😈 [ SpecterOps @SpecterOps ]

Introducing the BloodHound Query Library!

📚 https://queries.specterops.io/

@martinsohndk & @joeydreijer explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem.

🔗 https://specterops.io/blog/2025/06/17/introducing-the-bloodhound-query-library/

🐥 [ tweet ]

😈 [ Alex Neff @al3x_n3ff ]

Did you know that you can kerberoast without any valid credentials? All you need is an account that is ASREProastable.
This allows you to request service tickets for any account with a set SPN🔥

NetExec now has a native implementation of this technique, thanks to Azox

🐥 [ tweet ]

😈 [ Adam Chester 🏴‍☠️ @_xpn_ ]

My second blog post of the month is up. Nothing too crazy, this time I’m looking at the upcoming Windows Administrator Protection feature… How it works, what continues to work, and some reversing. Check it out (or not I’m not your mum!)

🔗 https://specterops.io/blog/2025/06/18/administrator-protection/

🐥 [ tweet ]

Успейте подать заявку на Pentest Award 2025 до 30 июня!

Это отраслевая награда для специалистов по тестированию на проникновение, которая проводится уже в третий раз. Основная задача премии — выделить лучших специалистов и показать их вклад в развитие российского пентеста.

Участие бесплатное, финалисты получат технику apple и максимальный почет сообщества этичных хакеров. Церемония награждения будет проходить 1 августа в Москве.

Заявка на премию — это рассказ о лучшем проекте в свободной форме. Не нужно раскрывать эксплоиты, любые шаги в цепочке эксплуатации могут быть полностью анонимны, а детали могут быть скрыты, важно отразить сам подход и идею.

Подать заявку и узнать больше информации можно на сайте — https://award.awillix.ru/

😈 [ Alex Neff @al3x_n3ff ]

Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥

🔗 https://github.com/NeffIsBack/wsuks

TL;DR:

If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network.

🐥 [ tweet ]

😈 [ Andrew @4ndr3w6S ]

Happy to finally share a new blog with @exploitph on our work revisiting the Kerberos Diamond Ticket.

✅ /opsec for a more genuine flow
✅ /ldap to populate the PAC
🆕 Forge a diamond service ticket using an ST

We finally gave it a proper cut 💎

🔗 https://www.huntress.com/blog/recutting-the-kerberos-diamond-ticket

🐥 [ tweet ]

😈 [ Charlie Bromberg « Shutdown » @_nwodtuhs ]

Python alternative to Mimikatz lsadump::dcshadow:

🔗 https://github.com/ShutdownRepo/dcshadow

🐥 [ tweet ]

😈 [ TrustedSec @TrustedSec ]

Chrome Remote Desktop can offer red teamers a subtle way to bypass restrictions—if they know how to use it. In this blog, @Oddvarmoe reveals a practical guide to repurposing Chrome Remote Desktop on red team operations. Read it now!

🔗 https://trustedsec.com/blog/abusing-chrome-remote-desktop-on-red-team-operations-a-practical-guide

🐥 [ tweet ]

Было и было, че бухтеть то

😈 [ Dave Cossa @G0ldenGunSec ]

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence.

🔗 https://www.ibm.com/think/x-force/identifying-abusing-azure-arc-for-hybrid-escalation-persistence

🐥 [ tweet ]

😈 [ Saad AHLA @d1rkmtr ]

Reversing and identifying the exact code that's detecting and preventing Mimikatz once dropped to disk.
Now you can take a look at it and understand how it's working.

🐥 [ tweet ]

😈 [ Elastic Security Labs @elasticseclabs ]

New research from our ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker:

🔗 https://www.elastic.co/security-labs/taking-shellter/

🐥 [ tweet ]