Henrik Falk May 01, 2025
From NTLM relay to Kerberos relay: Everything you need to know
This post isn’t meant to dive too deep into the technical details, but rather to give a general idea of how Kerberos relay attacks work, what’s possible, what isn’t, and where the limitations lie. My goal is to (hopefully) provide an easy-to-read, approachable overview that helps make sense of the bigger picture, explain how my dedicated KrbRelayEx tools work in practice, and show how they can be used to perform these kinds of attacks.
decoder.cloud/2025/04/24/from-ntlm-relay-to-kerberos-relay-everything-you-need-to-know
Attacking and Defending Configuration Manager - An Attackers Easy Win
Due to the wide-scale usage of Microsoft Configuration Manager (hereafter known as SCCM) in the client environments I’ve tested - combined with the technology being so difficult to secure due to its large level of access, I’ve decided to document what I believe are the most common easy wins for attackers. This post will attempt to combine explanatory and practical example focused tradecraft together which combines high commonality with incredible impact from low-privilege contexts, and what you can do to prevent them from a systems administration and defensive perspective.
logan-goins.com/2025-04-25-sccm
Fuzzing Windows ARM64 closed-source binary
Coverage-guided fuzzing is a well-known technique that improves the efficiency of a fuzzer by providing runtime feedback This blog post explores this concept on Windows ARM64, using QBDI for code instrumentation and LLVM’s libFuzzer as the fuzzing engine.
www.romainthomas.fr/post/25-04-windows-arm64-qbdi-fuzzing
