RedTeam Pentesting

@RedTeamPentesting
89 Followers
34 Following
38 Posts
Official RedTeam Pentesting GmbH account
Homepagehttps://www.redteam-pentesting.de
Jobshttps://jobs.redteam-pentesting.de
Bloghttps://blog.redteam-pentesting.de
Impressumhttps://redteam-pentesting.de/imprint/
RedTeam PentestingJan 30

Our tool for KeyCredentialLinks and Shadow Credential attacks keycred now works with updated domain controllers again!

It turns out, Microsoft violated their own specs.

Try it out: https://github.com/RedTeamPentesting/keycred/
#infosec #security

RedTeam PentestingNov 13
🚨8 months after public disclosure, RHEL, @almalinux and @rockylinux are still vulnerable for a Ghostscript RCE with a reliable public exploit (CVE-2025-27835 and others)! It can be triggered by opening LibreOffice docs or through a server that uses ImageMagick for file conversion!
Show threadRedTeam PentestingAug 19, 2025

Another interesting tidbit was that the share path can contain environment variables, which are expanded by the host.

This could reveal system level variables, which could be interesting in some configurations.

Show threadRedTeam PentestingAug 19, 2025

If you already own the computer account, and want to coerce a logged-in admin, you can use an S4U2self impersonation ticket for that user.

So if Defender prevents you from executing code on a computer with an admin, just let it snitch on the admin with a relayable NTLMv2-Hash🤯

Show threadRedTeam PentestingAug 19, 2025
By intentionally coercing a host to open a share with a virus (or an EICAR test file), Windows Defender re-connects with computer account credentials in order to quarantine/delete it 🦠😷
RedTeam PentestingJun 17, 2025
We're excited to host our XSS workshop for RWTH Aachen University's SecLab, again. Today, the students will face XSS challenges as well as a hunt for IT security easter eggs to climb the leaderboard 🏆
#rwth #informatik #aachen