mpgn
@mpgn.bsky.social
Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿
Podcast Hack'n Speak http://anchor.fm/hacknspeak
Github https://github.com/mpgn
Podcast Hack'n Speak http://anchor.fm/hacknspeak
Github https://github.com/mpgn
Reposted by mpgn
This looks off to you? Yeah...
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
March 3, 2025 at 6:01 PM
This looks off to you? Yeah...
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.
But it can get even worse 1/4🧵
Reposted by mpgn
🔐 Purple Team job alert ! 🛡️🚨🔥
Lucca ouvre un poste dans sa team sécu !
TL;DR : Du web, du k8s Talos, des millions de users, un prog de bounty mature, un ADN branché scalabilité dans une boîte qui cultive la transparence, l'expertise et la culture du challenge.
Bref, vous en saurez plus ici :👇
Lucca ouvre un poste dans sa team sécu !
TL;DR : Du web, du k8s Talos, des millions de users, un prog de bounty mature, un ADN branché scalabilité dans une boîte qui cultive la transparence, l'expertise et la culture du challenge.
Bref, vous en saurez plus ici :👇
Lucca - Confirmed / Senior Security Engineer - Purple Team
🎓 3 à 8 ans d'expérience requis en pentest et/ou red team 💼 Bac+5 💰 Salaire prévu entre 63 et 75K€ fixes bruts par an, selon l'expérience 📍 Nantes, Marseille, Paris ou Full remote (localisation en Fra...
jobs.lever.co
March 2, 2025 at 5:46 PM
🔐 Purple Team job alert ! 🛡️🚨🔥
Lucca ouvre un poste dans sa team sécu !
TL;DR : Du web, du k8s Talos, des millions de users, un prog de bounty mature, un ADN branché scalabilité dans une boîte qui cultive la transparence, l'expertise et la culture du challenge.
Bref, vous en saurez plus ici :👇
Lucca ouvre un poste dans sa team sécu !
TL;DR : Du web, du k8s Talos, des millions de users, un prog de bounty mature, un ADN branché scalabilité dans une boîte qui cultive la transparence, l'expertise et la culture du challenge.
Bref, vous en saurez plus ici :👇
🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak !
C'est la partie 2 du relais Kerberos, avec une section dédiée à SCCM et un petit supplément Red Team 🥷🐊
Bonne écoute à toutes et à tous 🎶
creators.spotify.com/pod/show/hac...
C'est la partie 2 du relais Kerberos, avec une section dédiée à SCCM et un petit supplément Red Team 🥷🐊
Bonne écoute à toutes et à tous 🎶
creators.spotify.com/pod/show/hac...
0x2C @croco_byte | Relai kerberos partie 2, SCCM, redteam ! by Hack'n Speak
Twitter: https://x.com/croco_byteTwitter: https://x.com/mpgn_x64Blog post - https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx- https://www.synacktiv.com/publication...
creators.spotify.com
February 28, 2025 at 11:16 AM
🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak !
C'est la partie 2 du relais Kerberos, avec une section dédiée à SCCM et un petit supplément Red Team 🥷🐊
Bonne écoute à toutes et à tous 🎶
creators.spotify.com/pod/show/hac...
C'est la partie 2 du relais Kerberos, avec une section dédiée à SCCM et un petit supplément Red Team 🥷🐊
Bonne écoute à toutes et à tous 🎶
creators.spotify.com/pod/show/hac...
Generate a valid krb5 conf file directly from netexec 🔥
Not that NXC needs it, but sometimes you gotta help other tools for them to work. 😂
Not that NXC needs it, but sometimes you gotta help other tools for them to work. 😂
January 20, 2025 at 8:11 AM
Generate a valid krb5 conf file directly from netexec 🔥
Not that NXC needs it, but sometimes you gotta help other tools for them to work. 😂
Not that NXC needs it, but sometimes you gotta help other tools for them to work. 😂
DCsync a domain when you find a user in the Backup Operators group using netexec, very simple and no need for a custom smb server 😛🏆
January 13, 2025 at 8:19 PM
DCsync a domain when you find a user in the Backup Operators group using netexec, very simple and no need for a custom smb server 😛🏆
So you want to exploit ADCS ESC8 with only netexec and ntlmrelayx ? Fear not my friend, I will show you how to do it 👇
NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @dirkjanm.io original work on PKINITtools ⛱️
NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @dirkjanm.io original work on PKINITtools ⛱️
January 6, 2025 at 8:33 PM
So you want to exploit ADCS ESC8 with only netexec and ntlmrelayx ? Fear not my friend, I will show you how to do it 👇
NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @dirkjanm.io original work on PKINITtools ⛱️
NetExec now supports "Pass-the-Cert" as an authentication method, thanks to @dirkjanm.io original work on PKINITtools ⛱️
Reposted by mpgn
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
GitHub - dirkjanm/BloodHound.py: A Python based ingestor for BloodHound
A Python based ingestor for BloodHound. Contribute to dirkjanm/BloodHound.py development by creating an account on GitHub.
github.com
January 2, 2025 at 4:41 PM
Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...
ldap socks on netexec / nxc 🎃
January 2, 2025 at 10:22 PM
ldap socks on netexec / nxc 🎃
Reposted by mpgn
I updated the diagram representing the different Point and Print configurations and their exploitation on my blog.
