Here's step-by-step how to find insecure delegated permissions in your environment:
1. Download ADeleg
2. Open ADeleg
3. Click view -> index view by -> trustees
4. Click on each of these groups and check for "dangerous" permissions like WriteAllProperties
Groups:
Everyone, Authenticated Users, Domain Users, Domain Computers
What other permissions are "dangerous"? I share more details on that here...
https://t.co/nWXXYR2OFR
AI agent risk is not just attackers using AI.
It is attackers targeting the agent ecosystem most orgs cannot see yet: MCP servers, skills, packages, API keys, tool calls, and prompts.
I talked with @fr0gger_ (Thomas Roccia) about the new blind spot:
1/8
@fr0gger_ Thomas's point: attackers do not need sci-fi autonomous hacking to win.
If your agent blindly installs a package, connects to an untrusted MCP server, or follows a malicious skill, the boring path works first.
2/8
NOX is officially released.
NOX is a modular attack surface management and vulnerability scanning framework written in Go with 299 built in modules covering OSINT, subdomain enumeration, DNS, port scanning, web fingerprinting, and deep active security testing across web, APIs, cloud, authentication, authorization, client side, and business logic.
Built for security researchers, penetration testers, and anyone who wants a fast, extensible platform for offensive security.
GitHub: https://t.co/Nnp3FI6UBG
Feedback, bug reports, and contributions are always welcome.
My current stance on AI-assisted coding:
Web pages, styling and visual templates, POCs, demos, internal tools, internal services, automation/workflows*, code reviews, test cases*, performance tuning.
In short: anything that doesn’t hurt much if it breaks.
YES.
Standard software development, low-level programming, or coding tasks that haven’t been done publicly a thousand times and therefore are unlikely to be in the training data.
NO.
New Blog! 🇬🇧 UK Cybercrime Journal: Argos Account Takeover Fraud
- Cybercriminals are using leaked credentials to hijack Argos user accounts
- They then order and then collect the goods in-person at a physical store and pay with stolen credit cards
🔗 https://t.co/barSMpdbFI
New Blog: ClickFix: The Gift That Keeps On Giving
ClickFix continues to evolve as one of the most effective social engineering techniques for initial access.
In this blog, I share research from my @OrangeCon_nl session.
📖 Read the full blog: https://t.co/7HKT55eLOf
This template for a security incident report not only helps with documentation, but also offers guidance when capturing findings during the incident. Take it, customize it, use it.
https://t.co/4bnOLVZk7O
BioShocking AI: “Gaming” the AI Browser and Escaping its Guardrails
“LayerX researchers have discovered how a bad actor can “game” an AI browser to execute any instruction they want. By establishing a false reality, they can convince the AI to violate its security guardrails – compromise user data, copy code, perform system commands, and more.”
https://t.co/mnTATAfxav
Apparently AI has already replaced every pentester, hacked every government, writes flawless malware, cured cancer, and probably folded your laundry before breakfast.
Let's separate the hype from reality.
We'll dig into the AI arms race, the NSA rumors, what's actually changing in cybersecurity, and where AI helps... and where it confidently makes a complete mess.
If you’re looking for a practical discussion with a healthy dose of skepticism, some historical context, and a few stories about what we’ve learned the hard way, join us.
https://t.co/eEL1RG5jru
📺⚔️Demo of what we do and how we're bringing in AppLocker.
+ Sneak peak of the future AppLocker editor
+ Seamless integration to support legacy systems
Happy to share more if you want a 1:1 demo or deep dive into WDAC/AppLocker nuances, war stories, or just someone to talk to about how to do this stuff. haha
Free 100 endpoints btw. @magicswordio.
This is a great write up/read, and it's unfortunate it didn't make it to the right people during triage
This is likely a SPF/DKIM/DMARC bypass for most orgs whose MX points to a 3rd party email filter instead of Exchange Online...
I recommend mitigating with mail flow rules
Two of my fav 🇬🇧 🇨🇦 experts when it comes to discussing cyber warfare, Philip Ingram and Ian Thornton-Trump, released an interview reviewing in detail the threat landscape of 🇷🇺 Russian cyber operations in the context of the ongoing war in 🇺🇦 Ukraine.
🔗 https://t.co/4qXIDyy0Z4
Onelogon: Taking over Active Directory Accounts via Netlogon🔑
We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵
Fortinet's story doesn't match the logs. 75k firewalls were systematically looted over a month—configs exported, passwords cracked on rented GPUs, credentials now for sale. If your Fortigate shows...
https://t.co/qtlS9k7o5t https://t.co/Y6MEt8E5D7
Nice write-up by Alexander Goedeke on using MAGIC, Timesketch and Jupyter for scalable Microsoft 365 BEC investigations
What I like most is the focus on repeatable workflows and automation instead of another “AI-powered DFIR” story
Getting the right data at scale is often the hardest part
https://t.co/g1tVoqkqgU
🤓 @GoogleDeepMind just released an AI Control Roadmap!
As part of the paper they created TRAIT&R (Taxonomy of Rogue AI Tactics and Routines)
It is a MITRE ATT&CK but for AI agents.