Andrea Pierini
@decoder_it
Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc @splinter_code Our writeup here: labs.sentinelone.com/relaying-potat…
Am I the only one who finds all the Entra/Azure/O365/etc.. sec stuff so boring? Every time I promise myself I’ll finally dig deep and take it seriously… I give up halfway. I really need help finding the right motivation.😅
Excellent research by my colleague @RedPanda4Good, exploring the path from golden gMSA to golden dMSA :)🔥
Golden dMSA: One key to rule them all Just found a new flaw in Windows Server 2025's dMSAs that lets attackers brute-force ALL managed service account passwords with 1024 attempts. This research builds on the awesome research Golden gMSA (@YuG0rd ). semperis.com/blog/golden-dm…
Another Monday. Another week of… endless emails, annoying meetings, and oh look, a three-headed monkey behind you! Now that we have your attention, we can unveil the agenda for #RomHack2025 romhack.io/romhack-confer… #infosec #securityconference
Regarding #CVE-2025-33073 fixing NTLM/Kerberos reflection attacks via SMB: the patch only covers SMB clients. The "CredMarshal" trick still works on RPC and HTTP. But those protocols sets the unverified target flags, which block exploitation. So, is reflection dead? Let’s see…
At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…
Looks like the patch for #CVE-2025-33073 might not fully resolve the issue... curious to see where this leads
No disrespect to Linus Torvalds, but this guy is the greatest geek alive 🫡 Created UNIX in 1971 when he was 28 years old. Created Go in 2009 when he was 66 years old😲 He also developed the B programming language (which led to C), created UTF-8 encoding (making international…
Attention @kalilinux users! In the coming day(s), apt update is going to fail for pretty much everyone. The reason? We had to roll a new signing key for the Kali repository. You need to download and install the new key manually: offs.ec/4lUEtak
I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…
Call for Papers for #Romhack2025 is still open! If you have cool research to share, don’t hesitate to submit. The perfect setting for great talks, great company, and a chance to visit the "Città Eterna". cfp.romhack.io/romhack-2025/c…
I spoke about the initial credential guard vulnerability at #SOCON2025, but I left out the part where the fix could be bypassed. Both bypasses have now been fixed which I cover in my blog post along with some juicy technical details. Enjoy.
Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: ow.ly/WcuW50VAOTg
NTLM relay is still a major threat and is now even easier to abuse. We just added new NTLM relay edges to BloodHound to help defenders fix and attackers think in graphs. Read my detailed post - the most comprehensive guide on NTLM relay & the new edges: ghst.ly/4lv3E31
AI makes writing regex in any language way easier. Especially for a dummy like me! 🤣
Is there any valid reason why I'm still getting "Network Device Enrollment Service cannot provide its password because the user does not have Enroll permissions on the configured certificate template" even if the configured account has enroll perms on the configured template?
Hey, we should really switch from NTLM to something like Kerberos, yet another good reason, right? cc @ShitSecure @splinter_code 😂🤣
