Aurélien Chalot
@Defte_
Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher https://t.ly/9NPk0 📖 🔥 Hide&Sec 🔥
If you have seen the WinRM relay blogpost... Let me apologize. I realized too late that this technique worked because of NTLMv1 being activated. It won't work for NTLMv2. Nonetheless, I believe the feature is still interesting and have corrected the blog sensepost.com/blog/2025/is-t….
Some weeks ago, @TrustedSec has posted a really interesting blog post about the MDT shares, and credentials that can be found inside. But one question remained unanswered: where are they? I have tried to answer this question: hideandsec.sh/books/windows-…
Adriaan was struggling to get an interactive shell on the *nix application server he had popped, so he wrote a turn-based mini binary to give you a semi-interactive shell in restrictive environments. Writeup & code 👇🧵
🎙 La conférence @_leHACK_ se tiendra du 27 -29/06 à @citedessciences #leHACK 🛡 Retrouvez les talks de nos 3 collaborateurs ⤵ 🔸 vendredi @Defte_ de 14h à 14h45 et Geoffrey Sauvageot Berland de 17h15 à 18h 🔸 samedi @d3lb3_ de 10h45 à 11h30 👉 ow.ly/pxEm50WfTjN
Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥 github.com/NeffIsBack/wsu… TL;DR: If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network. 1/4🧵
And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 hosts 🤯if they have a writeable share: github.com/Pennyw0rth/Net…
Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…
IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…