DirectoryRanger @DirectoryRanger
This account assembles and disseminates information related to Active Directory and Windows security. ernw.de Joined December 2017-
Tweets15K
-
Followers31K
-
Following100
-
Likes688
This is the first time I’ll be co-presenting with @_dirkjan. Our talk on ‘Attacking Primary Refresh Tokens using the Mac implementation’ has been accepted at @WEareTROOPERS Very excited to share this joint research in the beautiful Heidelberg!
dacledit is now merged in Impacket 🚀 I'm proud of the work @BlWasp_ and I provided, we hope you'll love it as much as we loved developing and using it
dacledit is now merged in Impacket 🚀 I'm proud of the work @BlWasp_ and I provided, we hope you'll love it as much as we loved developing and using it
New release of ldapconsole.py: Version 2.1.0 is out 🔥 🔹Added rootdse command to query the RootDSE 🔹Added searchbase command to specify the distinguishedName base on which to search 🔹Added searchscope command to specify the scope of the query (BASE, LEVEL, SUBTREE)…
Reflections on certificates, by @Enno_Insinuator Part 1 theinternetprotocolblog.wordpress.com/2023/01/17/ref… Part 2 theinternetprotocolblog.wordpress.com/2023/02/12/ref…
Happy to return to @WEareTROOPERS for a joint talk with @olafhartong 😁. We'll cover undocumented PRT behavior and other weird tricks Microsoft uses for Entra SSO on MacOS.
Happy to return to @WEareTROOPERS for a joint talk with @olafhartong 😁. We'll cover undocumented PRT behavior and other weird tricks Microsoft uses for Entra SSO on MacOS.
Want to d̶u̶m̶p̶ backup all BitLocker keys from Entra ID instead? :) (Get-MgInformationProtectionBitlockerRecoveryKey -All) | ForEach-Object { $device = (Get-MgDevice -Filter "deviceId eq '$($_.DeviceId)'").DisplayName $key = (Get-MgInformationProtectionBitlockerRecoveryKey…
Want to d̶u̶m̶p̶ backup all BitLocker keys from Entra ID instead? :) (Get-MgInformationProtectionBitlockerRecoveryKey -All) | ForEach-Object { $device = (Get-MgDevice -Filter "deviceId eq '$($_.DeviceId)'").DisplayName $key = (Get-MgInformationProtectionBitlockerRecoveryKey…
VERY good morning to you all 🤩 #troopers24 @WEareTROOPERS
My @WEareTROOPERS talk "Exploiting Token-Based Authentication: Attacking and Defending Identities in the 2020s" was accepted, so see you in Heidelberg 🇩🇪 in June 26-27!
Active Directory: Tactical Containment to Curb Domain Dominance, by @cyb3rp_nk sansorg.egnyte.com/dl/vkJrF1Nv5S
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call. tiraniddo.dev/2024/04/relayi…
It’s finally out. Incredible stuff from @nyxgeek on invisible password spraying 🥷
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. github.com/Sh3lldon/FullB…
Top 16 Active Directory vulnerabilities found during pentests (detailed post) #infosec #pentest #pentesting #hack #hacking @DirectoryRanger infosecmatter.com/top-16-active-…
Wrote these 2 articles today (after tooling made) Script Enforcement and PowerShell Constrained Language Mode in WDAC App Control Policies github.com/HotCakeX/Harde… How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control github.com/HotCakeX/Harde… #Cyber
We are proud to finally share some great research by Arnau Ortega on a 1-click #Azure tenant takeover attack. You can read all about it in our latest blog post. It explains how we could take over any Azure tenant; just by clicking one legitimate link 😨 falconforce.nl/arbitrary-1-cl…
Another intriguing aspect of #SilverPotato: slui.exe - sppui can be found running on an ADCS server, activated by an admin. A simple domain user could then remotely coerce and relay authentication of users logged into the ADCS server, normally high-privileged 😉
New blog from @gabe_k just dropped on discovering multiple vulns in Windows 11 24H2 + exploitation and nice KASLR bypass. exploits.forsale/24h2-nt-exploi…
ADCS ESC14 Abuse Technique by @Jonas_B_K posts.specterops.io/adcs-esc14-abu…
New post: BSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service insinuator.net/2024/04/bsi-pu…
Still the best IT security conference in Germany. There was FIRSTCTI in April and OffensiveCon is in May, but both are in Berlin and I avoid Berlin like the plague. TROOPERS takes place in the beautiful Heidelberg.
Still the best IT security conference in Germany. There was FIRSTCTI in April and OffensiveCon is in May, but both are in Berlin and I avoid Berlin like the plague. TROOPERS takes place in the beautiful Heidelberg.
