tzar
@dsec_net
Red Teamer, this is the neglected home of my security ramblings. Sometimes there's useful stuff.
Password cracking with vast.ai made easier :) Enjoy. github.com/d-sec-net/VPK
My hot take on AI 🌶️. It's less about efficincy and more about scale. byt3bl33d3r.substack.com/p/ai-doesnt-ma…
Nice new feature incoming for those RT's out there using Tailscale for inf. tailscale.com/kb/1226/tailne… This change imo, addresses the what if on tail-scale being compromised. Cant really see any reason for headscale in prod if this is correctly rolled out now?
Looks sick, gui and automate all the things :)
I know AI isn’t for everyone, but I’ve been tinkering with it to make my engagement process a bit easier. I built a small tool inspired by @dsec_net’s Red Commander demos that lets you plug in your API keys (Mailgun/SendGrid, GoDaddy/Namecheap) and handles the work for you.
We've been putting these to good use lately on some ops. github.com/kozmer/aad-bofs Keep an eye on future updates from @k0zmer. #redteam
I'm calling it. Security has been solved.
“Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations” microsoft.com/en-us/security…
Excited to share that the @malcrove Red Team just dropped new blog and new tool SeamlessPass! utilizing Microsoft’s Seamless SSO feature to acquire access tokens for Microsoft 365 services by leveraging on-premises Active Directory Kerberos tickets malcrove.com/seamlesspass-l…
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code. The client is now fully extendable and scriptable via the Python API
One persons outage, is another persons OSINT op 😂
#RedTeamTips do your intel and check which orgs are running Crowdstrike
My talk on automating red team inf is out! There is a slight change to the release schedule mentioned in the talk. The API poc will be coming soon, but there have been some delays. Keep an eye out. Thanks for having me #x33fcon ! Looking forward to the next one!
#x33fcon 2024 talks: @dsec_net > youtu.be/QbOzNxiUHzA
Linux symbol obfuscation using `dl_iterate_phdr`. Great bit of research and blog from @k0zmer bulletproof.co.uk/blog/tech-talk…
Great talk on the process and results of hunting logic bugs in Mac land.
#x33fcon 2024 talks: Max K > youtube.com/watch?v=jzn5Fj…
So... this is a pretty accurate description of the current situation...
I can make you click a phishing link. Want to know how? Just click this link and I will teach you ;) Don't worry. This is not a test. Nobody will know. Just do it: posts.specterops.io/i-will-make-yo…
A few weeks ago I gave a talk at @a41con on how to phish for PRTs and phishing resistant authentication methods 👀. The slides, plus a demo video on how to do this with credential phishing are now on my blog: dirkjanm.io/talks
First ever con talk done, thanks #x33fcon for having me!
#Automating deployment and management of #redteam infrastructure in a talk by @dsec_net at #x33fcon - "Unified Red Team Automation with Red Commander"