Ever run into an Azure SAS token URL while testing? This fantastic blog by @jakekarnes42 helps demystify all those parameters to show you the potential options to get to other files in the storage account - https://t.co/MXMBZPobo6
Here's another serious vulnerability to add onto the list of recent Azure issues. This is our write up (and a thread) on CVE-2021-42306 (CredManifest), which addresses the cleartext storage of App Registration credentials in AAD SP manifests. https://t.co/PyBTYzL14g (1/5)
How I write HTTP services in #golang has changed over the years... here's my current style.
(Please consider sharing this with somebody you know who's learning Go.)
It's a yarn... 🧶
1/13
Releasing gcpHound ..!!
This is an Offensive ToolKit for GCP. Along with privilege escalation and data exflitration , it’s got cool function for persistence and lateral movement from @Richarjb
Checkout blog post below for more information.
https://t.co/6RcGUoqLhk
Shameless self-promo, but I'll be giving the talk "Hacking G Suite: The Power of Dark Apps Script Magic" at the upcoming Defcon 29 conference in Vegas.
If you're interested in learning more about red teaming companies on GSuite come check it out 👍.
https://t.co/niu4Jg7UXq
New addition to Get-AzPasswords in MicroBurst!
We just added the option (-AKS) to export the clusterAdmin and clusterUser kubeconfig authentication files for AKS clusters. https://t.co/QKXNJYpLPC
Introducing Patrolaroid, a malware scanner for AWS instances that doesn't yeet around your prod.
@rpetrich & I made it OSS so ppl don't have to deploy sketchy security tools in prod just for basic coverage of malware, miners, toolkits, backdoors, etc.
https://t.co/yw4pbIHkaa
New blog just went up. Some research on enumerating + exploiting compromised Azure managed identities with some new scripts that I added to MicroBurst. https://t.co/YDevzb6qlV
What a time to be alive... Install the Microsoft signed Hybrid Connection Manager on victim host, link it up with your Azure app, enjoy persistent access to the on-prem network from your Azure portal. Only needs https outbound to Azure and line of sight from victim to target host
Want to detect SQL Server OS command execution or link crawling behavior? Check out the PowerUpSQL wiki for new detection guidance: https://t.co/tFKmGIorw7 @NetSPI
Just when you thought JSON was the one thing you could trust. My latest research on JSON interoperability vulnerabilities highlights the risks of inconsistent parser behavior (40+ parsers) and attacks to bypass business logic in microservice architectures. https://t.co/A3MQkLpAXe
I added a -ModifyPolicies flag to Get-AzPasswords to temporarily add Key Vault "Get" and "List" Access Policy rights for your current user on all Keys and Secrets in a vault. This will revert any policy changes it makes when it's done. https://t.co/h3EwMt9JWZ
MicroBurst Update! We just approved a PR to add methods for dumping automation account credentials, and running commands on VMs, all using the management REST APIs. Thanks to @passthehashbrwn for the awesome work! You can find the new functions here - https://t.co/635hXJLRyx
i tried to make a beginner-friendly post about some of the basics related to code coverage in fuzzing, just going over terminology, common strats, and some tooling. hopefully this will be useful for some! https://t.co/Tu0eZep5rC
I'm super excited about this post finally going live, but here is some fantastic Kerberos research by @NetSPI 's @jakekarnes42! This link is the intro post, but additional links are there for the two deep dive follow up posts on CVE-2020-17049.
https://t.co/M4EyxrKNNc
Tomorrow, @CptJesus and I are releasing the newest version of #BloodHound: 4.0. See the new features, new GUI, and new attack primitives first during our SO-CON presentation called "Six Degrees of Global Admin". Register here: https://t.co/JrR4iohnNd