Reposted by Mike
Another example of a Windows 0-day found with PrivescCheck. Congrats to Compass Security for investigating the issue and exploiting it. 👏
blog.compass-security.com/2025/04/3-mi...
blog.compass-security.com/2025/04/3-mi...
April 15, 2025 at 12:41 PM
Another example of a Windows 0-day found with PrivescCheck. Congrats to Compass Security for investigating the issue and exploiting it. 👏
blog.compass-security.com/2025/04/3-mi...
blog.compass-security.com/2025/04/3-mi...
Reposted by Mike
I got a chance to try out @Burp_Suite Burp AI, and it's... honestly really cool 😅 Video showcase where we cruise through a web app scan, crawl and audit, and it rips through findings including an explicit UNION SQL injection vulnerability and more 🤩 youtu.be/v-McepNOrTQ
April 15, 2025 at 1:01 PM
I got a chance to try out @Burp_Suite Burp AI, and it's... honestly really cool 😅 Video showcase where we cruise through a web app scan, crawl and audit, and it rips through findings including an explicit UNION SQL injection vulnerability and more 🤩 youtu.be/v-McepNOrTQ
Reposted by Mike
Calling all relationship builders! 👋 We're looking for a Channel Account Manager to help grow our partner network for BloodHound Enterprise.
If you love connecting with VARs, distributors, & consultants, submit your application today: ghst.ly/3XYrzO4
If you love connecting with VARs, distributors, & consultants, submit your application today: ghst.ly/3XYrzO4
April 15, 2025 at 3:24 PM
Calling all relationship builders! 👋 We're looking for a Channel Account Manager to help grow our partner network for BloodHound Enterprise.
If you love connecting with VARs, distributors, & consultants, submit your application today: ghst.ly/3XYrzO4
If you love connecting with VARs, distributors, & consultants, submit your application today: ghst.ly/3XYrzO4
Reposted by Mike
New blog post 🤗
In our latest blog post, @xpnsec.com breaks down how SQL Server Transparent Data Encryption works, shares new methods for brute-forcing database encryption keys, & reveals a default key used by ManageEngine's ADSelfService product backups.
Read more 👉 ghst.ly/4iXFTyF
Read more 👉 ghst.ly/4iXFTyF
April 8, 2025 at 6:45 PM
New blog post 🤗
Reposted by Mike
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
April 8, 2025 at 11:00 PM
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Reposted by Mike
New day, new #BloodHoundBasics post!
DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today!
1/2
DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today!
1/2
April 4, 2025 at 6:06 PM
New day, new #BloodHoundBasics post!
DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today!
1/2
DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today!
1/2
Reposted by Mike
🎤As they say, better late than never. Our latest episode is out now! Brought to you by linkedin.com/company/secu...
Episode 130: Using Deception Technology to Detect Cyber Attacks - The Cyber Threat Perspective
In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools…
www.buzzsprout.com
April 4, 2025 at 4:16 PM
🎤As they say, better late than never. Our latest episode is out now! Brought to you by linkedin.com/company/secu...
Reposted by Mike
Zscaler has published a technical report on HijackLoader (IDAT Loader, GhostPulse) and its recent changes, such as its new call stack spoofing module, anti-VM module, and support for scheduled task persistence
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
New HijackLoader Evasion Tactics | ThreatLabz
Learn how HijackLoader has introduced call stack spoofing and new modules to improve its evasion and anti-analysis capabilities.
www.zscaler.com
April 1, 2025 at 10:31 AM
Zscaler has published a technical report on HijackLoader (IDAT Loader, GhostPulse) and its recent changes, such as its new call stack spoofing module, anti-VM module, and support for scheduled task persistence
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
Reposted by Mike
Spent the evening deep diving into MCPs and started a new project: roadrecon_mcp_server! This #MCP takes the web GUI output from the awesome ROADtools by @dirkjanm.io and offers tools to Claude (or your #AI agent of choice) to interact with the data:
github.com/atomicchonk/...
github.com/atomicchonk/...
GitHub - atomicchonk/roadrecon_mcp_server: Claude MCP server to perform analysis on ROADrecon data
Claude MCP server to perform analysis on ROADrecon data - atomicchonk/roadrecon_mcp_server
github.com
March 29, 2025 at 3:17 AM
Spent the evening deep diving into MCPs and started a new project: roadrecon_mcp_server! This #MCP takes the web GUI output from the awesome ROADtools by @dirkjanm.io and offers tools to Claude (or your #AI agent of choice) to interact with the data:
github.com/atomicchonk/...
github.com/atomicchonk/...
