Mike

Another example of a Windows 0-day found with PrivescCheck. Congrats to Compass Security for investigating the issue and exploiting it. 👏

blog.compass-security.com/2025/04/3-mi...

I got a chance to try out @Burp_Suite Burp AI, and it's... honestly really cool 😅 Video showcase where we cruise through a web app scan, crawl and audit, and it rips through findings including an explicit UNION SQL injection vulnerability and more 🤩 youtu.be/v-McepNOrTQ

Calling all relationship builders! 👋 We're looking for a Channel Account Manager to help grow our partner network for BloodHound Enterprise.

If you love connecting with VARs, distributors, & consultants, submit your application today: ghst.ly/3XYrzO4

New blog post 🤗

Think NTLM relay is a solved problem? Think again.

Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

GitHub - jfjallid/go-rpcclient: Interact with Windows RPC Services over SMB using go-smb Interact with Windows RPC Services over SMB using go-smb - jfjallid/go-rpcclient

New tool drop from jfjallid (not on this platform)

github.com/jfjallid/go-...

New day, new #BloodHoundBasics post!

DYK that BloodHound CE now supports deep linking? This week, we released early access support that goes beyond what the old back button offered! Go back (& forward), & share your current view of the graph w/ your fellow operators today!

1/2

Episode 130: Using Deception Technology to Detect Cyber Attacks - The Cyber Threat Perspective In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools…

🎤As they say, better late than never. Our latest episode is out now! Brought to you by linkedin.com/company/secu...

New HijackLoader Evasion Tactics | ThreatLabz Learn how HijackLoader has introduced call stack spoofing and new modules to improve its evasion and anti-analysis capabilities.

Zscaler has published a technical report on HijackLoader (IDAT Loader, GhostPulse) and its recent changes, such as its new call stack spoofing module, anti-VM module, and support for scheduled task persistence

www.zscaler.com/blogs/securi...

GitHub - atomicchonk/roadrecon_mcp_server: Claude MCP server to perform analysis on ROADrecon data Claude MCP server to perform analysis on ROADrecon data - atomicchonk/roadrecon_mcp_server

Spent the evening deep diving into MCPs and started a new project: roadrecon_mcp_server! This #MCP takes the web GUI output from the awesome ROADtools by @dirkjanm.io and offers tools to Claude (or your #AI agent of choice) to interact with the data:

github.com/atomicchonk/...

Looking forward to your vids.

Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security Bishop Fox's Alethe Denis deep dives into Red Teaming and social engineering—real-world stories, insights, and takeaways on offensive security.

Join @alethe.bsky.social for a behind-the-scenes look at real #RedTeam ops: successes, failures, and the lessons that could level up your security game. #cybersecurity

bishopfox.com/resources/re...

The Rise in EDR Killers: An Emerging Threat to Endpoint Security  | Binary Defense ThreatTalk Series The growing prevalence of EDR attacks has left organizations grappling with the destructive impact of threat actors infiltrating their systems. These attacks are frequently executed ...

🔒 Are your endpoint defenses prepared to counter EDR bypass techniques?  

Discover the latest tactics used by attackers and learn actionable countermeasures during Binary Defense's ThreatTalk webinar. Save your seat today: www.binarydefense.com/resources/we...
#Cybersecurity #ThreatTalk #EDR

Don't miss our next BloodHound Enterprise demo webinar, happening April 8! Register now to hear from Jacob Julian on why you should care about Attack Paths, and how BloodHound approaches identification and elimination.

Register ➡️ ghst.ly/apr-demo-bsky

Automatic browser SSO with a PRT on a victim device over an Outflank C2 implant 🥰 using ROADtools and some hackery from Max Grim.

A Sneaky Phish Just Grabbed my Mailchimp Mailing List You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish h...

Troy Hunt's mailing list got phished. Commiserations to him. If it can happen to Troy, it can probably happen to you.

www.troyhunt.com/a-sneaky-phi...

Fileless lateral movement with trapped COM objects | IBM New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.

- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...

[Webinar] Inside the 2025 Threat Detection Report Join the 2025 Red Canary Threat Detection Report’s authors as they explore the most important findings of the year. Don't miss this event!

Don't miss my teammates as they present the 2025 Red Canary Threat Detection Report tomorrow afternoon! This report is overwhelming with goodness, and they'll help you navigate it. 😀 redcanary.com/resources/we...

Ransomware groups have declared war on small business. It’s time we do the same to them.

Rust for Malware Development Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.

Rust is gaining traction in malware development—offering evasion advantages over C. Security Consultant Nick Cerne breaks down why, compares reverse engineering challenges, and builds a Rust-based dropper to stage Sliver.

bishopfox.com/blog/rust-fo...

Diversify Tech | Diversify Tech - Connecting marginalized folks in tech with career opportunities Get job opportunities from vetted companies in your inbox every week.

Hey all! NerdWallet is hiring for several Staff Software Engineer roles in US and Canada. They are all remote.

➡️ jobs.diversifytech.com

The WIRED Guide to Bluetooth We explain everything you need to know about Bluetooth, the long-standing wireless connectivity standard.

We explain everything you need to know about Bluetooth, the long-standing wireless connectivity standard.

Attackers see what you don't: paths between your cloud & on-prem systems.

Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB

Happy #BloodHoundBasics day! This week we are looking at how BloodHound classifies Tier Zero.

Q: Why is not just the DA group Tier Zero but also all members?
A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques.

1/8

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping.... Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon.

Hello Bluesky! We're live!👋 And so is our new release! Cobalt Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, a new prepend reflective loader with new evasive options, asynchronous BOFs, DNS over HTTPs and more!
cobaltstrike.com/blog/cobalt-...

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.

Malicious OAuth attacks are all the rage right now!

Ex 1 - www.bleepingcomputer.com/news/securit...

Ex 2 -

Last Week in Security (LWiS) - 2025-03-17 Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudyPB), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma.bsky.social/@ulldma@infosec.exchange), and more!

Evilginx Pro (@mrgretzky.breakdev.org ), Pre-auth RCE in a CMS (@chudypb.bsky.social), GOAD ADCS, YouTube email disclosure (@brutecat.com), SAML parser bug (ulldma.bsky.social), and more!

blog.badsectorlabs.com/last-week-in...

GitHub - decoder-it/KrbRelayEx-RPC Contribute to decoder-it/KrbRelayEx-RPC development by creating an account on GitHub.

KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
github.com/decoder-it/K...

A table that lists Microsoft RDWeb, Cisco ASA, SonicWall NetExtender, Fortinet SSL VPN, WatchGuard SSL VPN, Palo Alto GlobalProtect, and Cisco Gateway

The BlackBasta ransomware gang developed and used its own custom tool to brute-force enterprise firewalls and VPN remote-access products.

Named Bruted, the tool was written in PHP and could brute-force the following products (see image)

blog.eclecticiq.com/inside-brute...

The Rise in EDR Killers: An Emerging Threat to Endpoint Security  | Binary Defense ThreatTalk Series The growing prevalence of EDR Killer attacks has left organizations grappling with the destructive impact of threat actors infiltrating their systems. These attacks are frequently ex...

🔐 The threat of #EDR Killer attacks is rising quickly, leaving organizations exposed to sophisticated attacks.  

Join Binary Defense's #ThreatTalk to learn strategies that will keep your business ahead of threat actors. Secure your spot here👉: www.binarydefense.com/resources/we...
#Cybersecurity