Recently, I wrote a write-up for the vulnerable machine from #VulNyx called Controler. It’s a medium-level #Windows machine. #Enumeration begins with the Kerberos account, which I use to gain initial system access. Through further Active Directory enumeration, I #exploit replication rights, ultimately extracting the Domain Administrator’s password hash and gaining full administrative control.

Solving this machine took me some time, but I learned a lot. I touched on new tools like #BloodHound, delved a bit deeper into Active Directory, and, in general, kept my #pentesting skills in check.

If you are starting in #cybersecurity, I would definitely recommend checking some VMs from VulNyx.

https://medium.com/@thecybercraft/vulnyx-controler-writeup-b9ada8e12fdd

🚨 New research & tool release: OID-See - Giving Your OAuth Apps the Side-Eye

OAuth risk in Entra isn’t a table problem.
It’s a relationship problem.

After spending far too long staring at consent screens, Graph responses, and metadata that technically tells the truth while still being wildly misleading, I ended up building something I couldn’t find anywhere else:

OID-See - essentially BloodHound for OAuth in Entra.

It maps:
• OAuth apps & service principals
• Delegated scopes and app permissions
• Consent, assignments, and reachability
• Trust signals (and trust illusions)
• Persistence and impersonation paths

…into a graph-backed analysis model that lets you reason about what an app can actually become when chained, not just whether it looks risky in isolation.

Why this exists

I kept running into the same issues:
• “Verified publisher” isn’t always the signal we think it is
• Microsoft-shaped metadata can lull defenders into false trust
• offline_access ≠ impersonation, but does equal persistence
• Apps without assignment requirements are exposed by default
• Spreadsheets hide abuse paths - graphs expose them

So I stopped trying to answer “is this app bad?”
and started asking “what does this enable if it’s abused?”

What OID-See is (and isn’t)

✅ Graph-only by default (no token scraping, no SaaS, no data exfil)
✅ You run it yourself, get a JSON, analyse it locally
✅ Explainable scoring, externalised logic, no magic
❌ Not a CSPM replacement
❌ Not an EDR, SWG, or token replay tool

It’s about clarity, not control theatre.

📖 Blog (deep dive, philosophy, and war stories):
👉 https://cirriustech.co.uk/blog/oidsee/

🧰 Tool & source (v1.0.0):
👉 https://github.com/OID-See/OID-See/tree/v1.0.0

If you’re an Entra admin, cloud security engineer, or anyone who’s ever said
“it’s just a harmless SSO integration” - this one’s for you.

And yes… the name is intentional.
You probably should be giving your OAuth apps the side-eye. 👀

#Entra #AzureAD #OAuth #OIDC #IdentitySecurity #SecurityResearch #AttackSurface #Graph #BloodHound #OIDSee

Rook: Exodus #9 Review
Arachnid Takes Over With Terrifying Power

Brooooo… lean in real close because this one right here? This Rook: Exodus #9 joint is straight up WILD. I’m talkin’ “call your cousins, grab the popcorn, brace your soul” wild. Geoff Johns and Jason Fabok...
https://comiccrusaders.com/comic-books/rook-exodus-9-review-arachnid-al-mega-style/
#Arachnid #Bloodhound #Comic Review #GEOFF JOHNS #ghost machine #horror comics #Image Comics #JASON FABOK #Rook Exodus #Stag #Warden helmets

The Guardian: ‘Are they going to eat me alive?’: trail runners become prey in newest form of hunting

"...Would you like to be chased by a pack of hounds? It’s a question often put to highlight the cruelty of hunting, because the answer would seem to be no. Or so you would think.

Yet increasing numbers of people are volunteering to be chased across the countryside by baying bloodhounds in what could soon be the only legal way to hunt with dogs in England and Wales, rather than pursuing animals or their scents...."

#trailrunning #sports #bloodhound #hunting

https://www.theguardian.com/uk-news/2025/nov/15/are-they-going-to-eat-me-alive-trail-runners-become-prey-in-newest-form-of-hunting

🔥 New tool drop: BloodHound-AutoConfig

Stop manually finding Domain Controllers in huge Nmap scans.

✅ Parse 1000+ IPs instantly
✅ Auto-generate BloodHound commands
✅ Multi-domain support
✅ JSON export for automation

Built for red teamers & pentesters.

🔗 https://github.com/jeevadark/bloodhound-autoconfig

Python | MIT License | No dependencies

#InfoSec #RedTeam #BloodHound #PenTesting #CyberSecurity #OpenSource #OSCP #securityengineers

🎙️ Mathieu Saulnier sur BloodHound v8 et OpenGraph !
Au menu : chemins d'attaque au-delà d'Active Directory, collecteurs pour One Password/Snowflake/Jamf, et un cas réel édifiant où 60 000 utilisateurs pouvaient devenir admin du domaine en 3 étapes.
"Les attaquants pensent en graphe, les défenseurs en liste" - visualiser change tout.

🎧 Web: https://polysecure.ca/posts/episode-0x640.html#6376abac
🎧 Spotify: https://open.spotify.com/episode/7fYu0AFoC2R2hJYU06IXDs?si=mSQPJjRDRkKt0anYBxNmvA
🎧 YouTube: https://youtu.be/zzoFVuK2GzQ

#Cybersécurité #BloodHound #InfoSec #ThreatHunting

My Roof is on fire

lül

https://youtu.be/zEtV7PUrvPs?si=00IcmETvQqDh7uPe

#Bloodhound #Gang

LudusHound: Raising BloodHound Attack Paths to Life: https://specterops.io/blog/2025/07/14/ludushound-raising-bloodhound-attack-paths-to-life/

#ludus #bloodhound #activedirectory