Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH

Florida, USA
I’m excited to announce my newest training course, Breaching M365, is now available on-demand through @Antisy_Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse, persistence, privilege escalation, and data harvesting. If you want to level up your M365 tradecraft, check it out here: antisyphontraining.com/produ…
3
17
105
7,052
Today we are releasing GraphRunner, a post-exploitation toolset for M365 and Entra ID accounts that myself and @424f424f have been building for the last few months. Read the blog post here: blackhillsinfosec.com/introd… Code is here: github.com/dafthack/GraphRun…
16
222
560
72,470
Just pushed a new tool for password spraying Microsoft Online accounts (Azure/O365) to Github called MSOLSpray. It logs if a user cred is valid, if MFA is enabled, if a user doesn't exist, if the account is locked, if the account is disabled, and more. github.com/dafthack/MSOLSpra…
7
241
577
New PowerShell tool NetworkRecon for finding network-level vulns by @6fletch9 - blackhillsinfosec.com/?p=596… #pentest
4
238
366
How to Build a Cloud Hacking Lab piped.video/4s_3oNwqImo
5
110
356
Here's an interesting path I took to getting "Domain Admin" at an org this week. #InfoSec #Hacking
10
236
294
Internet Explorer XXE 0-day exploit w/ PoC using .MHT files. It's not being patched by Microsoft hyp3rlinx.altervista.org/adv…
173
295
If you want to check out my talk from yesterday on exploiting M365 vulns you can watch it here: piped.video/watch?v=z3bMvf4R… This is the "prequel" to what @424f424f and I are releasing at @WWHackinFest in a couple weeks, and includes a few easter eggs.🧐
7
99
283
47,945
10 years ago @strandjs asked me to come work at this small pentesting company called Black Hills Information Security. It is one of the best decisions I've ever made. For a decade I've had the privilege of hacking organizations with some of the coolest people on the planet. Cheers!🥂 @BHInfoSecurity
8
7
252
16,922
Here's Tradecraft Security Weekly Ep. #22 - Linux Privilege Escalation. This one might benefit those who are currently working on their #OSCP. - piped.video/watch?v=oYHAi0cg…
6
121
241
Quick 1-liner to search all Azure AD user attributes for passwords after auth'ing with Connect-MsolService: $x=Get-MsolUser;foreach($u in $x){$p = @();$u|gm|%{$p+=$_.Name};ForEach($s in $p){if($u.$s -like "*password*"){Write("[*]"+$u.UserPrincipalName+"["+$s+"]"+" : "+$u.$s)}}}
1
101
240
Just made a minor update to MFASweep to cover the other conditional access device options and also added in a concise results summary. github.com/dafthack/MFASweep
5
64
237
Blue team you might want to bookmark this one... for reasons that may become clear in about a week. 📈🏃
Finally, Microsoft Graph Activity log in public preview!! techcommunity.microsoft.com/…
3
39
239
63,221
I have rebuilt my website and included a CTF/puzzle inside it. The first three people who successfully solve it and message me the final decoded phrase will get free access to the On-Demand version of my Breaching the Cloud training course. Good luck! dafthack.com/
19
40
206
52,377
For everyone wondering how spam events got added to your Google Calendars without having a source in your inbox @ustayready and myself talked and wrote about how the Google Calendar API can be used to do this two years ago when we reported it to Google. blackhillsinfosec.com/google…
3
118
194
Just released MailSniper at #DerbyCon! A tool for pillaging Microsoft Exchange mailboxes for sensitive data. buff.ly/2cHjHwP
4
144
186
On April 25th I'll be giving a FREE 4-hour training course (w/ labs) that I've built called Breaching the Cloud Perimeter. Space will be limited so get registered now: attendee.gotowebinar.com/reg… @BHinfoSecurity
12
87
184
Reset the failed logon count for a user you have a session for with "net use \\%computername% /u:%username%". Allows for bruteforcing of current user's pass without lockout.
Bypassing AD account lockout for a compromised account medium.com/@markmotig/bypass…
1
68
175
Slides from our "OK Google, How Do I Red Team GSuite?" talk at @BsidesORL are up here: slideshare.net/dafthack/ok-g… cc @ustayready
1
64
172
Here's my slides to my "Pwning the Enterprise With PowerShell" talk from @BsidesORL - slideshare.net/dafthack/pwni… #PowerShell #pentest
1
109
147
MailSniper now supports the ability to search attachments and perform regex searches (handy for finding cleartext CCN's in emails). #pentest
92
144
For the past year I've been writing an album of "music to hack to." I am so excited to announce that on December 11th I'll be releasing the 1st album under my new project @N0BANDW1DTH. You can listen to the song "Command and Control" now over at nobandwidth.io.
