news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Bypassing all Active Directory password policies with one RPC call (with PoC)

https://simpity.eu/blog/ad-password-policies-security-theater

3•alexei-belous•1h ago

Comments

alexei-belous•1h ago

Author here. I'm CTO at a company that's been working inside Windows kernel and LSASS for 17 years. The core issue: SamrSetInformationUser writes the NT hash directly to AD, bypassing all password validation. The write-up includes two PowerShell PoCs - one for the attack, one for a defense that hooks the function inside LSASS. The timing is interesting because of the NTLM deprecation excitement. Most people conflate the NTLM protocol (the auth mechanism Microsoft is killing) with the NT hash (the storage format). Kerberos uses the same hash. This attack vector survives the migration completely. The defense PoC uses EasyHook for injection and hooking. Not production-grade, but it demonstrates that you need to operate at the LSASS level to catch this - GPO policies and password filters are structurally unable to see direct hash writes. Happy to answer questions about the internals.

Stitch – Design with AI

https://stitch.withgoogle.com/

1•ianrahman•5s ago•0 comments

Computer-Less Evening Experiment

https://dhbradshaw.substack.com/p/the-computer-less-evening-experiment

1•dhbradshaw•32s ago•0 comments

The oldest known recording of a whale song reveals how oceans have changed

https://www.npr.org/2026/03/22/nx-s1-5752377/the-oldest-known-recording-of-a-whale-song-reveals-h...

1•Brajeshwar•53s ago•0 comments

Node.js's virtual file system PR was mostly written by Claude Code

https://github.com/nodejs/node/pull/61478

1•maxloh•1m ago•0 comments

Agentic Coding Data Dump

https://www.sam-brink.com/posts/ai

1•oxedom•2m ago•0 comments

Game: Storm Cloud Simulator / Pure HTML5

https://cloud-heavy-industries.com/grumbulus/

1•che_shr_cat•4m ago•0 comments

Wikipedia bans eight editors, six of them anti-Israel

https://www.jns.org/israel-news/wikipedia-bans-8-editors-6-of-them-anti-israel

3•mhb•4m ago•0 comments

Censorship on High Score Screen

https://32bits.substack.com/p/what-you-cant-say-in-a-saturn-game

1•bbayles•4m ago•0 comments

Sexual Harassment and Accessibility: My Battle with Japan Railways (Complete Ed)

https://blindacupuncturisthiro.substack.com/p/sexual-harassment-by-japan-railways

1•LemurianHiro•4m ago•1 comments

Show HN: A Web Component for Drag and Drop Layouts

https://github.com/texodus/regular-layout

1•texodus•5m ago•0 comments

How the Midwest Became the Place to Move

https://www.theatlantic.com/family/2026/03/midwest-migration-sun-belt/686468/

1•ecliptik•6m ago•0 comments

The Drone Swarm Is Coming and NATO Can't Cope

https://www.theregister.com/2026/03/23/nato_air_defenses/

1•ChrisMarshallNY•7m ago•1 comments

My home network observes bedtime with OpenBSD and pf

https://ratfactor.com/openbsd/pf-gateway-bedtime

2•ibobev•7m ago•0 comments

Ask HN: Why so many dead comments?

1•cockpump•9m ago•0 comments

Patterns for AI Assisted Development

https://jasonrobert.dev/blog/2026-03-21-patterns-for-ai-assisted-development/

2•hulksmash5756•9m ago•0 comments

One of the Thousands Missing

https://www.wired.com/story/hassan-took-a-bike-ride-now-hes-one-of-the-thousands-missing-in-gaza/

1•jbegley•10m ago•0 comments

Show HN: Chrome extension to scrape Posts from X

https://github.com/rs75/x-post-scraper

1•beast200•10m ago•0 comments

I built a package manager for agent skills

https://github.com/nattergabriel/reseed

2•eterer•11m ago•1 comments

Aphantasia

https://en.wikipedia.org/wiki/Aphantasia

2•kristianpaul•11m ago•0 comments

A Brief Review of Zorin OS 18

https://cheapskatesguide.org/articles/zorin-linux.html

1•worldofmatthew•12m ago•1 comments

Generators in Lone Lisp

https://www.matheusmoreira.com/articles/generators-in-lone-lisp

2•matheusmoreira•13m ago•0 comments

Encyclopedia Brittanica and Merriam-Webster vs OpenAI [pdf]

https://fingfx.thomsonreuters.com/gfx/legaldocs/klpylzoekvg/BRITTANICA%20OPENAI%20LAWSUIT%20compl...

1•seanhunter•14m ago•0 comments

Customer service agents offer $10M in benefits for RSA conference

https://www.generalanalysis.com/blog/adversarial_analysis_customer_service_agents

1•casca•14m ago•0 comments

MacBook Neo and the Windows Laptop Problem

https://worldofmatthew.com/blog/microslop/

1•worldofmatthew•14m ago•0 comments

Show HN: Illux – AI illustrations that stay on brand

https://illux.app/

1•phmarques•14m ago•0 comments

Optimistic Provide: How We Made IPFS Content Publishing 10x Faster

https://probelab.io/blog/optimistic-provide/

1•dennis-tra•15m ago•0 comments

Implementing Result Types for C

https://xnacly.me/posts/2023/result-types-c/

1•ibobev•16m ago•0 comments

Removing Metadata from Go Binaries

https://xnacly.me/posts/2023/go-metadata/

2•ibobev•16m ago•0 comments

AI Agentic for Banking and Financial Services in 2026

https://simplai.ai/blogs/agentic-ai-banking-financial-services-mortgage-kyc-credit-analysis/

1•Shanmugaraj-1•19m ago•0 comments

The intelligence illusion: why AI isn't as smart as it is made out to be

https://www.nature.com/articles/d41586-026-00882-5

1•Brajeshwar•19m ago•1 comments