Reposted by Opcode
🆕 New blog post! It's a rather short one, nothing crazy. Just wanted to share a random finding I made recently. 🤷♂️
'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'
👉 blog.scrt.ch/2025/05/20/h...
#pentest #pentesting #redteam #windows #privilegeescalation
'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'
👉 blog.scrt.ch/2025/05/20/h...
#pentest #pentesting #redteam #windows #privilegeescalation
Hijacking the Windows “MareBackup” Scheduled Task for Privilege Escalation – SCRT Team Blog
blog.scrt.ch
May 28, 2025 at 7:08 AM
🆕 New blog post! It's a rather short one, nothing crazy. Just wanted to share a random finding I made recently. 🤷♂️
'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'
👉 blog.scrt.ch/2025/05/20/h...
#pentest #pentesting #redteam #windows #privilegeescalation
'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'
👉 blog.scrt.ch/2025/05/20/h...
#pentest #pentesting #redteam #windows #privilegeescalation
Reposted by Opcode
Exploiting BadSuccessor from A to Z with NT hash of impersonated accounts using bloodyAD v2.1.16
github.com/CravateRouge...
github.com/CravateRouge...
May 27, 2025 at 9:54 AM
Exploiting BadSuccessor from A to Z with NT hash of impersonated accounts using bloodyAD v2.1.16
github.com/CravateRouge...
github.com/CravateRouge...
Reposted by Opcode
Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida.
sensepost.com/blog/2025/in...
sensepost.com/blog/2025/in...
April 17, 2025 at 12:15 PM
Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida.
sensepost.com/blog/2025/in...
sensepost.com/blog/2025/in...
Reposted by Opcode
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
WinRMS Relaying
YouTube video by Sense Post
youtu.be
April 14, 2025 at 4:40 PM
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
Reposted by Opcode
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
April 8, 2025 at 11:00 PM
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31