π¨ I am giving away 1 seat each of our June Red team (CRTP) and Azure (CARTP) bootcamps. π¨
Repost, like and reply to this tweet to participate. I will announce the winners on Monday (27th May).
#redteam
#pentest
#giveaway
Got clear-text password of a user but
#Azure
AD enforces 2FA? Try changing the User-Agent string. The 'platform' in Conditional Access policies is determined by User-Agent string of the browser.
#RedTeam
Never tried this before! 200 RTs and I will do an 'Introduction to Azure Penetration Testing' class for FREE sometime during the Holiday season.
#Azure
#Pentesting
#redteam
Have you checked your PSReadline history lately? Do you know it stores the commands in clear-text and is persistent across reboots? This is on a Domain Controller.
#PowerShell
#RedTeam
I am giving away 1 seat each for our upcoming bootcamps.
Azure Cloud Attacks (CARTP) - 3rd Feb (9:00 AM ET)
Active Directory Attacks (CRTP) - 4th Feb (9:00 AM ET)
Please Reply, Like and Repost to participate. The winners will be announced on Friday 2nd Feb 2024.
September giveaway! I am giving away 1 seat each for
@AlteredSecurity
on-demand CRTP and AD CS courses. Please Reply, Repost and Like this post to participate.
I will announce 1 random winner for each on 30th September.
Make sure to reply with which one
I am giving away 2 seats of our
#CRTP
course with one month lab access ()
Retweet this tweet and reply with why would you like the course. We will choose 2 random winners on 1st June 2023.
#infosec
#AlteredSecurity
[Announcement] Super excited to announce "Red Labs and Challenges Platform (beta)" -
We begin with:
- FREE 100 individual labs for Azure Red Teaming
- Dedicated lab for everyone
- 17 badges to earn from
- 11 learning paths
Have fun and leave feedback!
Super glad to announce our new course and lab - AD CS Attacks for Red and Blue Teams. Learn and practice AD CS attacks in an enterprise-like lab environment. Includes an 11+ hours of video course!
We worked really hard on this and excited to bring it to you. As always, we have
Announcing 'Attacking Active Directory with Linux' lab. Dedicated lab for each student, Windows Server 2019 targets, victim view and 6+ hours of video content. cc
@SecurityTube
#LinuxAD
Announcing "An Introduction to Azure Red Teaming" - A FREE live class with hands-on lab.
Starts 16th December 2023 - 9:00 AM EST.
We will run the class using our upcoming Red Team Labs Platform. Register here -
Please share with friends, colleagues and
You asked, we listened. We are introducing MDE and its bypasses in our upcoming Active Directory Attacks (CRTP) bootcamp. One of the most requested updates. Still beta/experimental!
Landed on a box using Windows Firewall? Use this
#PowerShell
cmd to enumerate IPs explicitly allowed
Get-NetFirewallRule -Action Allow | Get-NetFirewallAddressFilter | ?{$_.RemoteAddress -ne "any" -and $_.RemoteAddress -ne "LocalSubnet" -and $_.RemoteAddress -ne "LocalSubnet6"}
ICYMI, our free course and hands-on lab 'Introduction to Azure Penetration Testing' is available at
We already have more than 5500 (you read that right) students who took the course and attempted the labs!
#Azure
#Pentesting
#RedTeam
Fellow hackers, you asked, we listened!
Coming soon a lab to practice Active Directory attacks from Linux. Latest servers, interesting flags, dedicated lab for everyone, video walk-through and browser based access. cc
@SecurityTube
#LinuxAD
If you use an app's secret with PSCredential object and connect to
#AzureAD
using Az module, there are three reboot persistent locations where the secret is stored in clear-text
1. .Azure\AzureRmContext.json in current user profile
2. PowerShell Console History
3. Transcripts
"I'm starting my first job in Offensive CyberSec ever, in July, at the age of 50. Nothing is impossible "
What an inspiring effort! π
Glad that I am able to contribute a little to student success! I am going to smile all day and night βΊοΈ
[Announcement] Super glad to announce availability of Red Team labs on
Also excited to launch the on-demand course for Attacking and Defending Azure -
Also check out our bootcamps that start in March'23 -
August giveaway! We are giving away one seat each for
@AlteredSecurity
September'23 bootcamps!
Reply and Retweet to enter. Winners will be announced on 23rd August.
Attacking and Defending Azure - Beginner's Edition (CARTP) -
Attacking and Defending
"When the hunter becomes the hunted: Using custom callbacks to disable EDRs"
A fantastic blog post by
@d1rkmtr
that is full of knowledge and a teaser!
#Redteam
#Pentesting
#EDR
Do you know you can test your payloads as if they are downloaded (for Protected View), use:
Set-Content C:\payloads\payload.xls -Stream "Zone.Identifier" -Value "[ZoneTransfer]`nZoneId=4
#PowerShell
Never tried this before! 200 RTs and I will do an 'Introduction to Azure Penetration Testing' class for FREE sometime during the Holiday season.
#Azure
#Pentesting
#redteam
#BlueTeam
Tip - Don't use high privilege accounts (like DAs) to run services. Protections like Credential Guard, Protected Users group etc. cannot protect service accounts as their passwords are stored in registry.
#ActiveDirectory
My Active Directory Deception PowerShell scripts are finally taking shape. A lot of work still needs to be done. Exciting stuff!
#Deception
#ActiveDirectory
We are hiring top Security Researchers! Join us as a Security Researcher to work on exciting and cutting edge research on Red Team, Azure Security, EDR bypass and more!
