Escalating from On-prem to Entra through MITM Attacks
My colleague @0x64616e just published his latest research on lateral movement between on-premises Active Directory and Entra through DNS hijacking. Check it out:
➡️ https://t.co/p8vv1DcAIe
New GhostWorks blog! 👻
@_xpn_ continues his series, exploring how LLMs are impacting how we approach endpoint security, from EDR analysis to evasion research.
⬇️ Read more https://t.co/KHiBOkOPDJ
🚀 Luma is here.
A new workspace for Frida.
Persistent sessions. Interactive REPL. frida-trace. Collaboration.
Available now for macOS, iOS, Linux, and Windows.
Kubernetes assessments just got easier.
@RonJonArod dropped two new Mythic extensions for helping with initial access on container-centric red team ops:
➡️ Wrap payloads in OCI images
➡️ Host them in a self-managed registry
➡️ Deploy via K8s manifest
https://t.co/iRXh7VS3gD
I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy!
https://t.co/a1rGl3wss8
A few months ago I found a bypass in Conditional Access Policies via Nested App Authentication.
Special shout out to @chrisphilipov for his help with this one.
https://t.co/IluFavrXqX
I managed to play around with Outflank's local model for shellcode runner generation. I ran it on Nvidia 3090 100% local. Results? Expect a video on my channel soon.
I released EtwSuite: A Windows native ETW inspection suite for listing providers, reading metadata, parsing manifests, creating sessions, consuming events, and opening ETL files from one place for x64 and ARM64. https://t.co/j3k0fnhGPv
Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog!
https://t.co/jeaMcyAQ2J
After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of:
https://t.co/ftd24bHryj
Fresh @safebreach Labs research! 🔥
CVE-2025-59199 breaks down a highly creative low-integrity Windows LPE path.
Learn how Notifications, COM objects, URIs, DevTools, and Windows Apps chain together in a single exploit. Great work team! 👇
https://t.co/1PgKB1WIxe
RedSun: Exploiting Windows Defender's Remediation Workflow for Local Privilege Escalation
Just showing some appreciation for @ChaoticEclipse0's excellent work. Hopefully this won't get us banned!
https://t.co/Z4zbaa2Jcd
🔓 On an asset under our continuous monitoring, our pentester @nol_tech turned a SELECT-only PostgreSQL SQLi in Drupal (CVE-2026-9082) into a full RCE when DB role is superuser. Details below 👇
📝 https://t.co/R7F5XQ2vZD
🛠️ https://t.co/yRJ8zX1Nlb
#Drupal#PostgreSQL#RCE#SQLi
Hey all! If I've been quiet (for me) it's because I've been hard at work on a NEW phishing technique I'm excited to share. I'm calling it "#Vaultjacking" and the impact is honestly a bit sobering.
In my blog I demonstrate how a single AiTM landing page can spoof your Google passkey/password manager PIN and use that to access ALL of a victim's third-party credentials (yes, including passkeys). A simple phish on one site can lead to a total compromise of all Chrome-saved credentials. 😬
As always, I'm sharing for awareness and will include in my forever-free training in the PhishU Framework.
https://t.co/286DXdDkMr
#SisforSpearPhishing #VisforVaultJacking
Stop burning RDP persistence with 4732 alerts. Bypass the "Remote Desktop Users" group entirely.
GUI access only requires:
- SeRemoteInteractiveLogonRight (Inject SID via secedit)
- RDP-Tcp listener permissions (Modify CIM class)
OPSEC: Trades 4732 for 4704. Most SOCs don't tune 4704 with the same aggression.
h/t @Cptjesus for the concept.
I just released EIDVirtual v2! 🚀
Get a virtual smart card reader that uses a real USB drive for free. It automatically simulates a GIDS applet to manage your certificates—a perfect alternative to TPM-based MS Virtual Smart Cards.
Check it out here 👇 https://t.co/SDcXAbocOt