPE incoming.
This time they fixed it properly. No more vulns in that service. I'm sure of it 🙄
www.ibm.com/support/page...
www.ibm.com/support/page...
Security Bulletin: Vulnerability found in Personal Communications through deployment of arbitrary MSI package.
There is a vulnerability in found in Personal Communications through deployment of arbitrary MSI package. Personal Communications has addressed the applicable CVE-2025-1095.
www.ibm.com
April 30, 2025 at 12:49 PM
They didn't even try this time...
New report for LPE incoming.
New report for LPE incoming.
This time they fixed it properly. No more vulns in that service. I'm sure of it 🙄
www.ibm.com/support/page...
www.ibm.com/support/page...
Security Bulletin: Vulnerability found in Personal Communications through deployment of arbitrary MSI package.
There is a vulnerability in found in Personal Communications through deployment of arbitrary MSI package. Personal Communications has addressed the applicable CVE-2025-1095.
www.ibm.com
April 10, 2025 at 2:33 PM
This time they fixed it properly. No more vulns in that service. I'm sure of it 🙄
www.ibm.com/support/page...
www.ibm.com/support/page...
Reposted by Jonas Vestberg
Need to use RDP without leaving traces? Learn how to enable MSTSC public mode for more privacy and security in your remote sessions. Perfect for shared environments and enhanced confidentiality! 🔐💻
👉 Read my latest blog post: blog.devolutions.net/2025/03/usin...
👉 Read my latest blog post: blog.devolutions.net/2025/03/usin...
Using RDP without leaving traces: the MSTSC public mode
Learn how MSTSC’s /public mode works! It blocks credential caching, session details, and bitmap storage, enhancing security. Discover its impact and how to reset MSTSC for a clean slate.
blog.devolutions.net
March 6, 2025 at 9:59 PM
Need to use RDP without leaving traces? Learn how to enable MSTSC public mode for more privacy and security in your remote sessions. Perfect for shared environments and enhanced confidentiality! 🔐💻
👉 Read my latest blog post: blog.devolutions.net/2025/03/usin...
👉 Read my latest blog post: blog.devolutions.net/2025/03/usin...
Reposted by Jonas Vestberg
#SCCM forest discovery accounts can be decrypted—even those for untrusted forests. If the site server is a managed client, all creds can be decrypted via Administration Service API.
Check out our latest blog post from @unsignedsh0rt.bsky.social to learn more. ghst.ly/4buoISp
Check out our latest blog post from @unsignedsh0rt.bsky.social to learn more. ghst.ly/4buoISp
Decrypting the Forest From the Trees - SpecterOps
TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via ...
ghst.ly
March 6, 2025 at 8:34 PM
#SCCM forest discovery accounts can be decrypted—even those for untrusted forests. If the site server is a managed client, all creds can be decrypted via Administration Service API.
Check out our latest blog post from @unsignedsh0rt.bsky.social to learn more. ghst.ly/4buoISp
Check out our latest blog post from @unsignedsh0rt.bsky.social to learn more. ghst.ly/4buoISp
So did Justin Trudeau just quit to make sure he never had anything to do with Trump ever again?
January 6, 2025 at 10:41 PM
So did Justin Trudeau just quit to make sure he never had anything to do with Trump ever again?
Reposted by Jonas Vestberg
Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.
blog.amberwolf.com/blog/2024/de...
blog.amberwolf.com/blog/2024/de...
Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)
AmberWolf Security Research Blog
blog.amberwolf.com
December 26, 2024 at 12:17 PM
Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.
blog.amberwolf.com/blog/2024/de...
blog.amberwolf.com/blog/2024/de...
Reposted by Jonas Vestberg
Reposted by Jonas Vestberg
RIP "Within this assessment, the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security assessment."
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization | CISA
www.cisa.gov
November 21, 2024 at 5:10 PM
RIP "Within this assessment, the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security assessment."
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Reposted by Jonas Vestberg
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)
November 20, 2024 at 11:21 AM
Following my prev tweet, my Kerberos MITM relay/forwarder is almost finished! It targets for example insecure DNS updates in AD, allowing DNS name forgery. It intercepts, relays, and forwards traffic, with the client unaware. Currently supporting smb->smb and smb->http (adcs)
My replies to Linkedin messages this week...
November 19, 2024 at 1:42 PM
My replies to Linkedin messages this week...
I have a new family member ☕❤️
November 19, 2024 at 6:26 AM
I have a new family member ☕❤️
I think this image capture the state of the world right now...
November 17, 2024 at 12:30 AM
I think this image capture the state of the world right now...