Why it is difficult to say what a tool does? 🤔 In Part 16 of his On Detection blog series, Jared Atkinson unpacks two examples demonstrating this problem and why it exists. ghst.ly/3C9uA6u

Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...

Two new modules for MSSQL on NXC, thanks to the contributions of @lodos2005.bsky.social and @adamkadaban.bsky.social 🔥 - rid-brute from mssql - mssql_coerce from mssql github.com/Pennyw0rth/N...

Interesting blog post from Synacktiv on relaying kerberos over smb (based on the work of @decoder-it.bsky.social and @tiraniddo.bsky.social ) www.synacktiv.com/publications...

Hey folks! Just wanted to let you know we're (we being my company in this case) doing an open webinar on "CVEs of SSH", led by Dan Murray. It will happen this Thursday 8pm CET. If you're interested, check out hexarcana.ch/workshops/cv...

LOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations. lolesxi-project.github.io/LOLESXi/ #infosec #pentest #redteam #blueteam