Ivan Ožić Bebek
@obivan.infosec.exchange.ap.brid.gy
Conditional Access bypasses https://cloudbrothers.info/en/conditional-access-bypasses/
Conditional Access bypasses
In Microsoft Entra, Conditional Access is, after the Authentication itself, the most crucial part of defense against attackers. It’s referenced as “zero trust policy engine” and the idea behind is, that in addition to your username and password you can also enforce additional requirements when you access a specific resource. This could be any combination of a second factor (2FA), a specific authentication method (e.g. passkey) a device that is in a “compliant” state a trusted or compliant network and a lot more, depending on your specific use case.
cloudbrothers.info
December 2, 2025 at 7:45 AM
Conditional Access bypasses https://cloudbrothers.info/en/conditional-access-bypasses/
Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering. https://github.com/Maldev-Academy/ElectronVulnScanner
GitHub - Maldev-Academy/ElectronVulnScanner: Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering.
Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering. - Maldev-Academy/ElectronVulnScanner
github.com
November 30, 2025 at 9:21 PM
Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering. https://github.com/Maldev-Academy/ElectronVulnScanner
A collection of Red Team tools https://github.com/vari-sh/RedTeamGrimoire/
GitHub - vari-sh/RedTeamGrimoire: 🔥📜 Forbidden collection of Red Team sorcery 📜🔥
🔥📜 Forbidden collection of Red Team sorcery 📜🔥. Contribute to vari-sh/RedTeamGrimoire development by creating an account on GitHub.
github.com
November 29, 2025 at 8:36 PM
A collection of Red Team tools https://github.com/vari-sh/RedTeamGrimoire/
Living Off the Land: Windows Post-Exploitation Without Tools https://xbz0n.sh/blog/living-off-the-land-windows
Living Off the Land: Windows Post-Exploitation Without Tools
I'll never forget one of my first red team engagements where I learned this lesson the hard way. I'd spent two days carefully phishing my way into a financia...
xbz0n.sh
November 28, 2025 at 2:05 PM
Living Off the Land: Windows Post-Exploitation Without Tools https://xbz0n.sh/blog/living-off-the-land-windows
Red Team Ops II released today https://www.zeropointsecurity.co.uk/course/red-team-ops-ii
Red Team Ops II
Gain the knowledge and skills necessary to operate against advanced defences.
www.zeropointsecurity.co.uk
November 28, 2025 at 12:18 PM
Red Team Ops II released today https://www.zeropointsecurity.co.uk/course/red-team-ops-ii
Exploits for Ivanti Neurons for ITSM (On Premise) https://github.com/synacktiv/itsm-exploit
GitHub - synacktiv/itsm-exploit: Ivanti Neurons for ITSM (On Premise) exploits
Ivanti Neurons for ITSM (On Premise) exploits. Contribute to synacktiv/itsm-exploit development by creating an account on GitHub.
github.com
November 28, 2025 at 12:17 PM
Exploits for Ivanti Neurons for ITSM (On Premise) https://github.com/synacktiv/itsm-exploit
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS https://github.com/nickvourd/PrivKit
GitHub - nickvourd/PrivKit: PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS. - nickvourd/PrivKit
github.com
November 28, 2025 at 12:12 PM
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS https://github.com/nickvourd/PrivKit
Reposted by Ivan Ožić Bebek
Scoopy, new, by me:
Meet Rey, the Admin of 'Scattered Lapsus$ Hunters'
"A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters"
made headlines regularly this year by stealing data from and publicly mass
extorting dozens of major […]
[Original post on infosec.exchange]
Meet Rey, the Admin of 'Scattered Lapsus$ Hunters'
"A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters"
made headlines regularly this year by stealing data from and publicly mass
extorting dozens of major […]
[Original post on infosec.exchange]
November 26, 2025 at 5:29 PM
Scoopy, new, by me:
Meet Rey, the Admin of 'Scattered Lapsus$ Hunters'
"A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters"
made headlines regularly this year by stealing data from and publicly mass
extorting dozens of major […]
[Original post on infosec.exchange]
Meet Rey, the Admin of 'Scattered Lapsus$ Hunters'
"A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters"
made headlines regularly this year by stealing data from and publicly mass
extorting dozens of major […]
[Original post on infosec.exchange]
Beerus Framework is a project developed by the Hakai Offensive Security Research Team to assist you throughout the mobile penetration testing process https://github.com/hakaioffsec/beerus-android
GitHub - hakaioffsec/beerus-android: BEERUS Framework for Android
BEERUS Framework for Android. Contribute to hakaioffsec/beerus-android development by creating an account on GitHub.
