🚨Nextcloud was vulnerable to XSS in PDF.js (CVE-2024-4367) found by Thomas Rinsma at CodeanIO. Although Nextcloud mitigated the vulnerability in their portal by disabling eval, the viewer.html component of the vulnerable PDF.js was still exposed. www.redteam-pentesting.de/en/advisorie...

Haix-la-Chapelle 2025 is over! 128 teams submitted at least one flag, 270 correct flags were submitted, and 589 drinks consumed. The winners are: 🥇 Team tjcsc with 3165 points 🥈Team THEM?! with 2665 points 🥉Team IT-Security Club with 2087 points Thanks to all participants, see you next year!

By popular demand, registrations for Haix-la-Chapelle are now open! Register your account here: haix-la-chapelle.eu/register If you experience any issues, open a support ticket on our discord: discord.gg/ASYqv7N2Rj

It's hard hosting a new CTF #haix25

Just 10 days left until our first CTF, Haix-la-Chapelle, starts! We have been hard at work and are excited to have you play our challenges 👀 CTF starts at 10am CET on 29th November with prizes sponsored by our lovely sponsors @redteam-pentesting.de and @binary.ninja

🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29! We're sponsoring the prize money for the best writeups and are excited to see your creative solutions. haix-la-chapelle.eu

🚨8 months after public disclosure, RHEL @almalinux.org @rockylinux.org are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!

So CVE-2025-33073 (Reflective Kerberos Relay) has been added to CISA KEV. In the original writeup, SMB Signing (server-side) is listed as a mitigation for this vulnerability. HOWEVER... blog.redteam-pentesting.de/2025/reflect...

We are happy to announce that we will be hosting our first ever CTF, Haix-la-Chapelle 2025, on the 29th of November! It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours. You can find the CTFTime event at ctftime.org/event/2951 See you there!

👀 Turns out MS-EVEN can do a lot more than NULL auth: In addition to leaking environment variables, it is possible to coerce authentication from arbitrary logged on users* 🤯 *If you are willing to trigger Windows Defender.

We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard 🏆 #rwth #informatik #aachen

Based on our testing, MS seems to have fixed CVE-2025-33073 by blocking the CredUnmarshalTargetInfo/CREDENTIAL_TARGET_INFORMATIONW trick! @tiraniddo.dev @decoder-it.bsky.social @synacktiv.com #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity bsky.app/profile/redt...

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: blog.redteam-pentesting.de/2025/reflect...

🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon. Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥

Newer Windows clients often enforce signing ✍️ when using SMB fileshares. To quickly deploy an SMB server with signing supported we implemented this in impacket's smbserver.​py based on a prior work by @lowercasedrm.bsky.social . github.com/fortra/impac...

🎉 It is finally time for a new blog post! Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨ #infosecsky #infosec #pentests #redteam #cybersky #cybersecurity blog.redteam-pentesting.de/2025/windows...