mig 🇺🇦
@miguelaya.bsky.social
infosec / fuck putin / fuck trump / fuck musk
Reposted by mig 🇺🇦
When I was younger, I naively believed that if the genocides of the past had occurred in our age of developed social media, the world would have stopped them sooner.
And then Ukraine was attacked in this very age of developed social media: an era where everyone has their own "version of truth";
And then Ukraine was attacked in this very age of developed social media: an era where everyone has their own "version of truth";
November 1, 2025 at 9:24 PM
When I was younger, I naively believed that if the genocides of the past had occurred in our age of developed social media, the world would have stopped them sooner.
And then Ukraine was attacked in this very age of developed social media: an era where everyone has their own "version of truth";
And then Ukraine was attacked in this very age of developed social media: an era where everyone has their own "version of truth";
Reposted by mig 🇺🇦
Intune now has dedicated security recommendations docs just like Entra 🔥
The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance
Thanks to my collegaue (Josh Gatewood) for pointing this out!
learn.microsoft.com/en-us/intune...
The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance
Thanks to my collegaue (Josh Gatewood) for pointing this out!
learn.microsoft.com/en-us/intune...
October 10, 2025 at 4:49 AM
Intune now has dedicated security recommendations docs just like Entra 🔥
The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance
Thanks to my collegaue (Josh Gatewood) for pointing this out!
learn.microsoft.com/en-us/intune...
The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance
Thanks to my collegaue (Josh Gatewood) for pointing this out!
learn.microsoft.com/en-us/intune...
The drones in the nordics are a good example of hybrid warfare from russia.
In a DDoS attack a force multiplier is used: send a little traffic somewhere, get it to respond manyfold.
Drones are a cheap way to cause NATO countries to divest attention and resources from helping Ukraine.
In a DDoS attack a force multiplier is used: send a little traffic somewhere, get it to respond manyfold.
Drones are a cheap way to cause NATO countries to divest attention and resources from helping Ukraine.
October 2, 2025 at 3:34 AM
The drones in the nordics are a good example of hybrid warfare from russia.
In a DDoS attack a force multiplier is used: send a little traffic somewhere, get it to respond manyfold.
Drones are a cheap way to cause NATO countries to divest attention and resources from helping Ukraine.
In a DDoS attack a force multiplier is used: send a little traffic somewhere, get it to respond manyfold.
Drones are a cheap way to cause NATO countries to divest attention and resources from helping Ukraine.
RPC interfaces
blog.jcspencer.net/rpc-interfaces/
blog.jcspencer.net/rpc-interfaces/
Windows RPC Interface Database - @jcspencer
A simple database of Windows RPC interfaces (DCE/RPC & Named Pipes)
blog.jcspencer.net
September 26, 2025 at 7:13 AM
RPC interfaces
blog.jcspencer.net/rpc-interfaces/
blog.jcspencer.net/rpc-interfaces/
Good post on using your context with SOCKS on other machines specterops.io/blog/2025/08...
Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP - SpecterOps
TL;DR When operating out of a ceded access or phishing payload with no credential material, you can use low-privilege HTTP authentication from the current user context to perform a proxied relay to LD...
specterops.io
August 26, 2025 at 6:58 AM
Good post on using your context with SOCKS on other machines specterops.io/blog/2025/08...
Good resource on Android apps interacting with SIM
stackoverflow.com/questions/30...
stackoverflow.com/questions/30...
Send APDU commands to USIM/SIM card in android
I was already worked with smart cards and I am familiar with APDU commands (that are defined in ISO/IEC 7816 and Global Platform specifications).
Now I want to know if there is any way to send an...
stackoverflow.com
August 22, 2025 at 11:48 AM
Good resource on Android apps interacting with SIM
stackoverflow.com/questions/30...
stackoverflow.com/questions/30...
RPC tutorial
clearbluejar.github.io/posts/from-n...
clearbluejar.github.io/posts/from-n...
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overco...
clearbluejar.github.io
August 21, 2025 at 11:22 PM
RPC tutorial
clearbluejar.github.io/posts/from-n...
clearbluejar.github.io/posts/from-n...
Good stuff!
-Academics pull off novel 5G downgrade attack
-Ransomware hits car recyclers across North America
-VPN apps share the same hardcoded password
-Bangladesh spent $190 million on surveillance tools
-Workday discloses breach
Podcast: risky.biz/RBNEWS466/
Newsletter: news.risky.biz/risky-bullet...
-Ransomware hits car recyclers across North America
-VPN apps share the same hardcoded password
-Bangladesh spent $190 million on surveillance tools
-Workday discloses breach
Podcast: risky.biz/RBNEWS466/
Newsletter: news.risky.biz/risky-bullet...
