Steve Borosh

Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0

Could have taken a rest day. Glad I didn't.

Very proud of my brother, soon to be touring Australia again with John Schumann. indailysa.com.au/inreview/music…

EDR-on-EDR Violence 1/🧵 @BushidoToken called out that EDR products were being abused by threat actors. @Shammahwoods & I realized a free trial of an attacker controlled EDR can be used to kill the existing EDR. @techspence @UK_Daniel_Card @Jhaddix github.com/CroodSolutions…

Microsoft is bringing MFA for Kerberos authentication to AD domain controllers 👀 It's cheeky though to ask customers to open TCP port 1337 on domain controllers 🏴‍☠️😅 learn.microsoft.com/en-us/entra/gl…

"Out with the Owls, up with the eagles."

Disappointing red team affirmations

🚨Data leak alert ‼️ Recently exploded in popularity, the Tea app had its user database exposed. The app aims to provide a space for women to exchange information about men in order to stay safe, similar to ‘Are We Dating the Same Guy? ’ Facebook groups.🧵

WE HEARD YOU: We doubled the order of our 40th anniversary b33r cups. 💋 ‼️1,200 CUPS‼️- Each one will be filled with free beer at the PHRACK PARTY @ WHY2025. (design by the amazing boekenwuurm)

Oof #dataleak #vibecoding

Lat growth proven by shirt busting open

My first @SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. specterops.io/blog/2025/07/2…

UNC512 targeted a Ukrainian drone operator using a phishing doc + missed calls to trigger a custom malware chain. From Google Forms to GitHub, this was frontline cyber espionage. Watch the full CYBERWARCON 2024 talk w/ Dan Black + Anton Prokopenko youtube.com/watch?v=0DMSkv…

One of the hardest things mentally I've done this year is committing to say no. Coming into 2025, I was hitting a wall and decided: No talks, no conferences, no after hours research unless necessary, and selectively saying yes to people who need my help. I finally feel recharged!…

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

Piastri goes quickest in practice ahead of #F1Sprint qualifying at Spa 🇧🇪 #F1 #BelgianGP | Full FP1 report ⤵️ f1.com/BEL25_FP1

Always protein before coffee.

Fire Ant: A Deep-Dive into Hypervisor-Level Espionage | sygnia.co/blog/fire-ant-… @sygnia_labs

The Sun is the source of ~100% of energy. Everything else is just crumbs. x.com/i/grok/share/y…

Must be a pool on the roof..