Red team operator @MDSecLabs, former bootneck.
Joined June 2015
- Tweets 1,298
- Following 238
- Followers 1,642
- Likes 2,090
New Blog! Get it while it's hot! This technique is still evolving. Always a fun vector. blackhillsinfosec.com/dynami…
6
91
8
218
It's happened, finally, for the first time in my career, a monumental occasion.
.....
I've started reporting on a job from the beginning. What a time to be alive.
8
1
23
Getting old fucking sucks.
I've lifted since I was 14, with questionable technique - never been injured.
I've been blown up (more than once), shot at, fallen off cliffs - not a scratch.
This morning I slightly stretched to grab something and threw my back out. FML
5
28
Tim retweeted
We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploiti… by @domchell
10
444
25
871
Tim retweeted
I wrote an article on how to bypass VPN compliance checks. It's based on PaloAlto VPN but the approach can be applied for other VPN.
Process exploration, reverse engineering, step by step explanation !
Thank to @iansus et @th3m4ks for the review !
riskinsight-wavestone.com/en…
4
73
1
189
Tim retweeted
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
research.ifcr.dk/pass-the-ch…
36
714
21
1,771
First year @MDSecLabs wrapped up, what a blast it's been. Great team, tough (but awesome) clients, some blinding gigs, couldn't ask for more.
1
2
30
Tim retweeted
After being asked for it a few times in DMs, I decided to just publish my ptrace-less injector for x64 Linux
github.com/namazso/linux_inj…
(via @namazso@mastodon.cloud)
6
92
2
259
I've seen snippets of Outflanks OST offering and it looks amazing. Not exactly a surprise
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. ⬇️ (1/3)
Show this thread
2
10
Try red teaming a Finnish bank as a non-native speaker.... Where every group, user, computer etc looks like "verkkotunnuksen järjestelmänvalvojat"
10
32
249
Tim retweeted
Actually I know exactly how - and while I cant say publicly due to behind the scenes action, its shady af
1
Tim retweeted
In response to the numerous enquiries we've received regarding distribution of Nighthawk, we've just pushed the following post: "Nighthawk: With Great Power Comes Great Responsibility" mdsec.co.uk/2022/11/nighthaw…
3
27
2
73
GIF
Tim retweeted
What's ironic here though, is that @proofpoint document some unpublished techniques which will now no doubt be deployed by TAs in their c2s, while at same time saying NH not known to be used by TAs 😆 Proper FUD mongering by sec co selling sec solutions 🙄
3
2
16
It genuinely confuses me why our industry is so insistent on using mitre. If you have control over your org's budget and want to choose an EDR, talk to your preferred red team vendor, MITRE evals are the last place you should look.
TL;DR of ATT&CK MSSP Evals: MSSPs built CTF teams to compete against each other and thus is no reflection of monitoring reality.
4
4
1
12