11
32
126
Made it to South Dakota for @WWHackinFest
21
3
121
Practicing for open mic night at ⁦@WWHackinFest⁩ 🎻
10
5
98
7,848
Post exploitation of Puppet and Ansible servers - n0tty.github.io/2017/06/11/E… #pentest #redteam
2
70
105
Name this metal band. 🤘 cc @stokfredrik
27
6
94
17,134
Just merged in a new MailSniper function for getting AD usernames from Exchange Web Services - Nice work @ralphte1! github.com/dafthack/MailSnip…
2
55
101
Decentralized Phishing and Maldoc Hosting with IPFS piped.video/iraMomr76Rs
2
36
95
What’s up Sweden? 🇸🇪
9
1
86
5,184
Really awesome post on proxying Metasploit and Empire payloads through the same port on a C2 server by @Ne0nd0g. - swordshield.com/2016/10/mult…
1
73
89
Hey @strandjs is it ok if I wear this to work today?
11
3
90
One of my favorite parts about creating presentations these days is to leverage AI art generating tools to create custom images for the slides. I generated these with @midjourney for a webcast I'm doing next week.
9
16
85
How to Build Your Own Penetration Testing Drop Box - blackhillsinfosec.com/?p=515… #pentest #RedTeam
2
50
84
Today marks five years that I've been working at @BHinfoSecurity. It has been amazing to watch this company grow from the 4 pentesters we had when I started to where we are today. So proud to be a part of this team!
5
85
Stoked to be giving this webcast Thursday! I packed some of the best Azure content from my Breaching the Cloud training into this to help get you started hacking Azure environments.
Next BHIS Webcast Getting Started in Pentesting The Cloud: Azure w/ @dafthack (1-Hour) Thur, 5/27 - 1pm ET (UTC -4) Register: attendee.gotowebinar.com/reg… You will learn tools and techniques for performing penetration tests against Microsoft Azure environments.
1
23
83
Phishing 2FA Tokens with @ustayready's CredSniper on Episode #25 of Tradecraft Security Weekly! - piped.video/watch?v=TeSt9nEp… github.com/ustayready/CredSn…
45
79
There are still some open seats for the FREE Breaching the Cloud Perimeter 4-hr course I'm teaching on May 28th: register.gotowebinar.com/reg… The 1st run of my 4-day Breaching the Cloud course will be June 22-25. More info here: wildwesthackinfest.com/onlin…
4
38
76
Hard Reboot is out now! This album is 3 years in the making, and I'm so excited to finally be able to share it. I hope you enjoy listening to it as much as I did making it.🤘
5
13
80
15,800
If you missed the webcast I gave last week called "Getting Started in Pentesting the Cloud: Azure" here are links to the recording and slides. Webcast Recording: piped.video/fCbVMWvncuw?t=2194 Slides: slideshare.net/dafthack/gett…
1
38
69
Ready for day 2 of Breaching the Cloud at @HackSpaceCon. Not too shabby a room to teach in!
1
8
68
3,478
"Sensitive data stored by Lenovo Fingerprint Manager, including Windows logon creds & fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access" - bleepingcomputer.com/news/se…
2
51
67
I am so excited to finally share my new album with you all. I've been working on this 2nd @N0BANDW1DTH album for more than 3 years. The full album "Hard Reboot" is coming May 3rd but you can listen to the song "Provenance" right now! The amazing @johnkarborn created the art.
H A R D R E B O O T New album out May 3rd, 2024 Listen to the new song "Provenance" now: YouTube: piped.video/i8H4AjaGVhA Spotify: open.spotify.com/album/0ep9R… Pre-order here: nobandwidth.bandcamp.com/alb…
8
15
65
12,563
Slides from our @rvasec talk (Red Team Apocalypse) yesterday are up here: slideshare.net/dafthack/red-…
49
60
Google Calendar Event Injection with MailSniper - cc @ustayready blackhillsinfosec.com/google…
2
37
64
At @HackSpaceCon teaching a workshop today and giving a talk tomorrow! Come say hi if you are around.
4
8
64
7,062
I’m so excited to announce that I am writing the soundtrack to go along with the upcoming graphic novel “The Future Is XXXXXX” by @REKCAHComics. I’ve read the script and it is ridiculously good. The album will be available to backers of the Kickstarter. This is actually going to be the 3rd @N0BANDW1DTH album… NB II is done and going to be released very very soon as well. 🤘 Follow the Kickstarter page here: kickstarter.com/projects/rek…
5
10
65
10,675
Just released a song to help get you hyped for hacking the planet today. Hope you enjoy it! 🤘
-- D A E M O N -- Out now on all major streaming platforms Spotify: open.spotify.com/track/3JfbN… YouTube: piped.video/watch?v=ju2x7KTZ… Apple Music: music.apple.com/us/album/dae… Bandcamp: nobandwidth.bandcamp.com/alb…
4
14
62
12,285
I've recently made some major updates and additions to Breaching the Cloud. The first fully remote live run of this new version is in 2 weeks (June 27-30, 2023). If you want to learn how to hack cloud environments this course is for you. Register here: antisyphontraining.com/serie…
7
21
61
9,561
I bought a “Traveler Guitar” and it’s one of the coolest pieces of gear. It’s ultra-light and packs away in a bag the size of a violin. It manages to still sound pretty great even without a full body.