github.com
November 26, 2025 at 9:01 AM
Beerus Framework is a project developed by the Hakai Offensive Security Research Team to assist you throughout the mobile penetration testing process https://github.com/hakaioffsec/beerus-android
Hide the threat – GPO lateral movement https://www.intrinsec.com/hide-the-threat-gpo-lateral-movement/
www.intrinsec.com
November 26, 2025 at 8:57 AM
Hide the threat – GPO lateral movement https://www.intrinsec.com/hide-the-threat-gpo-lateral-movement/
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
Welcome to watchTowr vs the Internet, part 68. That feeling you’re experiencing? Dread. You should be used to it by now. As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive environments
labs.watchtowr.com
November 25, 2025 at 11:22 AM
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Reflecting Your Authentication: When Windows Ends Up Talking to Itself https://decoder.cloud/2025/11/24/reflecting-your-authentication-when-windows-ends-up-talking-to-itself/
Reflecting Your Authentication: When Windows Ends Up Talking to Itself
Authentication reflection has been around for more than 20 years, but its implications in modern Windows networks are far from obsolete. Even after all the patches Microsoft has rolled out over the…
decoder.cloud
November 24, 2025 at 8:00 PM
Reflecting Your Authentication: When Windows Ends Up Talking to Itself https://decoder.cloud/2025/11/24/reflecting-your-authentication-when-windows-ends-up-talking-to-itself/
InfoSec Black Friday & Cyber Monday Deals https://github.com/0x90n/InfoSec-Black-Friday
GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday
All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday
github.com
November 24, 2025 at 6:23 PM
InfoSec Black Friday & Cyber Monday Deals https://github.com/0x90n/InfoSec-Black-Friday
Reposted by Ivan Ožić Bebek
This is such a dumpster fire. Be safe out there. #npm https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
Live Updates: Shai1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised
www.koi.ai
November 24, 2025 at 1:51 PM
This is such a dumpster fire. Be safe out there. #npm https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
A vulnerability in Wazuh Agent (v4.10.1) allows authenticated attackers to force NTLM authentication through malicious UNC paths https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x
NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities
### Summary A vulnerability in Wazuh Agent (v4.10.1) allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially le...
github.com
November 22, 2025 at 9:18 PM
A vulnerability in Wazuh Agent (v4.10.1) allows authenticated attackers to force NTLM authentication through malicious UNC paths https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x
MSSQL | Potatos and how not to use them https://adhdmurky.github.io/posts/post/
MSSQL | Potatos and how not to use them | ADHDMurky Blog
Personal Blog Home Page
adhdmurky.github.io
November 22, 2025 at 9:51 AM
MSSQL | Potatos and how not to use them https://adhdmurky.github.io/posts/post/
BetterSuccessor: Still abusing dMSA for Privilege Escalation (BadSuccessor after patch) https://www.alteredsecurity.com/post/bettersuccessor-still-abusing-dmsa-for-privilege-escalation-badsuccessor-after-patch
Altered Security
Global leader in hands-on learning for enterprise and cloud security education. Join 10000+ infosec professionals from 130+ countries
www.alteredsecurity.com
November 20, 2025 at 5:13 PM
BetterSuccessor: Still abusing dMSA for Privilege Escalation (BadSuccessor after patch) https://www.alteredsecurity.com/post/bettersuccessor-still-abusing-dmsa-for-privilege-escalation-badsuccessor-after-patch
New unpatched 0 day vulnerability allowing to leak NTLM hashes from browsers with one click https://github.com/rubenformation/ms-photos_NTLM_Leak
GitHub - rubenformation/ms-photos_NTLM_Leak: New unpatched 0 day vulnerability allowing to leak NTLM hashes from browsers with one click
New unpatched 0 day vulnerability allowing to leak NTLM hashes from browsers with one click - rubenformation/ms-photos_NTLM_Leak
github.com
November 18, 2025 at 10:36 AM
New unpatched 0 day vulnerability allowing to leak NTLM hashes from browsers with one click https://github.com/rubenformation/ms-photos_NTLM_Leak
Impacket with added MSSQL Relay server https://github.com/epotseluevskaya/impacket_mssqlrelay/tree/ntlmrelayx_mssqlrelayserver
GitHub - epotseluevskaya/impacket_mssqlrelay at ntlmrelayx_mssqlrelayserver
Impacket with added MSSQL Relay server. Contribute to epotseluevskaya/impacket_mssqlrelay development by creating an account on GitHub.
github.com
November 17, 2025 at 8:54 AM
Impacket with added MSSQL Relay server https://github.com/epotseluevskaya/impacket_mssqlrelay/tree/ntlmrelayx_mssqlrelayserver
Mullvad VPN presents And Then? https://mullvad.net/en/blog/mullvad-vpn-present-and-then
Mullvad VPN presents And Then? | Mullvad VPN
Chat Control is back on the menu. To highlight the corruption behind the proposal, Mullvad VPN now presents "And Then?" A film directed by Jonas Åkerlund.
mullvad.net
November 16, 2025 at 9:19 AM
Mullvad VPN presents And Then? https://mullvad.net/en/blog/mullvad-vpn-present-and-then
Lab used for workshop and CTF https://github.com/Pennyw0rth/NetExec-Lab
GitHub - Pennyw0rth/NetExec-Lab: Lab used for workshop and CTF
Lab used for workshop and CTF. Contribute to Pennyw0rth/NetExec-Lab development by creating an account on GitHub.
github.com
November 15, 2025 at 9:29 PM
Lab used for workshop and CTF https://github.com/Pennyw0rth/NetExec-Lab
Taming the Attack Graph: A Many Subgraphs Approach to Attack Path Analysis https://specterops.io/blog/2025/11/13/taming-the-attack-graph-a-many-subgraphs-approach-to-attack-path-analysis/
specterops.io
November 15, 2025 at 9:13 PM
Taming the Attack Graph: A Many Subgraphs Approach to Attack Path Analysis https://specterops.io/blog/2025/11/13/taming-the-attack-graph-a-many-subgraphs-approach-to-attack-path-analysis/
Introducing HTTP Anomaly Rank https://portswigger.net/research/introducing-http-anomaly-rank
Introducing HTTP Anomaly Rank
HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,
portswigger.net
November 11, 2025 at 4:12 PM
Introducing HTTP Anomaly Rank https://portswigger.net/research/introducing-http-anomaly-rank
Site Unseen: Enumerating and Attacking Active Directory Sites https://www.synacktiv.com/en/publications/site-unseen-enumerating-and-attacking-active-directory-sites
Site Unseen: Enumerating and Attacking Active Directory Sites
Site Unseen: Enumerating and Attacking Active Directory Sites
www.synacktiv.com
November 11, 2025 at 10:07 AM
Site Unseen: Enumerating and Attacking Active Directory Sites https://www.synacktiv.com/en/publications/site-unseen-enumerating-and-attacking-active-directory-sites
Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow https://github.com/AlexLinov/EntraMFACheck
GitHub - AlexLinov/EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow.
Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow. - AlexLinov/EntraMFACheck
github.com
November 11, 2025 at 7:55 AM
Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow https://github.com/AlexLinov/EntraMFACheck