@kevintell.bsky.social
Reposted
Our ninjas are in Vienna for the T-REX conference!
🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts.
Thank you to the @oenb.at for hosting such a great event!
🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts.
Thank you to the @oenb.at for hosting such a great event!
November 14, 2025 at 3:00 PM
Our ninjas are in Vienna for the T-REX conference!
🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts.
Thank you to the @oenb.at for hosting such a great event!
🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts.
Thank you to the @oenb.at for hosting such a great event!
Reposted
🇫🇷 During "Le Big Bang de l’Économie" by #LeFigaro, @kevintell.bsky.social gave a live pentest demo, showing how easily data can be exposed when systems aren’t properly secured: youtu.be/XVJUF1zt1FE
👉 Watch the whole show: video.lefigaro.fr/figaro/econo...
👉 Watch the whole show: video.lefigaro.fr/figaro/econo...
[Le Big Bang de l’Économie - Le Figaro] Cybersécurité : sommes-nous vraiment prêts ?
YouTube video by Synacktiv
youtu.be
November 6, 2025 at 2:57 PM
🇫🇷 During "Le Big Bang de l’Économie" by #LeFigaro, @kevintell.bsky.social gave a live pentest demo, showing how easily data can be exposed when systems aren’t properly secured: youtu.be/XVJUF1zt1FE
👉 Watch the whole show: video.lefigaro.fr/figaro/econo...
👉 Watch the whole show: video.lefigaro.fr/figaro/econo...
Reposted
Credential Guard was supposed to end credential dumping. It didn't.
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Catching Credential Guard Off Guard - SpecterOps
Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.
ghst.ly
October 23, 2025 at 5:45 PM
Credential Guard was supposed to end credential dumping. It didn't.
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Reposted
How safe is your browser?
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...
The Phantom Extension: Backdooring chrome through uncharted pathways
The Phantom Extension: Backdooring chrome through uncharted pathways
www.synacktiv.com
September 26, 2025 at 10:29 AM
How safe is your browser?
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...
Reposted
Lateral movement getting blocked by traditional methods?
@werdhaihai.bsky.social just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG
@werdhaihai.bsky.social just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG
DCOM Again: Installing Trouble - SpecterOps
DCOM lateral movement BOF using Windows Installer (MSI) Custom Action Server - install ODBC drivers to load and execute DLLs
ghst.ly
September 29, 2025 at 7:00 PM
Lateral movement getting blocked by traditional methods?
@werdhaihai.bsky.social just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG
@werdhaihai.bsky.social just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG
Reposted
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 1:20 PM
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
Reposted
🧑🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out!
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...
September 12, 2025 at 11:13 AM
🧑🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out!
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...
Reposted
DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with @kevintell.bsky.social's new article on DCOM basics. Trust us, it's way cooler than it sounds!
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
September 16, 2025 at 1:12 PM
DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with @kevintell.bsky.social's new article on DCOM basics. Trust us, it's way cooler than it sounds!
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Reposted
🔒 Can you really trust your zero trust? We (re)discovered a vulnerability in Zscaler Client Connector that allowed bypassing device posture checks, and it was still exploitable in the wild. Full technical deep dive + remediation tips 👉 www.synacktiv.com/en/publicati...
Should you trust your zero trust? Bypassing Zscaler posture checks
Introduction Posture checks are a key component of zero trust architectures.
www.synacktiv.com
August 8, 2025 at 12:56 PM
🔒 Can you really trust your zero trust? We (re)discovered a vulnerability in Zscaler Client Connector that allowed bypassing device posture checks, and it was still exploitable in the wild. Full technical deep dive + remediation tips 👉 www.synacktiv.com/en/publicati...
Reposted
🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! www.blackhat.com/us-25/traini...
July 2, 2025 at 9:27 AM
🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! www.blackhat.com/us-25/traini...
Reposted
Our ninja @kalimer0x00.bsky.social is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥
June 13, 2025 at 2:46 PM
Our ninja @kalimer0x00.bsky.social is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥
Reposted
April 15, 2025 at 2:46 PM
Reposted
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️
decoder.cloud/2025/04/24/f...
decoder.cloud/2025/04/24/f...
From NTLM relay to Kerberos relay: Everything you need to know
While I was reading Elad Shamir recent excellent post about NTLM relay attacks, I decided to contribute a companion piece that dives into the mechanics of Kerberos relays, offering an analysis and …
decoder.cloud
April 28, 2025 at 8:04 AM
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️
decoder.cloud/2025/04/24/f...
decoder.cloud/2025/04/24/f...
Reposted
That's all folks! 👋 Thank you to everyone who attended & presented talks during our #SOCON2025 conference days. Our training courses kickoff tomorrow at 9AM back at Convene.
April 1, 2025 at 11:34 PM
That's all folks! 👋 Thank you to everyone who attended & presented talks during our #SOCON2025 conference days. Our training courses kickoff tomorrow at 9AM back at Convene.
Reposted
Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...
Responsable équipe reverse engineering
www.synacktiv.com
March 28, 2025 at 4:25 PM
Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...
I had the privilege to attend this training at Synacktiv and it might be the best training you can get when it comes to Azure given by two guy who does Red Team all year round on this subject. Don't wait !
Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...
March 21, 2025 at 6:03 PM
I had the privilege to attend this training at Synacktiv and it might be the best training you can get when it comes to Azure given by two guy who does Red Team all year round on this subject. Don't wait !
Reposted
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
www.synacktiv.com
January 27, 2025 at 12:06 PM
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
Reposted
Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!
January 20, 2025 at 9:25 AM
Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!