Create local administrators with the SAMR API ✅Implemented in C#, Python, Rust or Crystal


https://github.com/ricardojoserf/AddUser-SAMR

There are two main password attacks leveraged by adversaries; one is called Password Spraying and the other is called Kerberoasting.

This post focuses on identifying accounts that may be targeted for Kerberoasting and how to harden the environment against Kerberoasting.

Password spraying involves the attacker using a list of passwords and for each password attempts to authenticate as each user using that one password. After working through all users with the first password, they move on to the next password in the list. Successful authentication is noted along the way as these are compromised accounts.


Kerberoasting is possible when an Active Directory account has a Kerberos Service Principal Name (SPN) associated with it. In order to enable Kerberos authentication for an application, the associated service account needs a SPN. Kerberoasting takes advantage of the fact that one can request a service ticket using the SPN associated with a target service account and take that Kerberos service ticket offline to attempt to crack it. Attackers are most likely to attempt Kerberoasting on the accounts with passwords that are about 5 years and older since they are more likely to have poor passwords, though attackers may just attempt kerberoasting all AD accounts that have SPNs.

For more information on how Kerberoasting works as well as detecting Kerberoasting. read this article: adsecurity.org/?p=3458

I wrote a short PowerShell script that identifies all accounts with SPNs as well as Active Directory admin accounts with SPNs (leverages the Active Directory PowerShell module):
github.com/PyroTek3/Misc/…

TO DO LIST:
1. Remove SPNs from AD Admin accounts associated with people since they shouldn't have any SPNs associated with them.

2. If the default domain administrator account is listed here, work to remove the SPN associated with it. This account should never have a SPN.

3. Remove SPNs from the other accounts associated with people since they shouldn't have any SPNs associated with them.

4. Identify service accounts identified as AD Admin accounts (those that are members of Administrators, Domain Admins, or Enterprise Admins). Remove accounts that don't belong and leave only those accounts that require these privileges (should be a minimal to 0 list of service accounts).

5. Identify the AD Admin accounts that have old passwords (> 5 years) and put together a plan to change those passwords, preferably with a password of >25 characters.

6. Identify the other accounts that have old passwords (> 5 years) and put together a plan to change those passwords, preferably with a password of >25 characters.

IMPORTANT NOTE:
Ignore the krbtgt account as this is required to be configured this way for AD Kerberos to work.
Do not modify the krbtgt account!

Russian state-sponsored threat group APT28 (aka Fancy Bear or UAC-0001) has launched a sophisticated espionage campaign targeting European military and government entities...

https://www.trellix.com/blogs/research/apt28-stealthy-campaign-leveraging-cve-2026-21509-cloud-c2/

meet https://www.track2pulse.com/
track2pulse enables you to monitor, via an interactive map, OSINT-driven intelligence streams aggregated from country-specific telegram channels, covering topics such as geopolitics, information warfare, domestic developments, and strategic shifts.

you can track:
-APT group activities targeting specific countries
-Terror-related fatality data and organizational intelligence
-Critical infrastructure across relevant geographic regions
-The Interpol wanted persons list
-War-related flights and aircraft movements (flight tracking)
-International arms trade flows between countries
-National intelligence insights and satellite imagery-based data
-cybersecurity incidents, including ransomware campaigns and threat reports

You can create a personalized profile and follow only the developments that align with your operational interests , all in real time, directly on the map interface.

Master Effective and Advanced Cybersecurity
Techniques to Safeguard Linux Networks and
Manage Enterprise-Level Network Services

Walkthrough of Espressif ESP32 firmware encryption bypass techniques (2024)

https://courk.cc/breaking-flash-encryption-of-espressif-parts

227 tips dedicated to red teaming, OPSEC, infrastructure, payloads, etc.

https://github.com/vysecurity/RedTips

Project Canard—the open source $96 Rocket that is a 3D-PRINTED MANPADS platform with $5 electronics that recalculates mid-air trajectory with off-the-shelf sensors and some piano wire.

It is potentially worrisome but a reality. Showing ingenuity of individuals.