Jipe
@cyberjipe.bsky.social
I fix accepted risks.
Incident Response & Purple Teaming @ CrowdStrike.
Previously DFIR @ANSSI_FR / @CERT_FR. Former @CertSG team leader.
Incident Response & Purple Teaming @ CrowdStrike.
Previously DFIR @ANSSI_FR / @CERT_FR. Former @CertSG team leader.
Reposted by Jipe
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
October 3, 2025 at 4:14 PM
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
Qilin targeting a French critical infrastructure again.
📆 la #cyberattaque revendiquée le 24 juillet 2025 (qilin) contre 🇫🇷 foiegrasespinet (foiegrasespinet.com) semble survenue ~30 mai 2025 🧐https://www.ransomware.live/#/recentcyberattacks
October 1, 2025 at 5:15 PM
Qilin targeting a French critical infrastructure again.
Reposted by Jipe
It's time to change how you think about SaaS integrations.
The Salesloft attack shows how GitHub → AWS → Drift → Salesforce created an attack highway defenders never saw coming.
Jared Atkinson's analysis details the patterns we should look out for. ghst.ly/4ngDQrD
The Salesloft attack shows how GitHub → AWS → Drift → Salesforce created an attack highway defenders never saw coming.
Jared Atkinson's analysis details the patterns we should look out for. ghst.ly/4ngDQrD
The Salesloft–Drift Breach: An Attack Path Case Study - SpecterOps
This post analyzes the Salesloft–Drift incident through an attack path lens, showing how violations of the clean source principle, identities in transit, and hidden hybrid paths combined to turn a sin...
ghst.ly
September 24, 2025 at 5:53 PM
It's time to change how you think about SaaS integrations.
The Salesloft attack shows how GitHub → AWS → Drift → Salesforce created an attack highway defenders never saw coming.
Jared Atkinson's analysis details the patterns we should look out for. ghst.ly/4ngDQrD
The Salesloft attack shows how GitHub → AWS → Drift → Salesforce created an attack highway defenders never saw coming.
Jared Atkinson's analysis details the patterns we should look out for. ghst.ly/4ngDQrD
Reposted by Jipe
🌈 United for diversity in science 🌈
Researchers from Institut Pasteur joined the 2025 Pride March alongside @institutcurie.bsky.social, Les Cordeliers Research Center, @institutcochin.bsky.social @institutimagine.bsky.social
👩🔬 Because diverse labs make better science.
#DiversityInScience
Researchers from Institut Pasteur joined the 2025 Pride March alongside @institutcurie.bsky.social, Les Cordeliers Research Center, @institutcochin.bsky.social @institutimagine.bsky.social
👩🔬 Because diverse labs make better science.
#DiversityInScience
June 30, 2025 at 12:36 PM
🌈 United for diversity in science 🌈
Researchers from Institut Pasteur joined the 2025 Pride March alongside @institutcurie.bsky.social, Les Cordeliers Research Center, @institutcochin.bsky.social @institutimagine.bsky.social
👩🔬 Because diverse labs make better science.
#DiversityInScience
Researchers from Institut Pasteur joined the 2025 Pride March alongside @institutcurie.bsky.social, Les Cordeliers Research Center, @institutcochin.bsky.social @institutimagine.bsky.social
👩🔬 Because diverse labs make better science.
#DiversityInScience
Reposted by Jipe
North Koreans reportedly host fake Zoom meeting featuring multiple deepfake colleagues. Target’s microphone doesn’t work so the colleagues talk them through installing malicious fix. www.huntress.com/blog/inside-...
Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress
Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.
www.huntress.com
June 19, 2025 at 10:41 AM
North Koreans reportedly host fake Zoom meeting featuring multiple deepfake colleagues. Target’s microphone doesn’t work so the colleagues talk them through installing malicious fix. www.huntress.com/blog/inside-...
Reposted by Jipe
La Société Générale revient sur le TT, je crois qu'il y a des bons profils à recruter au CERT :) #JUSTSayin
June 19, 2025 at 7:05 PM
La Société Générale revient sur le TT, je crois qu'il y a des bons profils à recruter au CERT :) #JUSTSayin
French scams over SMS now requiring human interactions likely to protect from automated remediation and better identify vulnerable targets
June 13, 2025 at 9:23 AM
French scams over SMS now requiring human interactions likely to protect from automated remediation and better identify vulnerable targets
Reposted by Jipe
New tricks, same impact
posts.specterops.io/update-dumpi...
posts.specterops.io/update-dumpi...
Update: Dumping Entra Connect Sync Credentials
Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials…
posts.specterops.io
June 9, 2025 at 6:21 PM
New tricks, same impact
posts.specterops.io/update-dumpi...
posts.specterops.io/update-dumpi...
Reposted by Jipe
June 8, 2025 at 11:05 AM
Reposted by Jipe
cip.gov.ua/ua/news/anal...
Ukrainian CERT published a synthesis on 3 years of war time defensive activity that is well worth reading.
Ukrainian CERT published a synthesis on 3 years of war time defensive activity that is well worth reading.
Державна служба спеціального зв’язку та захисту інформації України
Вебсайт Державної служби спеціального зв’язку та захисту інформації України
cip.gov.ua
May 24, 2025 at 11:22 PM
cip.gov.ua/ua/news/anal...
Ukrainian CERT published a synthesis on 3 years of war time defensive activity that is well worth reading.
Ukrainian CERT published a synthesis on 3 years of war time defensive activity that is well worth reading.
Reposted by Jipe
New from 404 Media: Flock, the license plate reader company that has cameras all across the U.S., is now building a massive people lookup tool using hacked data. The plan is to "jump from LPR to person." Won't require a warrant. This is according to leak we obtained.
www.404media.co/license-plat...
www.404media.co/license-plat...
