SkelSec
@SkelSec
CEO and Co-Founder of Octopwn
New research is wrapping up. Spoilers: Microsoft Teams External Access is enabled in 973,328 out of 1,323,512 domains tested. A whopping 73% of organizations never changed the default setting in Teams which allows anyone to spy on user availability, OOO, and allows messaging.
For anyone interested, Offensive COM hijacking is now available on YouTube. 🤠 youtube.com/watch?v=M_U2ne…
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…
Feeling super bad right now for it but I was too hasty here. I'm 100% sure I got network SYSTEM auth for multiple triggers the last days but now all besides from one just lead to user auth. I'll take down the repo as the initial promise was wrong here, need to investigate more.🙄
To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…
To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…
🚨 Evilginx Pro 4.2 UPDATE 🚨 My priority for this update was to directly address your valuable suggestions and feedback from @x33fcon. Thank you for all the support - your feedback goes a long way in making Evilginx Pro better with every update. 💗 Happy phishing! 🪝🐟
Asking LLM to improve a function in my class. It's a rather large class. LLM (especially o3) ALWAYS wants to correct a specific line that is outside of the function, has nothing to do with the task, and is perfectly fine even according to the model. Has anyone encountered this?
Anyone knows what's up with @mikeloss ? Haven't seen him around lately and would like to contact him
If you're in Vegas next month for @defcon 33, come check out my main stage talk on Saturday 1630, Track 4¹ where I'll break my silence on this and some more shenanigans. :P ¹ defcon.org/html/defcon-33…
@leonjza getting a shoutout in this @GamersNexus video youtu.be/Vy_KWP04pfs?si… 👏🏻
sessionize.com/offensive-ai-c… submission portal closes at 11:59pm PT tonight (7/18)
Welp... reported an issue to msrc, demonstrating that kerberos TGS request with a malformed PA-FOR-X509-USER struct will crash the LSASS on any win2025 domain controller. Got the default response :/ Dunno how I feel abt this, but this was the first and last time I'm doing this.
Call For Speakers closes this Friday 7/18. Tell your friends. Tell your favorite offensive AI researchers. 🏃💨 sessionize.com/offensive-ai-c…
The countdown begins. 9 DAYS until the OAIC CFP closes. Submit your proposal by Friday, July 18. sessionize.com/offensive-ai-c…
New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when working from a C2 agent. Way easier than before thanks to some great research by @zyn3rgy youtube.com/watch?v=e4f3h5…
In case you missed it, check out my Youtube channel with videos mostly related to Windows Internals: youtube.com/@zodiacon.
I just sponsored @mrexodia. No other tool I have been so much besides x64dbg for the past 4-5 years on a daily basis. Saved me countless hours, learned so much, and helped me solve a lot of problems quickly. The work & research he is putting out has been more then invaluable to…
New #Forensics tool : INDX Carver in #Rust 🦀 github.com/airbus-cert/in…