This Microsoft Foundry lab walks through tool calling, web search, code execution, RAG, MCP, governance, and self-hosted agents.
Solid resource if you’re trying to understand the full agent stack. https://t.co/pYQsvo0tqR
A man spends 50 years teaching at MIT.
He knows his time is running out.
So he records one last lecture — everything he knows, distilled into a single hour.
He died 5 months later.
This is that lecture.
The most important hour you'll watch this week. 👇
Bookmark it for later
Targeted Keberoasting with NetExec🔥
If you have Write privileges over a user, you can temporarily add an SPN to your target user, request the service ticket, and then remove the SPN. Voilà: a crackable hash without interfering with potentially critical users. Made by @azoxlpf🚀
15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal. https://t.co/Ggah7Lfaxk
Forgot to post it, but the recording of my Black Hat talk was released last week. If you're interested in all the hybrid AD attack surface you never knew about, give it a watch: https://t.co/EraL3TPuOB
MAGIC
a wrapper around the Microsoft Graph Python SDK, designed to download incident response-relevant data from M365 environments
#DFIR#M365
by Alexander Gödekel @ SVA
https://t.co/mGvqN04O79
Prompt 1
Could you create a web application that can be used as a web view on fail2ban.
- It should be read-only (not reconfiguration or unban / ban feature)
- it should show the failed login attempts in a graph
- it should show the “ban” events in the same graph
- it should contain a table of all banned IPs, the number of failed attempts, the geo IP location, the remaining ban time, the banned service (it’s only port 22 SSH for us)
- it should show the fail2ban configuration (the active jails in a digestible way)
- the App should use React/Go/Mantine and be registered as a service listening on 127.0.0.1:8000
Prompt 2 (corrections)
Okay, so - a few issues and changes
1. Use a fancy style that looks like scan lines on an old CRT monitor, green colors, neon colors
2. The failed attempts show 0 on the front page graph. The number of failed attempts should be higher than the ban events.
3. The ban events should be shown as red warning signs (no emojis please) and when you hover it you should see the banned IP and the geo location info
4. The banned IP table shows only a single “Fail” per entry. But it should be 3 right? Something is wrong with that value.
5. The “time left” value is not exact enough. With a ban time of 1day it makes no sense to show the ban time in days. It’s better it show it in hours.
6. The banned ip table should also show that time of the ban and should be sorted by that value descending so that the newest bans show on top.
Let's start 2026 with a major Responder update!
It now supports:
- CLDAP ping pong to SMB auth.
- SNMPv3 authentication and hashes.
- New rogue Kerberos server forcing AS-REQ when receiving TGS-REQ + support for Kerberos type 17/18 hashes.
- IMAP support for NTLM authentication.
- SMTP support for AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM authentication.
- DCE-RPC server now supports SAMR, SRVSVC, WKSSVC, WINREG, SVCCTL, ATSVC, DNSSERVER
- DNS server now supports SOA, MX, SRV, ANY, etc
-> SOA -> Appear as the authoritative DNS server
-> MX poisoning → Email client connects to rogue SMTP/IMAP → capture credentials
-> SRV poisoning → Domain services connect to rogue SMB/LDAP/Kerberos → capture NTLM/AS-REQ
- LDAP GSSAPI, GSS-SPNEGO, NTLM, DIGEST-MD5
git pull
or
git clone https://t.co/6tT4wd0lrX
Happy new year to everyone!
2026 is here—time to refresh that toolkit!
Atomic Red Team:
Atomic Red Team Hands on Getting Started Guide - https://t.co/zQzBdAbZBd
Why? Exactly are you not using Atomic Red Team? - https://t.co/ctlCxcPU9O
DeepBlueCLI
DeepBlueCLI - Tactical IR - https://t.co/wx1YlaaG4e
Threat Hunting Toolkit
Looking for Needles in Needlestacks w/ Threat Hunting Toolkit - https://t.co/VSG2vWRe8u
Bloodhound:
A Blue Team's Perspective on Red Team Hack Tools - https://t.co/DR05O8D4fv
RITA:
RITA - Finding Bad Things on Your Network Using Free and Open Source Tools - https://t.co/s9fXnI0aFr
Zeek:
Introduction to Zeek Log Analysis w/ Troy Wojewoda - https://t.co/dqtz0cgedd
Wireshark:
Getting started with Wireshark - John Strand - https://t.co/XjUK5AIoFx
Search Engine:
How to Design and Execute Social Engineering Calls w/ John Malone - https://t.co/PwbInooDcY
A Broken Access Control scenario no one has talked about before.
Not a recycled bug. Not a misconfiguration.
A new access control logic pattern with real exploitation impact. 🔥
Watch: https://t.co/Qola76vOdr
#bugbountytips#bugbountytip#bugbounty
GitHub - culpur/cstrike: An elite, modular offensive security automation framework with full TUI integration, OpenAI-enhanced command chaining, real-time recon, exploitation, and pivoting. Built for serious red team https://t.co/UPfkxSekSf
@NathanMcNulty@fabian_bader I see I'm not the only one going for unofficial API https://t.co/YlcF86WZ25 where I target a lot of apis that have no proper equivalent. It's a bit of shame those actually exists but somehow they are not public.