NFS has not received much attention of the offensive security community in nearly a decade. Today, we are happy to share our research on the topic: I'll give you a short overview in this thread 🧵 (1/5) #redteam #pentest

RT @podalirius_: 🚀 New Tool Release: DescribeNTSecurityDescriptor 🚀 Analyzing Windows NT Security Descriptors can be a headache. I built…

RT @0xBoku: 🔪Open-sourcing 💀StringReaper BOF! I've had great success in engagements carving credentials out of remote process memory with…

RT @Oddvarmoe: Not sure if this is useful but created a script to dump certificate template information to a text file from an ADExplorer d…

RT @0x64616e: NTLM Relaying with DCOM cross-session activation over an external OXID resolver. This variant has the advantage over regular…

RT @SkelSec: @lpha3ch0 @techspence @michael_eder_ AI Agent finds secrets on fileshares. Launches scan (after parametrization), waits for s…

@SkelSec HTTP services. All appliances and hardware stuff, IP cameras, power supply, tomcat,... Everything having a web interface

@SkelSec Find default login credentials to $screenshot

RT @SpecterOps: Introducing Forge 🔥 – the first “Command Augmentation” container for Mythic! Check out @its_a_feature_'s latest blog post…

RT @SkelSec: Dabbling in AI agents recently. Using @huggingface 's smolagent module and the result was quite surprising. Below a video of m…

RT @AirbusSecLab: We’re glad to announce we released Soxy!🚀 A Rust-powered suite of services for Citrix, VMware Horizon & Windows RDP. Red…

RT @RedTeamPT: 🥳 pretender has just passed 1000 GitHub stars⭐️ What better way to celebrate than releasing a big update with new features a…

RT @RedTeamPT: The LLMNR response name spoofing pioneered by @tiraniddo and @Synacktiv does not seem to work with mDNS & NetBIOS 😢 But gues…

RT @ADAllTheTime: Delegated Managed Service Accounts (dMSA) are new in Server 2025 and solve a really important problem... We can migrate…

RT @OtterHacker: If the first thing you do when you compromise a MSSQL server is to check for xp_cmdshell, you might want to read this...…

RT @mpgn_x64: imo way to complicated to extract the ntds, once you got a user with backup privilege group just do: 1⃣ nxc smb dc -u user…

@OtterHacker @zux0x3a How far have you been able to go with the sleep to keep impacked for example happy?

@mcohmi @SkelSec @ly4k_ We wanted to make it public but getting stuff polished always fell short and we also wanted to do some testing first. I'll try to revive the efforts if there's actual interest, it definitely works 😅

RT @mcohmi: Red team/pentest tools gotta stop using ldap3 and start using msldap from @SkelSec