Reposted by Mike
Join @alethe.bsky.social for a behind-the-scenes look at real #RedTeam ops: successes, failures, and the lessons that could level up your security game. #cybersecurity
bishopfox.com/resources/re...
bishopfox.com/resources/re...
Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security
Bishop Fox's Alethe Denis deep dives into Red Teaming and social engineering—real-world stories, insights, and takeaways on offensive security.
bishopfox.com
March 31, 2025 at 8:54 PM
Join @alethe.bsky.social for a behind-the-scenes look at real #RedTeam ops: successes, failures, and the lessons that could level up your security game. #cybersecurity
bishopfox.com/resources/re...
bishopfox.com/resources/re...
Reposted by Mike
🔒 Are your endpoint defenses prepared to counter EDR bypass techniques?
Discover the latest tactics used by attackers and learn actionable countermeasures during Binary Defense's ThreatTalk webinar. Save your seat today: www.binarydefense.com/resources/we...
#Cybersecurity #ThreatTalk #EDR
Discover the latest tactics used by attackers and learn actionable countermeasures during Binary Defense's ThreatTalk webinar. Save your seat today: www.binarydefense.com/resources/we...
#Cybersecurity #ThreatTalk #EDR
The Rise in EDR Killers: An Emerging Threat to Endpoint Security | Binary Defense
ThreatTalk Series The growing prevalence of EDR attacks has left organizations grappling with the destructive impact of threat actors infiltrating their systems. These attacks are frequently executed ...
www.binarydefense.com
March 27, 2025 at 3:03 PM
🔒 Are your endpoint defenses prepared to counter EDR bypass techniques?
Discover the latest tactics used by attackers and learn actionable countermeasures during Binary Defense's ThreatTalk webinar. Save your seat today: www.binarydefense.com/resources/we...
#Cybersecurity #ThreatTalk #EDR
Discover the latest tactics used by attackers and learn actionable countermeasures during Binary Defense's ThreatTalk webinar. Save your seat today: www.binarydefense.com/resources/we...
#Cybersecurity #ThreatTalk #EDR
Reposted by Mike
Don't miss our next BloodHound Enterprise demo webinar, happening April 8! Register now to hear from Jacob Julian on why you should care about Attack Paths, and how BloodHound approaches identification and elimination.
Register ➡️ ghst.ly/apr-demo-bsky
Register ➡️ ghst.ly/apr-demo-bsky
March 27, 2025 at 3:37 PM
Don't miss our next BloodHound Enterprise demo webinar, happening April 8! Register now to hear from Jacob Julian on why you should care about Attack Paths, and how BloodHound approaches identification and elimination.
Register ➡️ ghst.ly/apr-demo-bsky
Register ➡️ ghst.ly/apr-demo-bsky
Reposted by Mike
Automatic browser SSO with a PRT on a victim device over an Outflank C2 implant 🥰 using ROADtools and some hackery from Max Grim.
March 27, 2025 at 11:52 AM
Automatic browser SSO with a PRT on a victim device over an Outflank C2 implant 🥰 using ROADtools and some hackery from Max Grim.
Reposted by Mike
Troy Hunt's mailing list got phished. Commiserations to him. If it can happen to Troy, it can probably happen to you.
www.troyhunt.com/a-sneaky-phi...
www.troyhunt.com/a-sneaky-phi...
A Sneaky Phish Just Grabbed my Mailchimp Mailing List
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish h...
www.troyhunt.com
March 27, 2025 at 9:33 AM
Troy Hunt's mailing list got phished. Commiserations to him. If it can happen to Troy, it can probably happen to you.
www.troyhunt.com/a-sneaky-phi...
www.troyhunt.com/a-sneaky-phi...
Reposted by Mike
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
Fileless lateral movement with trapped COM objects | IBM
New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.
ibm.com
March 25, 2025 at 9:21 PM
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
Reposted by Mike
Don't miss my teammates as they present the 2025 Red Canary Threat Detection Report tomorrow afternoon! This report is overwhelming with goodness, and they'll help you navigate it. 😀 redcanary.com/resources/we...
