RedTeam Pentesting's Avatar

RedTeam Pentesting

@redteam-pentesting.de.bsky.social

Account for RedTeam Pentesting GmbH Imprint: https://redteam-pentesting.de/imprint/

36 Followers  |  48 Following  |  12 Posts  |  Joined: 03.06.2025  |  1.5868

Latest posts by redteam-pentesting.de on Bluesky

Screenshot of the XSS Lab web application showing the leaderboard.

Screenshot of the XSS Lab web application showing the leaderboard.

We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard πŸ†
#rwth #informatik #aachen

17.06.2025 09:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Based on our testing, MS seems to have fixed CVE-2025-33073 by blocking the CredUnmarshalTargetInfo/CREDENTIAL_TARGET_INFORMATIONW trick!
@tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity

bsky.app/profile/redt...

11.06.2025 10:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

πŸ‘€ We have also released a paper which really goes into the nitty-gritty for those who are interested πŸ•΅οΈβ€β™€οΈ:
www.redteam-pentesting.de/publications...

For those that only need a short overview, here's our advisory 🚨:
www.redteam-pentesting.de/advisories/r...

11.06.2025 08:04 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
A Look in the Mirror - The Reflective Kerberos Relay Attack It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While rese...

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:

πŸͺžThe Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...

11.06.2025 08:04 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 1    πŸ“Œ 2

We are referencing CVE-2025-33073: Windows SMB Client Elevation of Privilege Vulnerability (when we sent the tweet, the title was not public, yet)

11.06.2025 05:43 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Ultimate Guide to Windows Coercion Techniques in 2025 Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...

πŸ“° We can recommend last week's blog post about Windows authentication coercion πŸ”‘πŸ”« as preparation for the upcoming post:
blog.redteam-pentesting.de/2025/windows...

10.06.2025 13:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon.

Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST πŸ”₯

10.06.2025 13:14 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
smbserver.py: add signing support by using computer account with NetLogon by rtpt-romankarwacik Β· Pull Request #1975 Β· fortra/impacket This pull requests adds the option to support signing for arbitrary clients in a domain. Most of the NetLogon code is based on this gist by @ThePirateWhoSmellsOfSunflowers. To use this functionalit...

Newer Windows clients often enforce signing ✍️ when using SMB fileshares.
To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.​py based on a prior work by @lowercasedrm.bsky.social .

github.com/fortra/impac...

05.06.2025 08:13 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We also used modified sploutchy's RPC server for impacket's ntlmrelayx.py to also provide a generic endpoint mapper (EPM) to abuse PrinterBug on newer versions of Windows 11.

github.com/fortra/impac...

04.06.2025 07:57 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Add efsr_spray module by rtpt-romankarwacik Β· Pull Request #718 Β· Pennyw0rth/NetExec Description Since Windows 11 23H2 the EFS service is only activated on demand. One ways to activate it is to write an encrypted file to a share on the respective device. This module automates this ...

And this is our pull request to NetExec which adds efsr_spray which can re-enable EFSR/PetitPotam on up-to-date Windows 11 hosts 🀯 if they have a writeable share:

github.com/Pennyw0rth/N...

04.06.2025 07:57 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub - RedTeamPentesting/wspcoerce: wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP - RedTeamPentesting/wspcoerce

πŸ”₯ We also released an cross-platform implementation of WSPCoerce in Python, which should work against all Windows clients:

github.com/RedTeamPente...

04.06.2025 07:57 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
The Ultimate Guide to Windows Coercion Techniques in 2025 Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...

πŸŽ‰ It is finally time for a new blog post!

Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨
#infosecsky #infosec #pentests #redteam #cybersky #cybersecurity

blog.redteam-pentesting.de/2025/windows...

04.06.2025 07:57 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

@redteam-pentesting.de is following 20 prominent accounts