notEricaZelic
@IAMERICAbooted
There is always more to the story than you know. Cat herder. Your perception is not my reality. Posts don't represent my employer(s).
Troubleshooting 101 tips: Static: 1. If it exists on an endpoint, the Windows Event Viewer is your best friend 2. Often, configuration of providers to the Event Viewer and log rotation are not ideal. Check c:\users\<youruser>\appdata\local, archive, and start reviewing. 3.…
Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by @0xcc00 parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - @LawrenceAbrams bleepingcomputer.com/news/microsoft…
The only problem is helping change control understand
Yes 👇👇👇 The advantage attackers have is they can determine the initial point and timing of an attack. The advantage defenders have is that they get to setup and operate the environment attackers must try to attack into. The defensive advantage can be incredibly powerful.
Normally you can't auth to Entra ID connected webapps with bearer tokens. But if Teams can open SharePoint/OneDrive with an access token, I guess so can we. roadtx now supports opening SharePoint with access tokens in the embedded browser 😀
I wonder how many cat pictures were exfiltrated
Is that bad bloomberg.com/news/articles/…
The finance department is the root of all evils. For every user experience complaint I get from now on, I'll refer them to the CFO 😋
Do you know what's great about landing in on-prem SharePoint? Hacktive Directory is nearby and there's usually a path out of the DMZ
What's new and exciting? Did I m8ss any good doom scrolling?
For anyone wondering what this means, it applied to system accounts. If you don't know what that means, you should ask someone who does. dodcio.defense.gov/Portals/0/Docu…
Not to be pedantic, but this is not bypassing anything nor is it new If you allow users to log in with password + MFA, they can still be phished even if they have phishing resistant methods registered Require phishing resistant authentication and this attack doesn't work...
🚨 Hackers are bypassing FIDO keys—without breaking them. A new phishing trick fools users into scanning legit QR codes, handing attackers full access. The worst part? It abuses a real cross-device sign-in feature. How PoisonSeed pulls it off ↓ thehackernews.com/2025/07/poison…
Your authentication requirements will be determined by the compliance frameworks implemented in the organization and will be dependent on the vertical for which you do business within. Compliance frameworks are chosen based on regulatory requirements with state and federal laws.…
Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…
Most red teamers ignore the clipboard. You can pull: – VPN creds – MFA tokens – AWS keys – Password manager dumps All from CTRL+C. Nobody checks it. Nobody clears it. But it’s always there. Use it. 👊🏾
If you find someone who can do politics well at work, see if they will mentor you. It's a skill that should not be underestimated, like I have done previously. It feels fake and unauthentic because it is. But it's necessary, or people will never engage you.
I learned to phish from @mrgretzky, Altered Security, and HackTheBox youtube.com/watch?v=cFd_gl…
#x33fcon 2025 talks: @domchell - Hiding in Plain Sight > youtu.be/GyoxCTYPAus
#x33fcon 2025 talks: @kevin0x90 - Beyond PsExec - Stealthy Lateral Movement Techniques > youtu.be/C8i337_BdvE
Customer guidance for SharePoint vulnerability CVE-2025-53770
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release…