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
December 4, 2024 at 5:42 PM
I updated the diagram representing the different Point and Print configurations and their exploitation on my blog.
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Reposted by mpgn
This is the paradox of security and it. Doing your job well results in nothing (in a good way). Mistakes are blown up and noticed (in a bad way).
DAMMIT NPR.
I spent nine months upgrading over TEN THOUSAND desktops at a F500 client. The grand total was over SEVENTY THOUSAND applications upgraded.
Y2K "didn't live up to the hype" because the industry busted ass to duct tape everything first.
I spent nine months upgrading over TEN THOUSAND desktops at a F500 client. The grand total was over SEVENTY THOUSAND applications upgraded.
Y2K "didn't live up to the hype" because the industry busted ass to duct tape everything first.
December 29, 2024 at 3:40 PM
This is the paradox of security and it. Doing your job well results in nothing (in a good way). Mistakes are blown up and noticed (in a bad way).
hear me out, pass the certificate auth on nxc 🔥
December 31, 2024 at 5:11 PM
hear me out, pass the certificate auth on nxc 🔥
Thanks to Xiaolichan, NXC is now capable of scanning your network without attempting SMBv1 first by using the flag --no-smbv1. This reduces unexpected errors and scan time on large networks. 👺
A new module has also been added to scan hosts vulnerable to the Remove-MIC vulnerability 🔥
A new module has also been added to scan hosts vulnerable to the Remove-MIC vulnerability 🔥
December 30, 2024 at 8:24 AM
Thanks to Xiaolichan, NXC is now capable of scanning your network without attempting SMBv1 first by using the flag --no-smbv1. This reduces unexpected errors and scan time on large networks. 👺
A new module has also been added to scan hosts vulnerable to the Remove-MIC vulnerability 🔥
A new module has also been added to scan hosts vulnerable to the Remove-MIC vulnerability 🔥
bye bye smb on ldap proto, coming soon 👺
December 18, 2024 at 11:33 AM
bye bye smb on ldap proto, coming soon 👺
Reposted by mpgn
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
November 25, 2024 at 5:31 PM
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
Reposted by mpgn
Vous savez quoi ? @mpgn.bsky.social est désormais sur Bluesky ! 👀
L'occasion rêvée pour reposter le lien vers mon intervention sur son podcast Hack'n'Speak 🎙️
L'occasion rêvée pour reposter le lien vers mon intervention sur son podcast Hack'n'Speak 🎙️
Pour mes followers francophones, voici mon intervention pour le podcast Hack’n’Speak de MPGN https://podcasters.spotify.com/pod/show/hacknspeak
December 16, 2024 at 1:19 PM
Vous savez quoi ? @mpgn.bsky.social est désormais sur Bluesky ! 👀
L'occasion rêvée pour reposter le lien vers mon intervention sur son podcast Hack'n'Speak 🎙️
L'occasion rêvée pour reposter le lien vers mon intervention sur son podcast Hack'n'Speak 🎙️
Two new modules for MSSQL on NXC, thanks to the contributions of @lodos2005.bsky.social and @adamkadaban.bsky.social 🔥
- rid-brute from mssql
- mssql_coerce from mssql
github.com/Pennyw0rth/N...
- rid-brute from mssql
- mssql_coerce from mssql
github.com/Pennyw0rth/N...
December 17, 2024 at 8:32 AM
Two new modules for MSSQL on NXC, thanks to the contributions of @lodos2005.bsky.social and @adamkadaban.bsky.social 🔥
- rid-brute from mssql
- mssql_coerce from mssql
github.com/Pennyw0rth/N...
- rid-brute from mssql
- mssql_coerce from mssql
github.com/Pennyw0rth/N...
Reposted by mpgn
Pour mes followers francophones, voici mon intervention pour le podcast Hack’n’Speak de MPGN https://podcasters.spotify.com/pod/show/hacknspeak
May 16, 2023 at 4:08 PM
Pour mes followers francophones, voici mon intervention pour le podcast Hack’n’Speak de MPGN https://podcasters.spotify.com/pod/show/hacknspeak
If you want to first blood a windows box in @hackthebox.bsky.social every minute counts ! 🩸
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥
November 15, 2024 at 1:29 PM
If you want to first blood a windows box in @hackthebox.bsky.social every minute counts ! 🩸
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