Patrick

🚀 AZexec: New Release Out Now! Big update with a ton of new offensive capabilities added: - Lockscreen enumeration: detect Windows lockscreen accessibility backdoors - Intune enumeration: enumerate Endpoint Manager–managed devices and configuration - Password spraying: two-phase workflow with validated usernames to reduce lockouts - Local authentication mode: target cloud-only (non-federated) accounts - OAuth2 delegation enumeration: identify consent-based impersonation paths - Remote command execution: execute commands on Azure VMs and devices - PI execution method: execute as another user via process injection - Empire execution: deploy Empire stagers for C2 access - Meterpreter execution: deliver Metasploit payloads - Spidering: enumerate and optionally download files from storage, VMs, and devices - File transfer: get and put files across VMs, Arc devices, and Azure storage - Credential extraction: dump credentials via SAM, LSA, NTDS, tokens, DPAPI, and more - https://t.co/pn75EvMlKO #Azure #RedTeam #OffensiveSecurity #CloudSecurity #Pentesting #PenTest #Offsec #Infosec #Logisek

Introducing RelayKing. https://t.co/D55uuCv6mX Blog: https://t.co/usrPECsVno Automatically identify relay attack paths. No longer will you be left to manually detect a comprehensive inventory of all the relaying vectors on your engagements. It will detect signing/EPA settings on all protocols you specify, NTLM reflection CVEs, and WebDav WebClient presence. Then, produce a comprehensive report of the relaying vectors on the network in your preferred output format. This ensures that you report ALL vulnerable instances easily, without the need for manual patching together of results from various tools. Ideal usage is with a set of low-privilege AD credentials, but it also supports unauthenticated scanning (with far less coverage). See GitHub and the blog post for more details. Please note that there ARE bugs. The LDAP(S) detection has been annoying but SHOULD be mostly solid. If you get suspicious results from it, please report an issue on GitHub with the config RelayKing reported, versus the actual one. Enjoy!

I'll bite lol. Props to mentors Deviant, FC, Will S. and other OG red teamers out there who pwn hospitals, airports, banks, LE agencies, etc. all day long by showing up on site ready to roll. Failure rate is around 5% - simply not an option on this side of it. Only public, well-known TTPs shown for obvious reasons, but let me tell you COTS equipment can be devastating if used correctly.

🚨Alert🚨 CVE-2026-24061 (CVSS 9.8): Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access. 🧐Deep Dive :https://t.co/HZZTr0KPF4 🔥PoC : https://t.co/NMdo35SK4a https://t.co/s8c9pWPRHA 📊 30M+ Services are found on the https://t.co/g3tSyh13yE yearly. 🔗Hunter Link:https://t.co/jBfnZq8Il3 👇Query HUNTER : protocol=="telnet" 📰Refer:https://t.co/MRJXrVZr5h https://t.co/nuF42YxqqZ' #hunterhow #infosec #infosecurity #OSINT #Vulnerability

Responder 3.2.2.0 is out! This new version comes with two new poisoners: RDNSS and DNSSL. Inject an IPv6 DNS server on all workstation present on your subnet. 2 new options were added: --rdnss and --dnssl https://t.co/W1ZkLo6Gj3 These two new poisoners are highly effective :) For more info about DNSSL attack, refresh your memory here: https://t.co/bGi1mctJzK

IPv6: Responder use to try to find a globally routable IPv6 (using a socket connect trick) first and only falls back to link-local on exception. Works great on the internet but this is backwards for internal pentesting scenarios. Now forcing bind on Local Link addresses, can be changed by using -6 IPv6_addr Now authentications are flying :)