LuemmelSec

@[email protected]
444 Followers
243 Following
10 Posts

Husband, Father, IT-Guy, Security-Noob
I have opinions :)

Blog: http://bit.ly/3r0UFL7
GitHub: http://bit.ly/2QNz5rV

LuemmelSecJan 29, 2023

It took some time, but now it's here:

๐—ด๐—ฎ๐˜†๐—น๐—ผ๐—ฟ๐—ฑ ๐—  ๐—™๐—ข๐—–๐—ธ๐—ฒ๐—ฟ - ๐—ฟ๐—ฒ๐—ฎ๐—ฑ๐˜† ๐˜๐—ผ ๐—ฝ๐˜„๐—ป ๐˜†๐—ผ๐˜‚๐—ฟ ๐— ๐—œ๐—™๐—”๐—ฅ๐—˜ ๐˜๐—ฎ๐—ด๐˜€
https://luemmelsec.github.io/gaylord-M-FOCker-ready-to-pwn-your-MIFARE-tags/

RFID / NFC blog with all the basics, tools & attacks
Get your Flipper&Proxmark ready to pwn!

#nfc #rfid #proxmark3 #flipperzero

LuemmelSec - Blog

Hello everyone and a happy new year (well, aparently you can see how long it took me to finish this masterpiece :) ). This time we will low dive a little into the world of RFID and NFC. Did you ever want to scare the shit out of your customer in regards to the security of his door locking system? Do you think it is cool to open gates with a Flipper Zero? You like yourself some close combat Red Teaming? Get your Flipper Zero and Proxmarks ready and follow along, as we cover some basics and carry out a variety of attacks. As this is absolute uncharted territory for me, this will (like almost always) be very beginner friendly.

LuemmelSecDec 17, 2022

Sailing Past Security Measures In AD - My blogpost about bypassing AV / EDR:

https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD/

#pentest #redteam #avbypass #edrbypass #activedirectory #ad

LuemmelSec - Blog

Today weยดre going to talk a little about possible ways to circumvent some of the security measures one might face during an engagement in an Active Directory environment. We as pentesters are heavily relying on our tools like Bloodhound, Rubeus, mimikatz and all the other fancy stuff. Be it for an internal assessment or a Red Team campaign. But the Blue Team is not at sleep, trying to keep the bad guys outside with their newest AI machine learning cyber tools.

LuemmelSecNov 27, 2022

Next blog post:
Everything SMTP. Get the mail goodness here:

https://luemmelsec.github.io/Pentest-Everything-SMTP/

#pentest #pentesting #smtp #mail #redteamtips #redteam

LuemmelSec - Blog

In this blog-post I am trying to demystify SMTP (at least for myself). What exactly is it used for? What parties are involved? What about authentication and when? What attack surfaces are you opening with incorrect settings? As you may have read in the other posts, I will most likely try to reflect my knowledge on specific topics or work on certain problems I face (mainly during work), where these blog-posts are aimed to help me. This time itยดs all about SMTP in regards of possible attacks and countermeasures, all from the point of view of an external attacker.

LuemmelSecNov 19, 2022
This is my account on Twitter - https://twitter.com/theluemmel - verified by https://Twittodon.com
LuemmelSecNov 19, 2022

Fetch Defender exclusions from Intune managed devices as non-admin user:

Export management log files
Extract cab file
Review MDMDiagHtmlReport.html
Search for "Excluded Processes" and "Excluded Paths"

Cherio
#pentest #redteam #thankmelater

LuemmelSecNov 13, 2022

Hey everyone, and hello from Mastodon. Not sure if this will work out at the end, but let's give it a try.

Going to share some of my blog posts.

First goes a closer look to AS_REP and Kerberoasting.

Enjoy:
https://luemmelsec.github.io/Kerberoasting-VS-AS-REP-Roasting/

#pentesting #redteam #activedirectory #ad #kerberos

LuemmelSec - Blog

Recently my team had a discussion about what the exact difference between AS_REP Roasting and Kerberoasting is. As we were short of time, we did not come to a concrete answer and were also not able to find an article that explains it in short. I am neither a professional with years of experience nor a Kerberos guru. So if you are looking for a complex deep-dive, feel free to move along. Credits to: Allagarยดs Art