Taking them to the SHITTER: an analysis of vendor abuse of security research in-the-wild
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
To exploit BadSuccessor there are only two requirements:
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
Thank you for your continuous contribution and such a great support! Mythic is Awesome!
16.04.2025 09:43 β π 2 π 0 π¬ 0 π 0
Post-ex Weaponization: An Oral History
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
The S is for Security. How to use WinRMS as a solid NTLM relay target, and why itβs less secure than WinRM over HTTP.
writeup: sensepost.com/blog/2025/is...
PR to impacket:
github.com/fortra/impac...
Demo: youtu.be/3mG2Ouu3Umk
Imagine a discipline called Breach Intelligence. Instead of describing breaches as tools+actors, we use root-cause analysis to dissect the attack path, identify contrib factor issues, and their mitigations. And, aggregate data about which compensating controls (security products) failed
15.03.2025 03:57 β π 8 π 2 π¬ 1 π 0