Oddvar Moe

Feels incredible to finally be able to talk about this tool and capability. Thanks to everyone that attended the webinar today, much appreciated. This is a tool that the entire Targeted Ops and Research team at TS has contributed to. I initially wrote the tool, but @freefirex2…

Is that the new term now? Getting coldplayed

🤣

This is so much! 🔥🔥😎 Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate. github.com/warpnet/MS-RPC…

Congratulations to @Carlos_Perez and @Oddvarmoe for being named Microsoft MVPs this year! MVPs are technology experts recognized for passionately sharing their knowledge with others. This marks 12 years for Carlos and 10 for Oddvar 🙌 mvp.microsoft.com/en-US/mvp

DMARC can reveal more domains associated with a target. dmarc.live/info/<target-domain> allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool: github.com/Tedixx/dmarc-s…

Tool release form my @Steel_Con talk. Nothing ground breaking but free tools are free tools github.com/two06/LinkedIn…

No need to bypass AV/EDR when you can just use Chrome Remote Desktop as your backdoor. Check out the blog post from @TrustedSec trustedsec.com/blog/abusing-c…

Thrilled to have spoken at @x33fcon! 🙌 As always the conference is really great and I appreciate being selected as speaker there. The talk is now available here 👇

Thrilled and humbled to be awarded Microsoft MVP for the 10th year! 🙏 Grateful for the amazing community, endless learning, and opportunities to share knowledge. Thank you @MVPAward for this honor! #MVP #Grateful #MVPBuzz

Lenovo’s advisory here support.lenovo.com/us/en/product_… Seems they want people to manually delete instead of automatic deletion of the scheduled task 🤷‍♂️

The writeup about the CVE-2025-1729 I mentioned earlier this year is published. Fix from Lenovo should be out today.

I just love when I I write something and someone else takes it many steps further! Awesome writeup here

New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when working from a C2 agent. Way easier than before thanks to some great research by @zyn3rgy youtube.com/watch?v=e4f3h5…

Some weeks ago, @TrustedSec has posted a really interesting blog post about the MDT shares, and credentials that can be found inside. But one question remained unanswered: where are they? I have tried to answer this question: hideandsec.sh/books/windows-…

Lenovo Applocker bypass (@Oddvarmoe), Citrix Bleed 2 (@SinSinology, @inkmoro, Aliz Hammond), A+ adversary simulation (@quarkslab), DreamWalkers loader (@max2cbx), and more! blog.badsectorlabs.com/last-week-in-s…

Critical vulnerability in Lenovo's Windows directory allows AppLocker bypass via writable MFGSTAT.zip file. Immediate remediation recommended. Link: thedailytechfeed.com/lenovos-writab… #Security #Lenovo #Windows #Exploit #Remediation #Patch #Software #Cyber #Hacking #Threat #Tech…

Lenovo Tells Users to Delete Windows File Enabling AppLocker Bypass cyberinsider.com/lenovo-tells-u… #Lenovo #Microsoft #Windows

🚨 Heads-up for #AppLocker admins on #Lenovo laptops. ICYMI There's a sneaky leftover file inside C:\Windows\ that can be used to bypass your AppLocker restrictions. 😱 It’s part of Lenovo’s OEM setup. Worth checking for and removing if you rely on AppLocker. 🔍 Info about the…

TeamFiltration tool abuse - I've been playing around with it today. So far...if at least 10 users are selected for enum with SFA ROPC logins or spraying --> Below is rule that catches some of the enum and spraying. AADSTS50126 is one of the main error codes likely seen.…