August 18, 2025 at 10:31 AM
Good stuff!
New baseband vulns
www.linkedin.com/posts/yongda...
www.linkedin.com/posts/yongda...
* USING LLFUZZ TO EXPOSE CRITICAL VULNERABILITIES IN BASEBAND LOWER LAYERS * | Yongdae Kim
* USING LLFUZZ TO EXPOSE CRITICAL VULNERABILITIES IN BASEBAND LOWER LAYERS *
- One malformed packet is enough to crash a smartphone -- To be presented at USENIX Security 2025
Baseband modems handle a...
www.linkedin.com
July 31, 2025 at 3:31 AM
New baseband vulns
www.linkedin.com/posts/yongda...
www.linkedin.com/posts/yongda...
Rehost your firmware
github.com/rehosting/pe...
github.com/rehosting/pe...
GitHub - rehosting/penguin: PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehost...
PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehosting process - rehosting/p...
github.com
July 29, 2025 at 9:24 AM
Rehost your firmware
github.com/rehosting/pe...
github.com/rehosting/pe...
This NTLM relay article node has edges to plenty of great article nodes
specterops.io/blog/2025/07...
specterops.io/blog/2025/07...
Escaping the Confines of Port 445 - SpecterOps
NTLM relay attacks targeting SMB restrict lateral movement options to those that solely require port 445/TCP. Learn at least one method of overcoming this restriction to enable additional lateral move...
specterops.io
July 29, 2025 at 8:26 AM
This NTLM relay article node has edges to plenty of great article nodes
specterops.io/blog/2025/07...
specterops.io/blog/2025/07...
New LPE
github.com/rtecCyberSec...
github.com/rtecCyberSec...
GitHub - rtecCyberSec/RAITrigger: Local SYSTEM auth trigger for relaying
Local SYSTEM auth trigger for relaying. Contribute to rtecCyberSec/RAITrigger development by creating an account on GitHub.
github.com
July 21, 2025 at 6:20 AM
New LPE
github.com/rtecCyberSec...
github.com/rtecCyberSec...
Opsec for accessing Shadow Volumes
www.linkedin.com/posts/stepha...
www.linkedin.com/posts/stepha...
During a recent incident response case, my colleague Yann M. | Stephan Berger
During a recent incident response case, my colleague Yann M. observed the following file access: \\localhost\C$\@ GMT-2025.06.21-10.53.43\Windows\NTDS\ntds.dit
This is a...
www.linkedin.com
July 14, 2025 at 8:57 AM
Opsec for accessing Shadow Volumes
www.linkedin.com/posts/stepha...
www.linkedin.com/posts/stepha...
Reposted by mig 🇺🇦
I resemble this comment.
https://www.nytimes.com/interactive/2025/06/30/opinion/hhs-cuts-harming-american-health.html
https://www.nytimes.com/interactive/2025/06/30/opinion/hhs-cuts-harming-american-health.html
July 1, 2025 at 2:25 PM
I resemble this comment.
https://www.nytimes.com/interactive/2025/06/30/opinion/hhs-cuts-harming-american-health.html
https://www.nytimes.com/interactive/2025/06/30/opinion/hhs-cuts-harming-american-health.html
SensePost | No egress, no shell, no problem
Leaders in Information Security
sensepost.com
June 27, 2025 at 7:56 AM
Reposted by mig 🇺🇦
How attackers move between AD domains via trusts depends on trust type & config. We're replacing TrustedBy edge in BloodHound with new trust edges for better attack path mapping.
Check out @jonas-bk.bsky.social's blog post to learn more. ghst.ly/4lj9C5T
Check out @jonas-bk.bsky.social's blog post to learn more. ghst.ly/4lj9C5T
Good Fences Make Good Neighbors: New AD Trusts Attack Paths in BloodHound - SpecterOps
The ability of an attacker controlling one domain to compromise another through an Active Directory (AD) trust depends on the trust type and configuration. To better map these relationships and make i...
ghst.ly
June 25, 2025 at 11:30 PM
How attackers move between AD domains via trusts depends on trust type & config. We're replacing TrustedBy edge in BloodHound with new trust edges for better attack path mapping.
Check out @jonas-bk.bsky.social's blog post to learn more. ghst.ly/4lj9C5T
Check out @jonas-bk.bsky.social's blog post to learn more. ghst.ly/4lj9C5T
New AD attack path
specterops.io/blog/2025/06...
specterops.io/blog/2025/06...
Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA) - SpecterOps
Account Operators can compromise an Active Directory domain by using Incoming Forest Trust Builders and DnsAdmins to create a trust with TGT delegation enabled.
specterops.io
June 26, 2025 at 6:47 AM
New AD attack path
specterops.io/blog/2025/06...
specterops.io/blog/2025/06...