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Florian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsPtrace Security GmbH @ptracesecurity
53K Followers 883 Following Empowering IT Security Professionals through Hands-On Online Courses.Grzegorz Tworek @0gtweet
30K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Dr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)Mike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's griprootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Oliver Lyak @ly4k_
8K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KICharlie Bromberg « .. @_nwodtuhs
13K Followers 648 Following Trying to hack the way we hack things 🏴☠️☣ KitPloit - Hacker.. @KitPloit
118K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!Matt Zorich @reprise_99
11K Followers 2K Following @Microsoft GHOST 👻 | https://t.co/HWozKuj5IQ | Tweets are my ownDirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.an0n @an0n_r0
11K Followers 716 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺sn🥶vvcr💥sh @snovvcrash
10K Followers 439 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of Pentester’s Promiscuous Notebook (https://t.co/rL1sv5A2R7) :: He/him :: Tweets’re my pwn 🐣Steve Syfuhs @SteveSyfuhs
17K Followers 2K Following Windows and Authentication at Microsoft. Developer. Mostly dog pictures. Might actually be two dogs in a trench coat. 🇺🇸 / 🇨🇦 @syfuhs.net on blue skyJosh @passthehashbrwn
7K Followers 344 Following Adversarial Simulation at IBM, tweets are mine etc.Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFSupItsWill @SupItsWill1
301 Followers 5K Followingrayan ibrahim @RAslyh
1 Followers 167 FollowingKadir Crk @MehmetKadirCrk1
26 Followers 195 FollowingWen Situ @WenSitu1
37 Followers 139 FollowingSigSec @SigSec
40 Followers 166 Following Join us nightly at 7pm EST. We opine on the state of our nation and what we must do to fix it.0utc4st @0utc4st___
2 Followers 118 FollowingComm Junk @comm70727
53 Followers 182 Followingmarcos sandoval @marcoss65449999
56 Followers 934 Followingjack @gosstty2
59 Followers 449 Followingdarlakarren @darlakarren
359 Followers 3K FollowingN @nullst4ck
1 Followers 15 FollowingChris Collins @cpcollins1
102 Followers 723 FollowingSpock @Sp0ck1701
6 Followers 164 FollowingFind yourself @nextgen_oss
291 Followers 2K Following FdSc and BSc in Computer Science (1st Hons) | Java, Python, and JavaScript enthusiast | Machine Learning explorer with AI | Open Source Advocate | Qubes OS#fitnessmusicoff @fitnessmusicoff
175 Followers 1K Following nature is amazing, it was never meant to be illegal. stay genuine, tables will turn. life is hard. get rich anyway. privacy is dignity. time is art.Rodrigo Rios 🇧🇷 @Rodrigofrj
32 Followers 621 Following O sábio nunca diz tudo o que pensa, mas pensa sempre tudo o que diz. Aristóteles.Electronicsseeker @libertarian108
10 Followers 1K Followingmaison millemont @maison1000mont
139 Followers 2K FollowingKs @HKassiio
13 Followers 76 FollowingJason Polm @JasonPolm
77 Followers 315 FollowingJimmy in Cyber @JimmyinCyber
2K Followers 1K Following Unofficial, keen to know more on Big Data, ML and Digital Engagement, opinions are my own; RT don’t endorse Wants to be a pirate https://t.co/PMgbRUC2yiShameem Bhat @hacktvist
663 Followers 690 Following wanderer, who thrives to explore the different dimensions of life and culture.cl0ak_th3_r3ap3r @ghostin43
15 Followers 197 FollowingBrent @BrentDougan
0 Followers 116 Following@Blu3Ops @Blu3Ops
62 Followers 484 FollowingMr Shadow @MrShadow509
5 Followers 200 Following J'aime apprendre de nouvelles choses sur la technologie et partager mes connaissances avec les autres.Thanks Always @iTimonPumbaa
9 Followers 368 FollowingDeen @itxDeeni
3K Followers 3K Following Backend/ API Engineer | Technical Writer 👨💻 ⚡️Typescript 🐍Python ☕️Java 🐙Git 🐧Linux ⚓️Scrum ☁️AWS 🐳Docker 🌟GitHub 🏆Agile 📊SEO 🤖AIMachicouli 🇫🇷 �.. @mchcli
40 Followers 721 Following Qui que je sois au fond de moi, je ne suis jugé que par mes actesFred_Santos @_fredssantos_
76 Followers 2K Followingkaren riveros @karenriverosk00
29 Followers 679 FollowingAndreas Bråthen @andtux
4 Followers 703 FollowingNithin S @NithinS1548654
45 Followers 413 Followingdiarrhea_goat @diarrhea_goat
2 Followers 276 Following Systems eng by day, pentester by night. Sharing what I learn along the way and randomly bitching about IBD.Isma @isma99el
239 Followers 4K Following陳燁盛 @CnYeSheng
