OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of end-users and obtain basic profile information in a REST-like manner.
Continue reading«Die US-Regierung hat die Möglichkeit, auf viele Politikermails in Europa zuzugreifen»
Bert Hubert, Sie beraten regelmässig Politikerinnen. Was sagen Sie zur Signal-Affäre, bei der der Chefredakteur des Magazins «The Atlantic» versehentlich in einen Gruppenchat mit dem US-Vizepräsidenten J. D.
Continue readingURL validation bypass cheat sheet for SSRF/CORS/Redirect – 2024 Edition | W
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS misconfigurations, and open redirection.
Continue readingConditional Access Regelwerke in 2025 –
Wie viele Policies sind notwendig, um einen Microsoft 365 Tenant vernünftig abzusichern? Zwei? Drei? Zwölf? Dreißig? Die Wahrheit liegt für die meisten Tenants dazwischen. Es gibt einige Dinge zu beachten und kein passendes CA-Regelwerk von der Stange.
Continue readingGitHub – nshalabi/SysmonTools: Utilities for Sysmon
Sysmon View helps in tracking and visualizing Sysmon logs by logically grouping and correlating the various Sysmon events together, using existing events data, such as executables names, session GUIDs, event creation time, etc., the tool then re-arranges this data for display into multiple views
Continue readingGitHub – decoder-it/KrbRelayEx-RPC
KrbRelayEx-RPC is a tool similar to my KrbRelayEx designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets.
Continue readingDeception in Depth – Hiding AD Users and Groups – Part 1
Hello darkness, my old friend. We’re back after quite the long hiatus with another entry in the Deception in Depth series, since then I’ve changed roles from the lead on the deception project at $Employer to the Red Team (I’ve mentioned this in a few posts before, I think.
Continue readingHow Google Does It: Using threat intelligence to uncover and track cybercri
One of the GTIG teams was able to investigate the malware in concert with our cybercrimes investigations group, and the legal litigation team was able to take civil action against the CryptBot malware distributors.
Continue readingPEASS-ng/linPEAS/README.md at master · peass-ng/PEASS-ng · GitHub
LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz.
Continue readingStressed Testing: Practical Operational Resilience
Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in particular the Bank of England and then others.
Continue reading