RedTeam Pentesting
@redteam-pentesting.de
Reposted by RedTeam Pentesting
Just 10 days left until our first CTF, Haix-la-Chapelle, starts!
We have been hard at work and are excited to have you play our challenges 👀
CTF starts at 10am CET on 29th November with prizes sponsored by our lovely sponsors @redteam-pentesting.de and @binary.ninja
We have been hard at work and are excited to have you play our challenges 👀
CTF starts at 10am CET on 29th November with prizes sponsored by our lovely sponsors @redteam-pentesting.de and @binary.ninja
Haix-la-Chapelle 2025
Haix‑la‑Chapelle 2025 is a online Jeopardy-style CTF organized for the first time by Pwn‑la‑Chapelle and friends!
It...
ctftime.org
November 19, 2025 at 2:26 PM
Just 10 days left until our first CTF, Haix-la-Chapelle, starts!
We have been hard at work and are excited to have you play our challenges 👀
CTF starts at 10am CET on 29th November with prizes sponsored by our lovely sponsors @redteam-pentesting.de and @binary.ninja
We have been hard at work and are excited to have you play our challenges 👀
CTF starts at 10am CET on 29th November with prizes sponsored by our lovely sponsors @redteam-pentesting.de and @binary.ninja
🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29!
We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.
haix-la-chapelle.eu
We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.
haix-la-chapelle.eu
Haix-la-Chapelle 2025
haix-la-chapelle.eu
November 19, 2025 at 8:11 AM
🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29!
We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.
haix-la-chapelle.eu
We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.
haix-la-chapelle.eu
🚨8 months after public disclosure, RHEL @almalinux.org @rockylinux.org are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
November 13, 2025 at 8:59 AM
🚨8 months after public disclosure, RHEL @almalinux.org @rockylinux.org are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
Reposted by RedTeam Pentesting
So CVE-2025-33073 (Reflective Kerberos Relay) has been added to CISA KEV. In the original writeup, SMB Signing (server-side) is listed as a mitigation for this vulnerability. HOWEVER...
blog.redteam-pentesting.de/2025/reflect...
blog.redteam-pentesting.de/2025/reflect...
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While rese...
blog.redteam-pentesting.de
October 20, 2025 at 7:10 PM
So CVE-2025-33073 (Reflective Kerberos Relay) has been added to CISA KEV. In the original writeup, SMB Signing (server-side) is listed as a mitigation for this vulnerability. HOWEVER...
blog.redteam-pentesting.de/2025/reflect...
blog.redteam-pentesting.de/2025/reflect...
Reposted by RedTeam Pentesting
We are happy to announce that we will be hosting our first ever CTF, Haix-la-Chapelle 2025, on the 29th of November!
It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours.
You can find the CTFTime event at ctftime.org/event/2951
See you there!
It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours.
You can find the CTFTime event at ctftime.org/event/2951
See you there!
Haix-la-Chapelle 2025
haix-la-chapelle.eu
October 8, 2025 at 4:37 PM
We are happy to announce that we will be hosting our first ever CTF, Haix-la-Chapelle 2025, on the 29th of November!
It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours.
You can find the CTFTime event at ctftime.org/event/2951
See you there!
It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours.
You can find the CTFTime event at ctftime.org/event/2951
See you there!
👀 Turns out MS-EVEN can do a lot more than NULL auth:
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
August 19, 2025 at 7:02 AM
👀 Turns out MS-EVEN can do a lot more than NULL auth:
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯
*If you are willing to trigger Windows Defender.
We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard 🏆
#rwth #informatik #aachen
#rwth #informatik #aachen
June 17, 2025 at 9:14 AM
We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard 🏆
#rwth #informatik #aachen
#rwth #informatik #aachen
Based on our testing, MS seems to have fixed CVE-2025-33073 by blocking the CredUnmarshalTargetInfo/CREDENTIAL_TARGET_INFORMATIONW trick!
@tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
bsky.app/profile/redt...
@tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
bsky.app/profile/redt...
June 11, 2025 at 10:44 AM
Based on our testing, MS seems to have fixed CVE-2025-33073 by blocking the CredUnmarshalTargetInfo/CREDENTIAL_TARGET_INFORMATIONW trick!
@tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
bsky.app/profile/redt...
@tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
bsky.app/profile/redt...
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While rese...
blog.redteam-pentesting.de
June 11, 2025 at 8:04 AM
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon.
Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥
Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥
June 10, 2025 at 1:15 PM
🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon.
Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥
Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥
Newer Windows clients often enforce signing ✍️ when using SMB fileshares.
To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by @lowercasedrm.bsky.social .
github.com/fortra/impac...
To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by @lowercasedrm.bsky.social .
github.com/fortra/impac...
smbserver.py: add signing support by using computer account with NetLogon by rtpt-romankarwacik · Pull Request #1975 · fortra/impacket
This pull requests adds the option to support signing for arbitrary clients in a domain.
Most of the NetLogon code is based on this gist by @ThePirateWhoSmellsOfSunflowers.
To use this functionalit...
github.com
June 5, 2025 at 8:13 AM
Newer Windows clients often enforce signing ✍️ when using SMB fileshares.
To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by @lowercasedrm.bsky.social .
github.com/fortra/impac...
To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.py based on a prior work by @lowercasedrm.bsky.social .
github.com/fortra/impac...
🎉 It is finally time for a new blog post!
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
June 4, 2025 at 7:57 AM
🎉 It is finally time for a new blog post!
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...
Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity
blog.redteam-pentesting.de/2025/windows...