0 Followers 1K FollowingHack The Gibson 😎 @10_is_happening
192 Followers 1K Following Tech🧑💻 1337 Wannabe 🎯 lifelong learner.. 💜🅿️haloukitty @hal0ukitty
7 Followers 62 FollowingWes Holton @wesholtontech
64 Followers 597 Following Tweets about all things IT. Also, I love Jesus, my family, music, reading, learning, exploringkfm66 @khaleed_42
24 Followers 427 FollowingRama Azer @RamaAzer1
7 Followers 181 FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Florian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MDr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)Vincent Yiu @vysecurity
27K Followers 203 Following Follow me for Cybersecurity #Thought #Leadership. Director Red Team. Help organizations safeguard their businesses from the bad guys.Dirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.sn🥶vvcr💥sh @snovvcrash
10K Followers 439 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of Pentester’s Promiscuous Notebook (https://t.co/rL1sv5A2R7) :: He/him :: Tweets’re my pwn 🐣🥝🏳️🌈 Be.. @gentilkiwi
62K Followers 278 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employerSamir @SBousseaden
24K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownVincent Le Toux (Pari.. @mysmartlogon
11K Followers 56 Following Author of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.bohops @bohops
13K Followers 454 Following Full StackOverflow Developer | Security Researcher | Red/PurpleMicrosoft Threat Inte.. @MsftSecIntel
180K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.ap @decoder_it
7K Followers 259 Following Incident Response and Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022.Duende Software @DuendeIdentity
2K Followers 8 Following Duende Software. Makers of Duende IdentityServer and the BFF security framework. https://t.co/vqWljy9PM6Mari Degrazia @maridegrazia
8K Followers 153 Following Digital Forensics and Incident Response Professional, SANS Instructor, Maker and VR GamerOtterHacker @OtterHacker
5K Followers 79 Following Professional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI@[email protected].. @netbiosX
23K Followers 806 Following Red Teamer | Blogger | Director @pentestlabltd | Mod @ https://t.co/1nzjl9KpSH | https://t.co/mIM1GA1mN4JsQ4Kn0wledge @JsQForKnowledge
551 Followers 99 Following Focussing on Microsoft Identity And (Information) Security related matters! Husband of 1, father of 2, motorcycle lover and somewhere in between a geek!Selena @selenalarson
31K Followers 1K Following not using this much anymore. senior threat intel analyst, targeted cybercrime, cohost of the DISCARDED podcast @proofpoint. she/her.Kai Thomsen @kaithomsen
1K Followers 633 Following Director of Global Incident Response Services @dragosinc, Certified SANS Instructor #TROOPER4life0xStarlight @Bhaskarpal__
3K Followers 575 Following CSE Major | eJPT | CRTP | CRTE | CRTO | CRTL | HackTheBox Hall Of Fame Top 50 and Top 2 in India | Programmer and Play CTF with @ActivateWind0wsJorge de Almeida Pint.. @ZjorZke
30 Followers 29 FollowingBill Demirkapi @BillDemirkapi
22K Followers 165 Following Security @ Microsoft. Passionate about Windows Internals. Opinions are my own.ERNW @ERNW_ITSec
276 Followers 24 Following https://t.co/eVbbZQZB88 Also at the infosec exchange as ERNWTravis Goodspeed @travisgoodspeed
25K Followers 4K Following Merchant of Dead Trees and Licensed Proselytizer of the Gospel of the Weird Machines with Pwnage, PoC, and Secular Rock.HanseSecure GmbH @HanseSecure
4K Followers 3 Following Erhöhe wirksam & nachhaltig die Cybersecurity in deinem UnternehmenArturo Lucatero 🥑 @ArLucaID
2K Followers 1K Following 💻 Product @Microsoft (Azure Managed Identity) 🎓 Board @degofchange 🚗 Chauffeur @drealtania 👋🏽 My own opinions here 🇲🇽🇺🇸heise Security @heisec
103K Followers 21 Following News und Hintergrund-Geschichten von heise Security -- dem Sicherheitsportal von @heiseonline +++ https://t.co/kdYVFTHDPr… 🐘https://t.co/z9U6DE5eJ1Christophe Tafani-Der.. @christophetd
5K Followers 1K Following • Cloud and container security • Cloud security research and open source @DatadogHQ • https://t.co/AnCl0xutWxDominik Phillips @dphillips__
115 Followers 198 FollowingAleksandar Milenkoski @milenkowski
2K Followers 472 Following Sr. Threat Researcher @LabsSentinel | https://t.co/lNC3T5OShC | PhD | Personal profile | 🇩🇪Jeff Hicks (https://t.. @JeffHicks