License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows
Flock, which has license plate readers (LPRs) all around the country, wants police to be able to “jump from LPR to person,” according to leaked audio obtained by 404 Media.
www.404media.co
May 14, 2025 at 1:57 PM
New from 404 Media: Flock, the license plate reader company that has cameras all across the U.S., is now building a massive people lookup tool using hacked data. The plan is to "jump from LPR to person." Won't require a warrant. This is according to leak we obtained.
www.404media.co/license-plat...
www.404media.co/license-plat...
Reposted by Jipe
This DTEX report on North Korea's hacking capabilities, along with Viginum's Russian info op report from last week, are probably the best reports of the year so far
You MUST read it!
PDF: reports.dtexsystems.com/DTEX-Exposin...
You MUST read it!
PDF: reports.dtexsystems.com/DTEX-Exposin...
May 15, 2025 at 8:52 AM
This DTEX report on North Korea's hacking capabilities, along with Viginum's Russian info op report from last week, are probably the best reports of the year so far
You MUST read it!
PDF: reports.dtexsystems.com/DTEX-Exposin...
You MUST read it!
PDF: reports.dtexsystems.com/DTEX-Exposin...
Reposted by Jipe
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-t...
Announcing the Official Parity Release of Volatility 3!
Visit the post for more.
volatilityfoundation.org
May 16, 2025 at 2:57 PM
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-t...
@drazuread.com Hi, Entra Connect Sync now uses a MSA account for its service by default. Is Get-LSASecrets handling MSA accounts already or just gMSA?
AD sync itself is still performed by a MSOL_ account.
Thank you!
AADInternals 0.9.8
Microsoft Entra Connect Sync 2.4.131.0
pastebin.com/UU4u7YZR
AD sync itself is still performed by a MSOL_ account.
Thank you!
AADInternals 0.9.8
Microsoft Entra Connect Sync 2.4.131.0
pastebin.com/UU4u7YZR
PS C:\Users\Administrator> Get-AADIntSyncCredentialsUnable to get sync credent - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
May 11, 2025 at 8:24 AM
@drazuread.com Hi, Entra Connect Sync now uses a MSA account for its service by default. Is Get-LSASecrets handling MSA accounts already or just gMSA?
AD sync itself is still performed by a MSOL_ account.
Thank you!
AADInternals 0.9.8
Microsoft Entra Connect Sync 2.4.131.0
pastebin.com/UU4u7YZR
AD sync itself is still performed by a MSOL_ account.
Thank you!
AADInternals 0.9.8
Microsoft Entra Connect Sync 2.4.131.0
pastebin.com/UU4u7YZR
Dear Americans, what have you done…
February 28, 2025 at 10:26 PM
Dear Americans, what have you done…
Reposted by Jipe
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
www.synacktiv.com
January 27, 2025 at 12:06 PM
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
www.synacktiv.com/publications...
« Active Directory Hardening Series - Part 4 – Enforcing AES for Kerberos » techcommunity.microsoft.com/blog/coreinf...
Active Directory Hardening Series - Part 4 – Enforcing AES for Kerberos | Microsoft Community Hub
Disabling Kerberos RC4 is a top priority for many organizations today but identifying devices that don't support AES has been very challenging. In this...
techcommunity.microsoft.com
February 23, 2025 at 9:23 AM
« Active Directory Hardening Series - Part 4 – Enforcing AES for Kerberos » techcommunity.microsoft.com/blog/coreinf...
« LSA SECRETS: REVISITING SECRETSDUMP » by @synacktiv.com www.synacktiv.com/lsa-secrets-...
www.synacktiv.com
February 23, 2025 at 9:21 AM
« LSA SECRETS: REVISITING SECRETSDUMP » by @synacktiv.com www.synacktiv.com/lsa-secrets-...
An eye-opening blog post on ads-based tracking: « Everyone knows your location: tracking myself down through in-app ads » timsh.org/tracking-mys...
Everyone knows your location
How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.
timsh.org
February 1, 2025 at 12:04 PM
An eye-opening blog post on ads-based tracking: « Everyone knows your location: tracking myself down through in-app ads » timsh.org/tracking-mys...
Windows Recycle Bin - The known and the unknown bebinary4n6.blogspot.com/2025/01/wind...
Windows Recycle Bin - The known and the unknown
This is my blog about topics in the field of digital forensics.
bebinary4n6.blogspot.com
January 21, 2025 at 9:01 PM
Windows Recycle Bin - The known and the unknown bebinary4n6.blogspot.com/2025/01/wind...
Reposted by Jipe
Achievement unlocked, my first blog with SpecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didn’t want to leave sat on Notion. buff.ly/4j41VQU
ADFS — Living in the Legacy of DRS
It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it…
buff.ly
January 7, 2025 at 2:33 PM
Achievement unlocked, my first blog with SpecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didn’t want to leave sat on Notion. buff.ly/4j41VQU
Leaked API keys is a huge issue. GitHub detects around 7,000 tokens in public repos **every month**! www.linkedin.com/feed/update/...
Michael Kirchner on LinkedIn: API keys of AWS IAM users are often used when on-prem systems need to… | 14 comments
API keys of AWS IAM users are often used when on-prem systems need to connect to your AWS environment. They are difficult to replace (you need some form of… | 14 comments on LinkedIn
www.linkedin.com
December 22, 2024 at 10:15 AM
Leaked API keys is a huge issue. GitHub detects around 7,000 tokens in public repos **every month**! www.linkedin.com/feed/update/...
Could anyone in this business explain to me how a random app can share PII with 800+ companies?
December 16, 2024 at 12:27 PM
Could anyone in this business explain to me how a random app can share PII with 800+ companies?