@fd0tm.bsky.social
Reposted
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While rese...
blog.redteam-pentesting.de
June 11, 2025 at 8:04 AM
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
Reposted
We also used modified sploutchy's RPC server for impacket's ntlmrelayx.py to also provide a generic endpoint mapper (EPM) to abuse PrinterBug on newer versions of Windows 11.
github.com/fortra/impac...
github.com/fortra/impac...
ntlmrelayx.py
June 4, 2025 at 7:57 AM
We also used modified sploutchy's RPC server for impacket's ntlmrelayx.py to also provide a generic endpoint mapper (EPM) to abuse PrinterBug on newer versions of Windows 11.
github.com/fortra/impac...
github.com/fortra/impac...
Reposted
And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 hosts 🤯 if they have a writeable share:
github.com/Pennyw0rth/N...
github.com/Pennyw0rth/N...
Add efsr_spray module by rtpt-romankarwacik · Pull Request #718 · Pennyw0rth/NetExec
Description
Since Windows 11 23H2 the EFS service is only activated on demand. One ways to activate it is to write an encrypted file to a share on the respective device. This module automates this ...
github.com
June 4, 2025 at 7:57 AM
And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 hosts 🤯 if they have a writeable share:
github.com/Pennyw0rth/N...
github.com/Pennyw0rth/N...
Reposted
🎉 It is finally time for a new blog post!
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
June 4, 2025 at 7:57 AM
🎉 It is finally time for a new blog post!
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...