6
2
56
Check out episode 21 of Tradecraft Security Weekly where @ustayready and I discuss using framesets in MS Office docs to leak user's password hashes remotely over the Internet - piped.video/watch?v=40Ume_kb…
3
33
61
Minor update to the CloudPentestCheatsheets to add commands to enumerate public EC2 IPs, ELB DNS, RDS DNS, & S3 buckets. github.com/dafthack/CloudPen…
1
15
59
I’m stoked to be heading to Oslo, Norway in February for @hackcon! Please send me your Norwegian metal recommendations. 🤘 hackcon.org/graph-theory-unv…
8
2
58
6,656
I teach a training course called Breaching the Cloud where I show how cloud environments can be hacked. Breaching the Cloud is available in both On-Demand and Live formats. Register here: antisyphontraining.com/breac… piped.video/D4oas2wUrUA
7
14
55
Here is a PDF of the MailSniper Field Manual I was giving out at #BHUSA #Arsenal today. - dafthack.com/files/MailSnipe…
30
56
The recording of the webcast I gave yesterday on pentesting AWS is up. If you want to see how lateral movement in the cloud can look check it out: piped.video/watch?v=fg_hey18…
2
21
59
I'm teaching Breaching the Cloud in 3 weeks (12/7-12/8) 100% remote! This is the last time I'm teaching it live until March of next year. Register here: antisyphontraining.com/event… The on-demand version of my class is available here as well: antisyphontraining.com/on-de…
1
16
55
8,168
This morning at @cflakeland I completed the #MurphChallenge in honor of those that laid down their lives in defense of our freedom. While wearing a 20 lb vest: 1 mile run 100 pull ups 200 push ups 300 squats 1 mile run Have a great memorial day weekend everyone!
7
3
54
Father of PowerShell @jsnover says thanks for hacking with PowerShell. #DerbyCon
44
52
Cool command line tool for HTTP inspection - Wuzz github.com/asciimoo/wuzz
33
50
Just landed in Peru! See you tomorrow morning @BsidesPe !
3
5
48
Who is going to @BSidesTampa this weekend? I'm giving a new talk there called "Cloud Pentest Apocalypse". Come learn about cloud hacks and swing by the @BHinfoSecurity booth for some swag.
3
11
48
6,251
Episode 24 of Tradecraft Security Weekly is up! Evading Network-Based Detection Mechanisms - piped.video/watch?v=lpqFXCqQ…
2
29
50
Did you know there's going to be a conference at Kennedy Space Center in April called @HackSpaceCon? I'm giving a free 2-hr workshop there. They also gave me 10 free conference tix to give away! I'll pick 10 who RT this tweet and follow @HackSpaceCon. hackspacecon.com/
3
30
45
12,833
Hacking printers with Cross-site printing (XSP) attacks and the Printer Exploitation Toolkit (PRET) - securityaffairs.co/wordpress…
2
31
49
I just returned home after an amazing trip to Norway. Got to check off a number of bucket list items while there, ate some amazing food, and got to hang out with some fellow hackers. Thank you @hackcon for inviting me to speak in your beautiful country. I’m looking forward to the next time I get to visit.
4
3
47
2,910
Finding domain frontable Azure domains - theobsidiantower.com/2017/07…
21
51
Check out some interesting new tools and techniques that came out of Black Hat & DEF CON this year on episode 28 of Tradecraft Security Weekly - piped.video/watch?v=zK1WtOSm…
1
27
47
I'm stoked to give a free 2 hour workshop on cloud hacking at Hack Space Con @ Kennedy Space Center in April!
2
15
43
9,528
Black Hills InfoSec is at @BSidesTampa! Come by the booth and say hi. @ustayready @0xderuke @BHinfoSecurity
3
6
43
I'm stoked to be teaching my Breaching the Cloud course again November 2-5 as part of Secure West Virginia. A training ticket also gets you access to the rest of the Secure WV conference. June & August classes sold out quickly so sign up soon here: wildwesthackinfest.com/breac…
3
17
44
Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView: gist.github.com/dafthack/5f8… And here's one for Azure AD:
Showcasing passwords left in the clear for a user's domain profile, as if a default credential was never changed or the notes were never removed -- both the PowerShell to set this up, and the Bloodhound Python collector finding these. piped.video/watch?v=EHL8xuRf…
1
15
48
Today marks the release of my debut album with my brand new music project @N0BANDW1DTH. I can't express how excited I am to release this album today. If you need some music to hack to today check it out!
Glitch of Consciousness is out now and available on all major streaming platforms! nobandwidth.io #cyberpunk #synthwave #metal #darksynth #musictohackto
8
13
46
Experimenting with @midjourney’s version 4 algorithm. “The Compiler”
2
3
45
Next week at Black Hat Arsenal I'll have these MailSniper field manuals (basically cheat sheets) and stickers I'll be giving out. Stop by!
5
6
45
OSINT & External Recon Pt. 2: Contact Discovery on Ep #26 of Tradecraft Security Weekly - piped.video/watch?v=W5xWYcij…
1
19
40
Check out some command & control transport mechanisms on episode #9 of Tradecraft Security Weekly! - piped.video/watch?v=2J-pBAjq…
1
16
43