Thank you all for your feedback and for pushing my OSCP Guide as well as my Cybersecurity Handbooks to 1k on each repository!! Never thought that this could happen!! I am happy to see that I created something useful and giving back a little bit to the community <3
#OSCP#offsec
Onelogon: Taking over Active Directory Accounts via Netlogon🔑
We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵
Windows DNS Client RCE -- CVE-2026-41096 POC -- qdcount=0, a DNS OPT resource record (type 41), and 0xff bytes via example response -- https://t.co/wzSIXuCLPo
For windows.
The second you plug that drive in, Windows logs the Volume Serial Number to the Registry.
When the Forensice analyst (or Feds) audit that machine, they see:
Device "KingstonDT" connected at 14:00.
Prefetch shows "Mimikatz.exe" ran at 14:01.
Unplugging the drive didn't scrub the Registry.
Mythic C2 on EarlyBird.
Leveraging Asynchronous Procedure Calls to execute memory-only shellcode within a legitimate process to avoid detection.
A post by Ivan Spiridonov (@xbz0n)
Source: https://t.co/Ru0iTMSMyV
#redteam#blueteam#maldev#malwaredevelopment
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at https://t.co/bGCIjBfD3C. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
**OFFICIAL** EDR Tier List for 2026! Based on nothing but the people in chat, vibes, guests, opinions and limited experience. Thanks to @EmericNasi@ShitSecure@_JohnHammond and @domchell for jumping in a guests to help me out this time around!
Developed a much-needed C2 channel for Mythic with @KingOfTheNOPs during a 24hr hackathon! *.blob.core.windows.net is often one of the only egress methods from more mature client environments.
@Defte_ Update:
Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements:
https://t.co/g42CHDxQdB
Now Shadow Creds are working again 😀
Today I had an ldap https://t.co/evbXcRdpa7 socks connection but all tools failed to query LDAP via socks5 except from certipy. But certipy only queries certificate information. Well, so I let claude code something which worked 🧐
https://t.co/ytjJOcqGX7
Another vulnerability in React Server Components (CVE-2026-23864) that I reported was disclosed today.
This is separate from the one disclosed in December, so you'll need to update again.
https://t.co/k7hgEzIWDb