[Webinar] Inside the 2025 Threat Detection Report
Join the 2025 Red Canary Threat Detection Report’s authors as they explore the most important findings of the year. Don't miss this event!
redcanary.com
March 25, 2025 at 5:21 PM
Don't miss my teammates as they present the 2025 Red Canary Threat Detection Report tomorrow afternoon! This report is overwhelming with goodness, and they'll help you navigate it. 😀 redcanary.com/resources/we...
Reposted by Mike
Ransomware groups have declared war on small business. It’s time we do the same to them.
March 25, 2025 at 5:15 PM
Ransomware groups have declared war on small business. It’s time we do the same to them.
Reposted by Mike
Rust is gaining traction in malware development—offering evasion advantages over C. Security Consultant Nick Cerne breaks down why, compares reverse engineering challenges, and builds a Rust-based dropper to stage Sliver.
bishopfox.com/blog/rust-fo...
bishopfox.com/blog/rust-fo...
Rust for Malware Development
Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.
bishopfox.com
March 25, 2025 at 3:51 PM
Rust is gaining traction in malware development—offering evasion advantages over C. Security Consultant Nick Cerne breaks down why, compares reverse engineering challenges, and builds a Rust-based dropper to stage Sliver.
bishopfox.com/blog/rust-fo...
bishopfox.com/blog/rust-fo...
Reposted by Mike
Hey all! NerdWallet is hiring for several Staff Software Engineer roles in US and Canada. They are all remote.
➡️ jobs.diversifytech.com
➡️ jobs.diversifytech.com
Diversify Tech | Diversify Tech - Connecting marginalized folks in tech with career opportunities
Get job opportunities from vetted companies in your inbox every week.
jobs.diversifytech.com
March 24, 2025 at 3:30 PM
Hey all! NerdWallet is hiring for several Staff Software Engineer roles in US and Canada. They are all remote.
➡️ jobs.diversifytech.com
➡️ jobs.diversifytech.com
Reposted by Mike
We explain everything you need to know about Bluetooth, the long-standing wireless connectivity standard.
The WIRED Guide to Bluetooth
We explain everything you need to know about Bluetooth, the long-standing wireless connectivity standard.
wrd.cm
March 23, 2025 at 1:05 PM
We explain everything you need to know about Bluetooth, the long-standing wireless connectivity standard.
Reposted by Mike
Attackers see what you don't: paths between your cloud & on-prem systems.
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
March 20, 2025 at 1:26 PM
Attackers see what you don't: paths between your cloud & on-prem systems.
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Reposted by Mike
Happy #BloodHoundBasics day! This week we are looking at how BloodHound classifies Tier Zero.
Q: Why is not just the DA group Tier Zero but also all members?
A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques.
1/8
Q: Why is not just the DA group Tier Zero but also all members?
A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques.
1/8
March 21, 2025 at 6:36 PM
Happy #BloodHoundBasics day! This week we are looking at how BloodHound classifies Tier Zero.
Q: Why is not just the DA group Tier Zero but also all members?
A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques.
1/8
Q: Why is not just the DA group Tier Zero but also all members?
A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques.
1/8
Reposted by Mike
Hello Bluesky! We're live!👋 And so is our new release! Cobalt Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, a new prepend reflective loader with new evasive options, asynchronous BOFs, DNS over HTTPs and more!
cobaltstrike.com/blog/cobalt-...
cobaltstrike.com/blog/cobalt-...
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping....
Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon.
cobaltstrike.com
March 17, 2025 at 8:17 PM
Hello Bluesky! We're live!👋 And so is our new release! Cobalt Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, a new prepend reflective loader with new evasive options, asynchronous BOFs, DNS over HTTPs and more!
cobaltstrike.com/blog/cobalt-...
cobaltstrike.com/blog/cobalt-...
Reposted by Mike
Malicious OAuth attacks are all the rage right now!
Ex 1 - www.bleepingcomputer.com/news/securit...
Ex 2 -
Ex 1 - www.bleepingcomputer.com/news/securit...
Ex 2 -
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.
www.bleepingcomputer.com
March 17, 2025 at 10:53 PM
Malicious OAuth attacks are all the rage right now!
Ex 1 - www.bleepingcomputer.com/news/securit...
Ex 2 -
Ex 1 - www.bleepingcomputer.com/news/securit...
Ex 2 -