phrachtal

Punching Sideways While I no longer work in the C2 space and I don’t consider myself up on the operations side of red teaming, I watch the space closely to see where it’s going. In this post, I want to write about a…

Punching Sideways

aff-wg.org/2026/02/23/p...

Posting this because I’m not sure Steve is on this platform. He’s made a CLion template for Crystal Palace.

github.com/0xTriboulet/...

[BLOG]
Cracking the Crystal Palace - detecting in-memory PIC using Crystal Palace's __resolve_hook() intrinsic.
rastamouse.me/cracking-the...

Red Team Ops II Gain the knowledge and skills necessary to operate against advanced defences.

The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...

Looking to move to a PC from a MacBook Pro. It’s been a while since I’ve shopped Windows/Linux laptops. Is Framework the way to go or can I get better at that price point? Looks to be around 3k.

When I was a kid, the dishwasher on occasion was me. lol

As new projects, blog posts, and other efforts around TCG show up, I'm listing them here:

tradecraftgarden.org/references.h...

I've put together a Friends of the Tradecraft Garden list on BlueSky too:

bsky.app/profile/did:...

Thank you for building, exploring, & teaching w/ this young project 🪴

New Site Launch

ICYMI it on the heathen platform, I recently launched a new training portal for Zero-Point. Read more here: www.zeropointsecurity.co.uk/blog/new-sit...

Kerberoasting w/o the TGS-REQ Kerberoasting is a technique that allows an attacker to extract the encrypted part of a TGS-REP and brute force it offline to recover the plaintext password of the associated service account. The most...

[BLOG]
I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets.

rastamouse.me/kerberoastin...

Dig through this timeline and you'll figure out what I'm here to do. I spoke to a commercial leader in the offensive security space last year. My words: you're fucking it up.

What I didn't say: I feel compelled, even though I DON'T want the bullshit, to try and fix it.

What does all of this mean?

The @trustedsec.com BoF dev class is up learn.trustedsec.com/catalog

I am trying to make a list of hackers, vulnerability researchers, penetration testers and red team folks. If you do those things can you please reply or like this post so i can find you?

for anyone out there who wants to download vmware "now that its free", but doesnt want to go through the fucking cirque de soleil trapeze act of auth and redirects and entitlements, someone on masto linked me to this - where you can just fetch ... everything, without need for their bullshit!

Timeroast with NetExec

NetExec has a new Module: Timeroast🔥

In AD environments, the DC hashes NTP responses with the computer account NT hash. That means that you can request and brute force all computer accounts in a domain from an UNAUTHENTICATED perspective!

Implemented by Disgame

1/3🧵

x.com/al3x_n3ff/st...

AdobeFips - Adobe Reader Lolbin

www.hexacorn.com/blog/2024/11...

TrustedSec Tech Brief - November 2024 YouTube video by TrustedSec

TrustedSec Tech Brief

00:30 - NTLM Hash Disclosure Zero-Day
01:45 - Task Scheduler Vulnerability
02:30 - Exchange Server Issues
03:15 - AD Certificate Services Flaw
04:00 - Vulnerability Breakdown
04:45 - Palo Alto Zero-Day
05:30 - FortiGate VPN Update

www.youtube.com/watch?v=3mSD...