Marc André Tanner

After some more tests and helpful community feedback I managed to successfully exploit the same testing device using the WinPE method. The blog post has been updated with a corresponding demonstration video.

21.07.2025 05:42 — 👍 1    🔁 0    💬 0    📌 0

Now merged into Certipy 5.0.2

18.05.2025 19:00 — 👍 2    🔁 0    💬 0    📌 0

Curious why I was rebooting random laptops?

Credit goes to Rairii for the original research and Thomas from @neodyme.io for the initial PoC.

13.05.2025 19:59 — 👍 4    🔁 0    💬 1    📌 0

SOCON swag

Last week I had a fantastic experience at @specterops.bsky.social's #SOCON2025 and subsequent IDOT training. It was a great opportunity to get in touch with leading experts. Apparently I also bugged them enough to merge my small BloodHound contribution. github.com/SpecterOps/B...

11.04.2025 18:12 — 👍 8    🔁 1    💬 0    📌 0

Force recent MFA login by victim by martanne · Pull Request #5 · CompassSecurity/TokenPhisher This adds the ngcmfa claim when initiating the device code flow. The underlying request should be identical to what Dirk-jan eventually implemented for roadtx auth --device-code --force-ngcmfa ... ...

TokenPhisher now forces recent MFA logins from victims which comes in handy when emulating these device code phishing tactics: github.com/CompassSecur...

17.02.2025 09:00 — 👍 1    🔁 0    💬 0    📌 0

Storm-2372 conducts device code phishing campaign | Microsoft Security Blog Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...

www.microsoft.com/en-us/securi...

17.02.2025 08:59 — 👍 1    🔁 0    💬 1    📌 0

Avoid LDAP monitoring by leveraging local registry data with certipy parse! Check out our latest pull request and read Marc Tanner’s (@brain-dump.org) blog post: blog.compass-security.com/2025/02/stea...

11.02.2025 12:28 — 👍 7    🔁 4    💬 0    📌 1