#infosecjobs
#redteam
#Azure
Awesome! Three of our certifications CRTP, CRTE and CRTM feature in the list by Japanese Ministry of Economy, Trade and Industry as 'Satisfies the expertise required to provide penetration testing services.' π
One of the many interesting
#Exchange
attacks. By default, the Exchange Server is, in effect, a domain admin! (or even an Enterprise Admin depending on the target installation)
#RedTeam
Also, I gave a talk '0wn Premises: Bypassing Microsoft Defender for Identity'. It focused on practical opsec when attacking an AD environment that has MDI! You can find the slides here -
and the video is here -
Super excited for this! Announcing the 'Attacking and Defending Azure AD Bootcamp'. Learn & practice attacks (and defense) against multiple live Azure tenants and hybrid infrastructure. Four weekend sessions. Starts from 10th April 2021 (10 PM ET)
#AzureAD
Offensive PowerShell is (of course) not dead!
"In half of the investigations conducted by Mandiant in 2022, adversaries leveraged a command or scripting interpreter to further intrusions with 65% of those cases involving the use of PowerShell" - M-Trends
Help me spread word about
#HackerSummer
π. Use HACKERSUMMER20OFF to get 20% off on any of
@AlteredSecurity
on-demand courses.
Repost, Like and Comment on this post to get a chance to win a CRTP voucher. I will announce 2 winners on Sunday 7th July.
Our Attacking and Defending Azure class now has on-demand version! Massive lab in a live Azure environment, 15+ hours of videos and CARTP certificate to test the skills that you learned!
#Azure
#redteam
#Pentesting
Glad to announce "Attacking and Defending Active Directory". Beginner friendly online course, lab and hands-on certification :)
#ActiveDirectory
#RedTeam
You asked, we did! After months of hard work, super glad to finish Attacking and Defending Active Directory :D
A video course and live lab at PentesterAcademy
@SecurityTube
Registrations open soon!
Remember to make basic changes to bypass some lame signature based detection. Using smbexec? Modifying the name of the service and batch file may help in generating less noise.
#LinuxAD
Someone stole our Attacking and Defending Active Directory course and brazenly teaching it in Egypt. Didn't even remove name of PentesterAcademy and
#CRTP
. This will not end good for them.
[Announcement] Super excited to announce the Azure Cloud Attacks - Advanced Edition course and lab.
Sharpen your Azure red team skills and earn the Certified Azure Red Team Expert (CARTE) certification.
Bootcamp starts on 9th March 2024 at 9:30 AM ET.
Google just shared a very good phishing template! Imagine the number of Workspace Administrators who would now be conditioned to click on 'Go to Alert Center' π
Introduction to Azure Penetration Testing! December 18th - 10 AM to 1 PM ET (UTC - 5)! Please go to and Sign-in with a Google account to register. Open for 500 users!
Keep an eye on our newly launched Discord server too -
Super excited to announce this. Coming soon - A Fun, Exciting and FREE resource to Learn and Practice Red Teaming, Azure and Enterprise Security!
Fill this form to share your email with us and we will contact you soon! -
Watch this space and
We are hiring Security Researchers (Remote). Be a part of the core research team of
@AlteredSecurity
!
Work on cutting edge technologies with top salary in the industry.
Please apply only:
- If you can prove your red teaming skills with your blog and GitHub.
- If you have
If you have Microsoft.Compute/virtualMachines/runCommand/action permissions on an Azure VM, use the 'Run Commands' API or Invoke-AzVMRunCommand to run a PowerShell script on the VM. No network restriction (including JIT Access or ANH) blocks this!
#Azure
#RedTeam
Many of you've requested us to run FREE Public CTFs - we are finally launching our early Beta: ! We will be adding new features and content on it weekly. Enjoy!
Make sure that your
#Sysmon
(event ID 3) logs catch network connections initiated from PSRemoting. For example, a PowerShell download-execute cradle log will have an Image that points to wsmprovhost.exe (not powershell.exe)
#BlueTeam
Someone (
@BlWasp_
) has been busy copying my course slides and presenting them as 'cheatsheets'.
When I pointed out that the 'cheatsheet' is verbatim copy of my courses, this person brought a team of idiots to troll me.
Note that even the typo 'syadmin' is same!
You asked, we listened! Announcing the 'Attacking and Defending Active Directory - Advanced Edition Bootcamp'. It includes an all new lab and a
#CRTE
attempt. Starts 10th Jan 2021 - 1:00 PM ET
#ActiveDirectory
#RedTeam
Check if deployment in any
#Azure
resource group has a parameter with term like 'password' and show the value. Reader access required for the resource group.
#RedTeam
(Get-AzResourceGroup | Get-AzResourceGroupDeployment).Parameters | %{$_.[string]($_.Keys -like "*password*")}
We are running a NEW bootcamp "Azure Application Security: Beginner's Edition' in July 2022!
Packed with abuses for Graph API, Enterprise Apps, AppService, Function Apps, Cosmos DB, API Security, WAF and more!
#Azure
#AppSec
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder!
#ActiveDirectory
#RedTeam
- have NTLM hash of a DC ?
- need computer/server/dc NTLM/RC4 key ?
- ...but affraid to make silver ticket and/or DCSync (detection) ?
Use NT 3.5 protocol against a 2019 DC, because, yes: LEGACY π€·ββοΈ
(so old, but so good: )
We are working hard to bring to you a fantastic FREE resource to learn Azure Red Teaming, Enterprise Security and on-prem Red Teaming.
Fill this form to share your email with us and we will contact you soon! -
Watch this space and
@alteredsecurity
Giveaway time! I have 1 online ticket to giveaway for
@ArabConf
. Please Retweet and Reply to participate. I will announce winners tomorrow.
Also, we (
@AlteredSecurity
) are glad to sponsor our labs as prizes for
@ascyberwargames