For almost a year, invisible password spraying could be performed against any #Azure tenant due to a vulnerability in #MicrosoftGraph . In our latest blog, nyxgeek walks us through how these attacks could have been carried out. Read it now! hubs.la/Q02vpTlN0

Here are a few recent (and fantastic) additions to the Ultimate WDAC Bypass List:

☑️ 'Intune Windows Agent bypass explanation' by Kim Oppalfens (MVP) ✖️
☑️' Harden Windows Security: WDAC Notes' by HotCakeX 🇮🇱

github.com/bohops/Ultimat…

This will be a fun event! Hope to see you there

Had to make a fancy label as well for my mead 😂😂

I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March.

If you are interested in getting credentials from LSASS without accessing its memory, check it out!
medium.com/specter-ops-po…

This will be a fun one! Heard so much great things about /ˈziːf-kɒn/ 🤩

Fun he says :)

As long as you tested EVERY single hardware model and BIOS combination, and have triple-checked that you have BitLocker recovery keys for EVERY machine in the environment, you MAY avoid a CLM :)

We are pleased to announce that we will now publish root cause data for all Microsoft CVEs using the Common Weakness Enumeration (CWE) industry standard. This standard will facilitate more effective community discussions about finding and mitigating these weaknesses in existing…

Another #LOLBAS milestone: 200 entries 💯💯

Recent additions:
🔥wbadmin (NTDS.dit dumping)
🔥winproj/msaccess (INetCache downloaders)
🔥appcert (proxy execution)
🔥tar (to/from ADS)
🔥te (arbitrary DLL loading)

Thanks Avihay Eldad, irEasty, Nir Chako & others for contributing

Anybody seen a writeup for a LPE TOCTOU in Windows where one of the issues was battling random temp files with a pattern? I am trying to find a writeup I believe I saw once, but cannot find it.

Can we shift the AI focus now from generating text/code/images to actually getting my house,clothes,car,dishes washed?

Curious about Intune's new EPM feature? So were we. In this blog Duane Michael and I explore the internals of EPM and share some interesting findings.
posts.specterops.io/getting-intune…

So much new awesomeness to lolbas from Wietze !

This made me laugh more than it should

😂

Question #ADExplorer fans, is there no way to do OR in the search UI? Seems it always defaults to AND when selecting multiple conditions.

Even gonna be so brave to tag Mark Russinovich 😱