I published a blog looking at credential configuration for some SCCM features, along with a discussion on how these should be configured to reduce their attack surface at I hope that admins can use this to proactively prevent some of the attacks possible!

@st3ff3n_com Followed you; go for it :)

@_xpn_ @0xcsandker I've always wanted to be able to do this over a Beacon... Keen to play with it! Thanks Adam :D

RT @_xpn_: New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA ove…

RT @lauriewired: Amateurs obsess over tools, pros over mastery. It's an easy trap to fall into. I'm asked constantly: "what's the best de…

RT @_markel___: Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root…

RT @asymmetric_re: New blog post: Evmos Precompile State Commit Infinite Mint. A critical vulnerability in EVM state commits during precom…

RT @orange_8361: Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues!

RT @taviso: This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags thou…

RT @_Mayyhem: Check out this blog from Marshall Price @GuidePointSec with detailed instructions for post-takeover remote code execution on…

RT @NathanMcNulty: I am so excited to see this announced! This solution brings Conditional Access to Kerberos authentication, which means…

Latest blog from MWR; some analysis breaking down considerations for phishing with macros (with macro execution disabled and MOTW docs being blocked):

RT @realhashbreaker: Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDh…

RT @0x64616e: Lateral movement as unprivileged user via Remote Registry now in Impacket

RT @SquidgeRugby: One week ago, Siya Kolisi's immortals became just the second side to ever retain the Rugby World Cup. So, how did they do…

RT @HTTP418InfoSec: These attacks are from tooling and guides shared by @_Mayyhem, @garrfoster, @_xpn_, @Raiona_ZA and @DiLomSec1. @vendet…

RT @HTTP418InfoSec: I have just written a post ( summarising the various published SCCM attacks, from PXE enumerati…

@theluemmel Thanks for the shout out :) I would expect that the tool would better on Windows thanks to the crypto libraries I'm using, but strange that option 5 would bail on Linux; pretty sure I first developed that code on Linux 😅; will put it on the list of things I need to check out...

RT @theluemmel: Another quick tip for your next SCCM pentest with @Raiona_ZA's use it on a Windows box. It failed…

RT @BHinfoSecurity: Hey folks! In this 1-hour, Black Hills Information Security (BHIS) webcast, Gabriel Prudhomme will cover various SCCM…

First of a series we are starting looking at the anatomy of consent phishing attacks in the wild; have a look here if you are interested in finding out more :)