Lateral Movement: Abuse the Power of DCOM Excel Application
#specterops

via SpecterOps Team Medium (author: Raj Patel)

😈 [ Almond OffSec @AlmondOffSec ]

Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries.

🔗 https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments.html

🐥 [ tweet ]

On Detection: Tactical to Functional
#specterops

via SpecterOps Team Medium (author: Jared Atkinson)

Reflecting on a Year with Fortra and Next Steps for Outflank
#outflank

When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rationale for investing time into this toolset. In 2022, we joined forces with Fortra and we can hardly believe it’s been over a year already. It was a big decision to go from being a small team of red teamers to becoming part of a large company, but we’re very pleased with the switch. In this reflection on the past 12 months, we want to provide an update on our mission, detail our continued dedication to OST, discuss the process of growing the Outflank community, and touch on where we’re headed next.

A Product Oriented Focus

One of our biggest challenges when we joined Fortra was the decision to put most of our energy into Outflank Security Tooling (OST).

via Outflank Blog (author: Marc Smeets)

Domain of Thrones: Part II
#specterops

via SpecterOps Team Medium (author: Joshua Prager)

systemd hardening made easy with SHH
#synacktiv

via Synacktiv Blog (author: Maxime Desbrus)

Phishing With Dynamite
#specterops

via SpecterOps Team Medium (author: Forrest Kasler)

Lateral Movement without Lateral Movement (Brought to you by ConfigMgr)
#specterops

via SpecterOps Team Medium (author: Diego lomellini)

Abusing Slack for Offensive Operations: Part 2
#specterops

via SpecterOps Team Medium (author: Matt Creel)

Top C&C Methods

https://redteamrecipe.com/C2C-Methods/

Introducing Bambdas
#portswigger

You've might have heard of Lambdas. But have you heard of Bambdas? They're a unique new way to customize Burp Suite directly from the UI, using only small snippets of Java. Changing the face of Burp Suite

via PortSwigger Blog

On Detection: Tactical to Functional
#specterops

via SpecterOps Team Medium (author: Jared Atkinson)

Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
#specterops

via SpecterOps Team Medium (author: Russel Van Tuyl)

Magento Template Engine, a story of CVE-2022-24086
#synacktiv

via Synacktiv Blog (author: Antoine Gicquel)

How to voltage fault injection
#synacktiv

via Synacktiv Blog (author: Théo Gordyjan)

Pcapan: a PCAP analysis helper
#synacktiv

via Synacktiv Blog (author: Simon Marechal)

Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
#specterops

via SpecterOps Team Medium (author: Cody Thomas)

It's Turtles All The Way Down
#objectivesee

Yet more ransomware targeting macOS! In this post we analyze the newly discovered "Turtle" ransomware and provide both a decryptor and a method to procactively thwart it.

via Objective-See Blog

The SOCKS We Have at Home
#trustedsec

When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when…

via TrustedSec Blog (author: Esteban Rodriguez)

Blind CSS Exfiltration: exfiltrate unknown web pages
#portswigger

This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I

via PortSwigger Research

Using ntdissector to extract secrets from ADAM NTDS files
#synacktiv

via Synacktiv Blog (author: Julien Legras)