22K Followers 1K Following Old school IT Pro, Microsoft MVP, author, learning architect, speaker, and Pluralsight author. AKA Prof. PowerShell Emeritus and Mr. Roboto.Marcos @_n4rr34n6_
3K Followers 165 Following Un curioso sobre el #DFIR ~ Jugando con la #Ciberinteligencia ~ Antes escribía para @fwhibbit_blog ~ https://t.co/jsjDrpbArv… ~ La #Poesía es mi lado ocultoMarkus Sümmchen @msuemmchen
142 Followers 115 Following CEO and Founder of white duck | Software and Cloud Engineering | Microsoft Azure | Cloud Native | Containerization | Kubernetes | DevOps | DevSecOps | GitHubDirTeam.com @DirTeamCom
972 Followers 0 Following This is the twitter account for the http://t.co/QuUTMBGZxv / http://t.co/RjQFsCViQQ WeblogsPhill Moore @phillmoore
8K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mineHideaki Ihara @port139
1K Followers 290 FollowingHarr0ey @harr0ey
2K Followers 591 Following Most time red teamer and a little bit blue | Security researcher | noob and always learning ¯\_(ツ)_/¯Carrie Roberts @OrOneEqualsOne
5K Followers 423 Following Mechanical Engineer turned Developer turned Pentester turned Red Teamer turned Blue-ish Purple. Instructor for Antisyphon Training. GIAC GSE Certification.Ryan Ries @JosephRyanRies
5K Followers 284 Following Windows Escalation Engineer @ MSFT. I have retired from Twitter.aatlasis @aatlasis
552 Followers 614 Following Space Security engineer, network protocols researcher, programmer for fun.Miriam Wiesner @MiriamXyra
4K Followers 768 Following Security Researcher at @Microsoft, Passionate about #hacking, #security and #powershell, tweets are my own | @[email protected]Stefan Sellmer @Stefan0x531
588 Followers 1K Following Security Researcher @Microsoft - All tweets are my own!Daniel Ulrichs @DanielUlrichs
566 Followers 172 Following Architect - Identity & Security. Consultant with high focus on Active Directory/Security, Identity and system hardening @ https://t.co/lP8KKKSwupSwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.Hacker Hurricane @HackerHurricane
4K Followers 202 Following Austin TX. area Information Security ProfessionalFlorian Horsch @flouSH
668 Followers 510 Following Managing Director at @shapertools, digital fabrication addict & co-founder of @HabibiWorks.ERNW_Insight @ERNW_Insight
331 Followers 142 Following This account is suspended. For information about TROOPERS, follow @WEareTROOPERS and @ERNW_ITSec. #ERNW #ITsecurityDANΞ @cryps1s
5K Followers 313 Following CISO/Human at @PalantirTech | Windows Security Fanboy | Occasional Shitposter | All views are my own, not my employer. Duh. (Tweets == 30d retention)Kevin Robertson @kevin_robertson
5K Followers 178 FollowingSpiros Fraganastasis @m3g9tr0n
14K Followers 1K Following Team @hashcat! Eternal n00b and knowledge seeker! Age is just a number and motivation is the fuel! Whatever you do in your life, do not forget to be humble.New post: Breaking UPS Parcel Tracking insinuator.net/2024/04/breaki…
@IrwinStrachan @DirectoryRanger @Icemoonhsv Once the PS Active Directory module was a thing I never looked back, but this still great stuff to know 👍
@DirectoryRanger @Icemoonhsv I remember when ds* were the new kid on the block... 😬 Good times...
I read an old blog post I wrote on a particular subject, and all I'm going to say is - sorry friends. We all start somewhere...😬
@guyrleech @DirectoryRanger yeah apologies, I'm not sure how .js landed up on that link but with the gist opens up without it! Thank you 💖
I'll use this today. Less thinking and more copy+pasting
LDAP Queries for Offensive and Defensive Operations, by @EricaZelic politoinc.com/post/ldap-quer…
The WDAC guide created by @CyberCakeX is truly brilliant. ❤️❤️ Do yourself a favor, and read this guide first before you read the docs. github.com/HotCakeX/Harde…
So I just have to wait now... Hope I will be able to see you all at @WEareTROOPERS 2024
This is an awesome post by @cnotin Federation is one of my favorite things to abuse, especially from a password spraying perspective. Sometimes you can find legacy NTLM authentication endpoints in ADFS. Looking for NTLM auth with ADFS? @nyxgeek has you covered…
Roles Allowing To Abuse Entra ID Federation for Persistence and Privilege Escalation, by @cnotin medium.com/tenable-techbl…
@PyroTek3 @DirectoryRanger @WEareTROOPERS Now you are making me want to submit to the cft just see if I get to see you there 😂
@PyroTek3 @WEareTROOPERS Would live to see you speak again!
New post: c0c0n 2023 – A Short Retrospective insinuator.net/2023/10/c0c0n-…