NCV

See you in Vegas with @GyftosMarios ! Vamos!

Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0

I'm really glad to see @PyroTek3 posting actively about Active Directory again! Thank you! His blog was a big part of my learning journey growing up!

Which offensive security tool is considered the most popular in the cybersecurity community?

🚀 Just 2 days to go until the launch of Shellter Elite v11.1

🔥

Building off of @CodyBurkard's prior work, I put together a tool for automating the decryption of Entra ID application tokens from Azure App Services resources. Here's a blog that outlines the tooling: netspi.com/blog/technical…

Third-party vendors don’t follow the Principle of Least Privilege (PoLP). As long as this is true, attackers win!

This might be useful for enumerating the SaaS products companies use, but it was more of an exercise in seeing how many DNS patterns I could get public LLMs to generate. github.com/HackingLZ/saas…

OK I know no one uses it, but if you ever wondered exactly how it works, and what dmsa have to do with that, I just posted SSSO small deep dive 🙂 sapirxfed.com/2025/07/23/i-j…

Microsoft is bringing MFA for Kerberos authentication to AD domain controllers 👀 It's cheeky though to ask customers to open TCP port 1337 on domain controllers 🏴‍☠️😅 learn.microsoft.com/en-us/entra/gl…

🔥🔥🔥 Just one week until Shellter Elite v11.1 drops, bringing a new wave of enhancements. If you're after a loader that delivers unmatched reliability and stealth for beacon deployment against advanced EDRs—this is it. No hype, just results.

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

Hey everyone! Check out my @crowdcruit profile. I find it extremely useful, especially now that LinkedIn is starting to feel more like Facebook. crowdcruit.com/user/nickvourd

🚨 Critical #SharePoint zero-day (CVE-2025-53770) under active exploitation! 🔓 Unauthenticated RCE via unsafe deserialization 🌍 85+ servers breached — gov, edu & enterprise targets 🧰 Attackers steal MachineKey to forge __VIEWSTATE payloads 🛡️ Mitigation steps: • Patch ASAP •…

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…

UPDATE: You are vulnerable, no matter the version. No patch from MS as of now for the new CVE-2025-53770. Look for exploitation attempts and IOCs. Get them offline if possible until there is a solution. If you need to stay online stay on high alert and monitor closely. 1/2

🌆 Good evening! We’ve officially completed the talk evaluation process and have started emailing selected speakers! 🎤 If you haven’t received an acceptance email yet, don’t worry! We’re still working through the notifications, and everyone will hear back very soon. 🙌 #BSides

Windows Hello for Business – Past and Present Attacks, by @insinuator #TROOPERS25 insinuator.net/2025/06/window…

[BLOG] My thoughts (and code examples) for writing modular PIC C2 agents. rastamouse.me/modular-pic-c2…