DLS 2024 - RedTeam Fails - “Oops my bad I ruined the operation”

Red Team Fails - “Oops my bad I ruined the operation”, a story on how to fail a red team assessment. TLDR: Recently I had the pleasure to give a rump during the “Drink Love Share” meet organized by TheLaluka. This blog post will delve deeper into the topic. This rump told the tale of a little Dino starting in the red team industries.

Avast Anti-Virus privileged arbitrary file create on virus quarantine (CVE-2023-1585 and CVE-2023-1587)

0x00: Introduction

Stealing GitHub staff's access token via GitHub Actions

(この記事は日本語でも読むことが出来ます。) Disclaimer GitHub is running a bug bounty program on HackerOne, and as part of this program, vulnerability research is permitted by the safe harbor. This article describes a vulnerability that I discovered as a result of my investigation in compliance with the safe harbor criteria and is not intended to encourage unauthorized vulnerability research activities. If you find a vulnerability on GitHub, please report it to GitHub Bug Bounty. TL;DR In the actions/runner repository, which hosts the source

So you think you can block Macros? | Outflank

blog about macro blocking/signing, attacker/red team work arounds and further mitigations. Macro signing, message bar & Excel add-ins

Capturing the Flag with GPT-4

Crontalk on Twitter

“🎙️Retrouvez la chronique de Alain Mavurk, pentester chez @Intrinsec, sur #Crontalk. Il nous détaille son métier et son quotidien. 👉 https://t.co/Wregtb1qwb”

Introducing BloodHound 4.3 — Get Global Admin More Often

Thank you to Hugo Vincent for his AzureHound contribution which adds app role assignment enumeration, enabling the MS Graph attack path feature. Thank you to Hugo as well for his BloodHound PR to…