Romern

@[email protected]
15 Followers
93 Following
12 Posts
RomernJan 30
RedTeam PentestingJan 30

Our tool for KeyCredentialLinks and Shadow Credential attacks keycred now works with updated domain controllers again!

It turns out, Microsoft violated their own specs.

Try it out: https://github.com/RedTeamPentesting/keycred/
#infosec #security

RomernDec 8

We just released my writeup for my first CTF challenge I ever created, "Ghostbusters" for Haix-La-Chapelle 2025 CTF @Pwn_la_Chapelle .
it involves some cool techniques for exploiting Ghostscript and PDF/PostScript file type confusion.

https://pwn-la-chapelle.eu/posts/hlc2025_ghostbusters/

Author Writeup – Haix-La-Chapelle CTF 2025: Ghostbusters

Author writeup of a Ghostscript challenge.

RomernNov 28
Pwn-la-ChapelleNov 28

By popular demand, registrations for Haix-la-Chapelle are now open!
Register your account here:
https://haix-la-chapelle.eu/register

If you experience any issues, open a support ticket on our discord:
https://discord.gg/ASYqv7N2Rj

Haix-la-Chapelle 2025

RomernNov 19
RedTeam PentestingNov 19

🔥Only 10 days left until the Haix-la-Chapelle 2025 CTF is starting on November 29!

We're sponsoring the prize money for the best writeups and are excited to see your creative solutions.

https://haix-la-chapelle.eu/

Haix-la-Chapelle 2025

RomernOct 8
Pwn-la-ChapelleOct 8

We are happy to announce that we will be hosting our first ever CTF, Haix-la-Chapelle 2025, on the 29th of November!
It will be a Jeopardy style CTF and will start at 10 am Berlin time, lasting for 24 hours.

You can find the CTFTime event at https://ctftime.org/event/2951 or you can check out our website at https://haix-la-chapelle.eu.

See you there!

Haix-la-Chapelle 2025

Haix‑la‑Chapelle 2025 is a online Jeopardy-style CTF organized for the first time by Pwn‑la‑Chapelle and friends! It...

RomernJun 4, 2025
RedTeam PentestingJun 4, 2025

🎉 It is finally time for a new blog post!

Join us on our deep dive into Windows Authentication Coercion and its current state in 2025, including some brand-new tooling ✨ #itsec #infosec #pentest #redteam

https://blog.redteam-pentesting.de/2025/windows-coercion

The Ultimate Guide to Windows Coercion Techniques in 2025

Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to almost arbitrary Windows workstations and servers, …

RedTeam Pentesting - Blog
Show threadRomernAug 1, 2024
@muvlon I demand at least a /64 for IPv6 so I can circumvent IP-based API rate limiting.
RomernApr 15, 2024
daniel:// stenberg://Apr 15, 2024

I was reminded of the great #Cisco security fix of 2019

#curl

Show threadRomernApr 14, 2024
@0xdf you note it at the end of the post, but the actual exploit for the Ghostscript part was related to the dNOSAFER flag being set, not the CVE you mentioned at the beginning. As the Kroll blog post suggests, it’s a bypass for dSAFER abusing path normalization. The repo which you used to generate the eps payload is misleading, as it is not an exploit for the mentioned CVE at all, but rather unsafe use of Ghostscript in general.