🧵 Did you know that 90-95% of all service creations are benign and relatively simple to exclude from detection? Allow me to share some insights about per-user services and what we have recently discovered.

🧵 In the past few months our CI/CD secret extraction tool nord-stream was updated, here is a sum up of the new features:
- Azure DevOps AWS service connection secret extraction
- Azure DevOps AWS OIDC trust exploit to get AWS access tokens
github.com/synacktiv/nord…

Has anyone used AI for password cracking yet? Like “what is the clear text password of this hash: “

I’m sure someone has, just curious on the results.

Windows Authorization Guide by Carsten csandker.io/2018/06/14/AWi…

Great walkthrough on how AuthN works in Windows (& thus AD w/ a few caveats) explaining Security Descriptors, DACLs, SACLs, Integrity Checks (MIC), Privileges, UAC, and Access Tokens.

🔮NEW RCA!! A few hours after it was patched, TAG found an ITW exploit sample for CVE-2023-36802. Benoît analyzed it in detail ✨

googleprojectzero.github.io/0days-in-the-w…

curl CVE-2023-38545 can be used to partially control the SOCKS conversation. Given a hostname of:

h + PP + padding

Where h is a hostname, PP is a network order short representing a port, and the total length mod 256 is the length of h, this will result in a connection to h:PP

Linux on the desktop… 2024? ;)

Part 1B of our new #blog series by Megan and @4ndr3W6S is out now! Continue diving into Active Directory (AD) attribute-based detections as they complete stepping through the Hacker Recipes flow chart to identify where an adversary may be hiding.
hubs.la/Q0256Z7V0

🚨CVE-2023-35813 - Sitecore Remote Code Execution
discovered by CODE WHITE GmbH

CVSS Score - 9.8 | Severity : Critical

Nuclei Template : templates.nuclei.sh/public/CVE-202…

Reference: code-white.com/blog/exploitin…

#bugbounty #cve 2023 #sitecore #hackwithautomation #pdteam #cve

Our new #blog post by Megan and @4ndr3W6S takes a deep dive into how Active Directory (AD) attribute-based detections can be built and how to identify where an adversary may be hiding. Read the first of this 3-part series now!
hubs.la/Q024-06m0

First thing you should do is go follow Erica, because I swear to God she asks the best questions and won't give up until she gets the right answers

Second, stay calm and let's investigate ;)

Erica and I poked around at this a little, and hopefully this 🧵will help others too

Just learned this is a real thing… fmworldcup.com/excel-esports/…

NOLAsec died from COVID. Instead of fighting over the corpse, let live NOLAhackers. Modeled after NoVA Hackers we’re going to have technical cybersecurity meetups in New Orleans

Ordered and already reading. Looks like a fun read. Thanks! cc: Matt Hand / No Starch Press

What do you believe the most undervalued defensive tool or program is? I’ll go first:

OSQuery+Fleet

What is the maximum time a skills assessment should take outside of standard interview times (“take home test/assignment”)

Converting Tokens to Session Cookies for Outlook Web Application - Lares
labs.lares.com/owa-cap-bypass/

Leveraging VSCode Extensions for Initial Access - MDSec mdsec.co.uk/2023/08/levera…