Wil
LightNews LightNews
wilfri3d.bsky.social
Wil
@wilfri3d.bsky.social
28 followers 69 following 1 posts
Posts Replies Media Videos
Reposted by Wil
synacktiv.com
Our ninja @kalimer0x00.bsky.social is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥
June 13, 2025 at 2:46 PM
wilfri3d.bsky.social
Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !
synacktiv.com Synacktiv @synacktiv.com · Jun 11
Microsoft just released the patch for #CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn.bsky.social and @wilfri3d.bsky.social.
www.synacktiv.com/publications...
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
www.synacktiv.com
June 11, 2025 at 10:42 AM
Reposted by Wil
synacktiv.com
Microsoft just released the patch for #CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn.bsky.social and @wilfri3d.bsky.social.
www.synacktiv.com/publications...
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
www.synacktiv.com
June 11, 2025 at 10:40 AM
Reposted by Wil
kevintell.bsky.social
I had the privilege to attend this training at Synacktiv and it might be the best training you can get when it comes to Azure given by two guy who does Red Team all year round on this subject. Don't wait !
synacktiv.com Synacktiv @synacktiv.com · Mar 17
Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...
March 21, 2025 at 6:03 PM
Reposted by Wil
synacktiv.com
Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...
March 17, 2025 at 4:16 PM
Reposted by Wil
synacktiv.com
In our latest article, @croco-byte.bsky.social and @scaum.bsky.social demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
www.synacktiv.com/publications...
Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav
www.synacktiv.com
February 27, 2025 at 10:21 AM
Reposted by Wil
synacktiv.com
We've just updated our training catalog to include the latest additions, including a brand new course on ransomware investigations!
Find all the dates and details at www.synacktiv.com/en/offers/tr...
February 13, 2025 at 11:00 AM
Reposted by Wil
synacktiv.com
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
www.synacktiv.com
January 27, 2025 at 12:06 PM
Reposted by Wil
synacktiv.com
Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!
January 20, 2025 at 9:25 AM