It is not #Crowdstrike related nor that sexy, ok but still :
2 more unfixed CVE (SQLi including a preauth. one) released by our team CVE-2024-28298 CVE-2024-28297
https://t.co/UmG8eEr3hg
And
https://t.co/maKktjV9CT
cc @_kx90@Hypnoze57 ;)
#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate
https://t.co/LZ1ynVNY7w
Today our teammate @_kx90 released the #CVE-2023-27001 which targets a plateform used by ISO guys for, you know, ISO-27001 risk mgmt 😄
(Yep CVE id is pure coincidence but still funny)
Simple JWT token craft to gain SuperAdmin privs from guest...yes sir
https://t.co/pqZMg8jalx
New blog: "Abusing forgotten permissions on computer objects in Active Directory".
The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. https://t.co/T8WmiIoL53
Our team just released the Advisory + associated exploit for #cve-2021-36100 we discovered during a #Pentesting
exercise, note that the community edition will not be fixed ;)
OTRS 6.0.X - Remote Command Execution
Advisory:
https://t.co/oLl1AR7oVJ
Exploit: https://t.co/yBkCKWaKzY
Friday workshop with my teammates - thanks guys, this is always cool to share #redteam experience and skills outside the pure IT itself (and very useful in real-life exercises!)
cc @Nemiras @Hypnoze57@_kx90@darksh3llRU@Grunch_ @anthomaestre and @defane as well
A 🧵
L0phtCrack has been a really wild ride.
As of version 7.2 L0phtcrack is now open source.
Released on GitLab.
https://t.co/4UF05eZzKR
https://t.co/0q7ZpvaFvG
It is actively seeking maintainers.
Many thanks to @dildog, @WeldPond, and all others.
Story time…
Just published the fifth blog of the "Offensive WMI" series! This one focuses on active directory enumeration. Here it is. :)
"Offensive WMI - Active Directory Enumeration (Part 5)"
https://t.co/NVuYcDizXT
NTLM Relaying via Cobalt Strike
'NTLM relaying is a popular attack strategy during a penetration test and is really trivial to perform.
'
#infosec#pentest#redteam
https://t.co/V5cDh1Uo6j
Our team also start to release some advisories today !
Both #CVE-2021-27930 (stored #xss) and #CVE-2021-27950 (SQLi leading to admin takeover+#RCE) discovered during #pentest are now available on our public #github repo ;)
#offensive#security#Pentesting https://t.co/u8zSbuHqfO
Microsoft Exchange Deserialization to Post-Auth RCE (CVE-2021-28482)
* MeetingPollHandler Deserialization
GET /owa/MeetingPollHandler.ashx?PayloadType=ApproveProposedOptions&ItemId=OID.xxxxxx.2021/05/11&RequestId=123123123"
https://t.co/Ex7yeagJrZ
I can't believe the industry is accepting the "Continuous Automated Red Teaming (CART)" term.
You
CANNOT
AUTOMATE
A
RED
TEAM
We are people, we are humans, your tool can't replace us. Same goes for blue team BTW! #redteam#infosec@scythe_io has/will never be marketed like that
Our initial chapter about #redteaming in real-life blog series is now online!
A short intro but juicybcontent will come ;).
Stay tuned (Hope you'll find it interesting 😬)
https://t.co/08VnEQIqSf
#redteam
cc @POST_Luxembourg