Olivia
Online
Charlie Clark
@exploitph
Joined January 2010
1.1K Following
5.3K Followers
1.3K Posts
Pinned Tweet
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy:
https://t.co/eWoPZcPEN6
This release is probably going to be one of our biggest and most impactful! Kudos to the team @peterwintrsmith @modexpblog @s4ntiago_p @GigelV41464 @saab_sec 🙌
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
@UrfinJuice9 each ticket requires a referral
Who to follow
Will Schroeder
@harmj0y
Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
Lee Chagolla-Christensen
@tifkin_
I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7.
https://t.co/UsRIholZ3M
A little example of cross domain S4U:
https://t.co/2SQjHs1iDd
Happy to finally share a new blog with @exploitph on our work revisiting the Kerberos Diamond Ticket.
✅ /opsec for a more genuine flow
✅ /ldap to populate the PAC
🆕 Forge a diamond service ticket using an ST
We finally gave it a proper cut 💎
https://t.co/lxneqm3Ssi
@sekurlsa_pw @al3x_n3ff the same technique also allowed me to bypass authentication silos:
https://t.co/8BYGfrOSIh
@sekurlsa_pw @al3x_n3ff this technique makes several attacks possible, one I wrote about at the same time is kerberoasting from a mitm position without creds:
https://t.co/m8KkI9s5Mi
@al3x_n3ff yeah, I did that 3 years ago:
https://t.co/m8KkI9s5Mi
Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been working on for the past couple months.
This dives into DCOM Interfaces that enable remote ETW trace sessions without dropping an agent to disk.
Includes a detailed write-up: https://t.co/AiSJZwu3zk
And a new GitHub project "JonMon-Lite": https://t.co/A0rtvhvZNG
My #SOCON2025 talk is now live for those interested in credential guard research. https://t.co/1fXHuRyNq9
@_RastaMouse @_EthicalChaos_ @__invictus_ @4ndr3w6S the reason I think the TDO holds both is because when you sync the TDO, you get both keys
@_RastaMouse @_EthicalChaos_ @__invictus_ @4ndr3w6S I think the TDO holds both, as I said I think it's due to how the server lookup is coded, it was easier to have a trust account for requesting tickets rather than trying to code it differently or something, but I'd need to be familiar with the code to be sure
@_RastaMouse @4ndr3w6S @SteveSyfuhs I assume it's something to do with how AD does the server lookup though
@_RastaMouse @4ndr3w6S idk why exactly, ig you'd have to ask MS, perhaps the way AD works under the hood it requires an actual account to create a ST
@_RastaMouse @4ndr3w6S so you request a referral to krbtgt/domain2, it uses the account cred for the DOMAIN2$ INTERDOMAIN_TRUST_ACCOUNT as the service key for the referral
@_RastaMouse @4ndr3w6S I assume you mean the INTERDOMAIN_TRUST_ACCOUNT, in which case it's used to request a referral to the foreign domain
@_abs0lute fwiw, I've not noticed a speed increase for AES encrypted tickets, only RC4
fwiw, you can speed up cracking RC4 kerberoast tickets by requesting the ticket from the AS without a PAC
@_abs0lute using hashcat at least
@_abs0lute I'm not sure about with john and certainly the more resources you have, the larger increase you'll notice, but it seems to be due to the enc-part being around 1000 bytes smaller (at around 100-200 bytes without a PAC), it doesn't make a huge difference but it's definitely faster
@TheCovertCorvus I mentioned this in my blog post:
https://t.co/WTVV1N1W9p
@TheCovertCorvus no, you can request any non-krbtgt ticket from the AS without a PAC without any changes required
Last Seen Users on Sotwe
kadınların Gerdek gecesi İtirafı
Seen from Egypt
VÀO ĐÂY XEM CU NÈ
Seen from Vietnam
OLD AND YOUNG
Seen from Netherlands
فايف فواف
Seen from Jordan
[email protected]
Seen from Germany
Korjikova Anfisa
Seen from United States
KRAN
Seen from Thailand
Ibra
Seen from Malaysia
Hümeyra
Seen from United States
Legba00
Seen from Argentina
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers