DEF CON 32 Workshops are posted!

https://buff.ly/3zsJEKQ

Planning on going to DEF CON 32 this year? You need to read this before June 15th!

https://buff.ly/4efPCOY

Preventing DCSync Attacks is complicated! If you dig into the root vulnerability, you realize most posts miss some attack paths.
So, I wrote a blog post on digging into the details of the attack.

https://buff.ly/3xlPtZr

#AdHardening #CyberSecurity

The Active Directory Access Control List is one of the most confusing security risks I have ever encountered. So, I wrote up a blog to help others understand the AD ACL.

https://cybergladius.com/the-active-directory-access-control-list-explained/

#Windows #SystemAdmin #Cybersecurity #WindowsSucks

I just heard of the "Reanimate tombstones" permission in Active Directory. This sounds more like a DnD spell than a Windows permission. lol

If you're not cracking any of your captured LM/NTLM hashes, they might be corrupt. I have found that Python hash-dumping tools may output corrupted hashes. NtdsAudit will at least throw errors if the data is bad.
More here: https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
#RedTeam #CyberSecurity #HackPSA

Lolz.
#CyberSecurity

Simultaneous #RedTeaming and #BlueTeaming.
#pwnagotchi #MarauderESP32 #CyberSecurity

I really enjoyed this Pentesting story. The practical day-to-day challenge of being a pentester trying to break into a company with good security practices. Reading it reminded me of how stressed I felt a week into a pentest and still had not gotten a foothold; a little PTSD.

https://www.rapid7.com/blog/post/2023/08/31/pentales-what-its-like-on-the-red-team/

#RedTeam #CyberSecurity

@bosh I found it at "electromaker.io". I think they have like 20ish left.

Metasploit Updates
The release includes four new exploit modules for H2 database, Maltrail, RaspAP, and Greenshot, with varying CVE status and authentication requirements.
https://www.rapid7.com/blog/post/2023/08/18/metasploit-weekly-wrap-up-23/

Free virtual Blue Team Summit & Training, register soon. Starts August 23 @ 11:00 am EDT
https://www.antisyphontraining.com/event/blue-team-summit-2023/

WTF @microsoft! You're adding Python support to Excel!! Where APTs running out of other methods to break into our networks?

https://techcommunity.microsoft.com/t5/excel-blog/announcing-python-in-excel-combining-the-power-of-python-and-the/ba-p/3893439

#InfoSec #CyberSecurity #Microsoft #WTF

I have another helpful site for both #RedTeam & #BlueTeam. Trusted websites that can be misused in an attack.

"Living Off Trusted Sites (LOTS) Project"
https://lots-project.com/ (lots-project DOT com)

Found a great website that has detailed deep drives into malware and it's TTPs. Check it out.
https://thedfirreport.com/ (thedfirreport DOT com)

#DFIR #BlueTeam #InfoSec #CyberSecurity

Ok, where you at? #LookinForLoveInAllTheWrongPlaces #Defcon #defcon31

#defcon31 merch.

Tell me you're a Hacker, without telling me you're a Hacker.

#Defcon31 #RedTeam

I finally broke down and bought a #Jtagulator. Time to get some console access!!
#HardwareHacking #IoT #hackimg

Working on finding CVEs in some firmware I dumped, and I found this gem in the source code.
#LOL #CyberSecurity #SecureCode