Not sure if it's new or interesting but when Discord launches, it tries to execute `C:\Program Files\NVIDIA Corporation\\NVSMI\nvidia-smi.exe`. Would be a shame to hijack that non-existent bin if user's have Discord set to launch on Windows startup.

POC for the silly shenanigans i talk about in my last blogpost can be found here github.com/xrombar/flower now working on a version that doesn't rely on NtContinue, as I now have an "agnostic" IOC for such chains; on top of implementing different ways to "flow" :)

Why run "hostname" on macOS when you can just run "nvram -xp | xmllint --xpath "string(//key[.='fmm-computer-name']/following-sibling::data[1])" - | base64 --decode | tr -d ' '"

Wrote a blog on my experience replicating the LOLBin qwinsta using undocumented APIs, really an expansion of work done years ago by Will Schroeder but using WinStation instead of Terminal Services. 0xv1n.github.io/posts/sessione…

My first "net new" LOLbin contribution for MacOS! github.com/infosecB/LOOBi…

Indtroducing: What is this stealer? A new repository that allows for you to identify Stealer malware by the system information text file format commonly included in stealer malware exfiltration. We encourage everyone to check it out and contribute! github.com/MalBeacon/what…

I don't have a C2 tier list, but this one would be in my S-tier: github.com/0x-Apollyon/Ma…

Lua Lua Lua

Anyone got that giant iceberg of alternatives to whoami? I'd like to submit this one for Mac - system_profiler SPSoftwareDataType | grep "User Name" | awk -F': ' '{print $2}'

"Pet Friendly" apartment starter kit: - 400 dollar non-refundable pet fee - 250 dollar pet deposit - 50 dollar a month pet rent - 2 Pet limit, and can't have <arbitrary breed list> - no dog park - no walkable areas

I'm particularly proud to bring PPP pricing into cybersecurity.

Hard to tell because I was pretty dumb to begin with.

recent events make you wonder. at this point are you safer just not having an enterprise firewall vs using one?🤔 ha ha jk, this is satire... unless?

I know a lot of people will hate me for saying this but it has to be said. I get a lot of DMs saying RT is getting harder everyday, traditional loaders dont work anymore, opensource tools tend to crash or get detected instantly. But wasnt that the whole point of Red team? Thats

The year is almost 2026. We're still letting users double click JavaScript files in enterprise environments. 2027 is the year, I feel it. I definitely won't copy paste this post a year from now, no way.