The blog with how to use the rainbow tables for Net-NTLMv1 is finally live!
https://t.co/LjN9y6PHXA
My slides from presenting at BRCC are still available if you're curious about how crazy of a three year journey it was to get them created.
https://t.co/NfFotEh7ah
Back from my first @defcon! Thank you to everyone who helped put on such an amazing event. Special shout out to @_sn0ww, @JC_SoCal & the rest of the @sec_defcon community as well! Met so many great people there this weekend, far too many to tag. Stay in touch & see you next year!
Today the United States Department of Justice announced a policy revision to the United States CFAA (Computer Fraud and Abuse Act). The new revision places exemptions of criminal charges for "good-faith" security researchers.
More information:
https://t.co/8kTDSXWPA7
The first blog post is here. This one covers the technical details of CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability).
The vulnerability was patched as part of the May 2022 Security Updates from Microsoft.
https://t.co/MJKEoZTuo2
Fresh off the #WayWest2022 Toolshed, dropping my new Office365 userenum technique against Federated tenants, check it out below!
B: https://t.co/1r2s6p684S
G: https://t.co/eccS8ChtCn
@HackPotter and I will be speaking @BSidesIowa later this month (4/23)! Be sure to grab a badge if you haven't yet. We have a great hour of Social Engineering techniques and tactics to talk through! Good info for both attackers and defenders! https://t.co/84wymYmgVo for details
Shout out to @knavesec for making me submit my first PR today! Make sure to check out @knavesec's Credmaster(https://t.co/AD2XtH4kFn) for all of your password spraying needs!