Reposted by Buldansec
Taking them to the SHITTER: an analysis of vendor abuse of security research in-the-wild
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
July 14, 2025 at 2:05 PM
Taking them to the SHITTER: an analysis of vendor abuse of security research in-the-wild
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
To exploit BadSuccessor there are only two requirements:
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
May 22, 2025 at 11:41 AM
To exploit BadSuccessor there are only two requirements:
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
Reposted by Buldansec
Post-ex Weaponization: An Oral History
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
April 10, 2025 at 2:24 PM
Post-ex Weaponization: An Oral History
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
Reposted by Buldansec
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
WinRMS Relaying
YouTube video by Sense Post
youtu.be
April 14, 2025 at 4:40 PM
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
Reposted by Buldansec
Imagine a discipline called Breach Intelligence. Instead of describing breaches as tools+actors, we use root-cause analysis to dissect the attack path, identify contrib factor issues, and their mitigations. And, aggregate data about which compensating controls (security products) failed
March 15, 2025 at 3:57 AM
Imagine a discipline called Breach Intelligence. Instead of describing breaches as tools+actors, we use root-cause analysis to dissect the attack path, identify contrib factor issues, and their mitigations. And, aggregate data about which compensating controls (security products) failed