Finally, my research is published. It has everything you might wish for in browser security: universal XSS, mutation XSS, CSS data exfiltration, and others. Check this out! In a few days, we'll also release a 30-minute presentation about this topic.

Today we release our blog post that demonstrates a new single request exploit for CVE-2019-19781 that is effective even if all of the "vulnerable" Perl files have been deleted 🙀 We also share stats on devices that are patched but still contain backdoors blog.fox-it.com/2020/07/01/a-s…

Just released a paper titled 'hematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often' - research.nccgroup.com/2020/07/02/pap…

My new post on my new blog :D Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection splintercod3.blogspot.com/p/weaponizing-…

We’re hiring interns at Black Hills Information Security for a bunch of R&D projects! (All internships are payed & remote). Applicants must of some basic C# and Python knowledge. If you’re interested send me your resume and we’ll talk! (DMs are open)

RELEASE: Evilginx 2.4 "Gone Phishing" update is OUT NOW! Read all about it: breakdev.org/evilginx-2-4-g…

There seems to be quite some questions and confusion about the impact of exploiting Zerologon (CVE-2020-1472) on the environment. So here's a thread 👇

It has a few more prerequisites, but I finally managed to get a #Zerologon exploit working that doesn't rely on resetting passwords to exploit. Use the printerbug to make DC1 connect to you, then with lots of magic relay that to DC2 directly to DRSUAPI to DCSync 😁

love offensive mobile security and are looking for a job? my new company is hiring! shoot us an email at [email protected]

Hands off my service account! decoder.cloud/2020/11/05/han…

MuraenaTeam strikes again. Together with Giuseppe`Ohpe`Trotta we released the new Muraena and NecroBrowser. Lots of new code+features. Phishing and post-phishing automation at scale for all your needs. Office365 and GitHub examples added. More coming soon 🎣🪝😎 github.com/muraenateam

Following my "old" blog post decoder.cloud/2020/05/30/the… , I have published the very quick & dirty "juicy_2" code github.com/decoder-it/jui… , maybe useful when you have impersonation privs on newer versions of Windows 10 & Server 2019 cc Antonio Cocomazzi Giuseppe`Ohpe`Trotta

a tenacious kernel panic, happening in macOS network stack when bettercap tries to inject packets in the interface in monitor mode (read only works) ... happening on M1 as well ... can somebody at Apple fix this please? github.com/bettercap/bett…

v2.31.0 is out! The number of fixes and new features is just too long to fit in a single screenshot :D github.com/bettercap/bett…

When (NTLM) relaying potatoes lead you to domain admin... A "permanent" 0day Privilege Escalation Vulnerability in Windows RPC Protocol ;-) cc Antonio Cocomazzi Our writeup here: labs.sentinelone.com/relaying-potat…

RemotePotato0 Update: We can confirm that cross session activation works in the relay scenario too so you can get rid of session 0 limitation! Now the real fun will ensue 😈 cc Andrea Pierini

This is some spectacular counterintelligence work and exploitation. Research to discover a vulnerability, and then careful exploitation of that vulnerability so it never gets burned. Tennis 0day

As I couldn't find anyone else who'd documented it, thought I'd look at SeTrustedCredmanAccessPrivilege. tiraniddo.dev/2021/05/dumpin…

What’s it like to work at Doyensec? Read below 👇 We’re hiring again appsec engineers

During offensivecon our Markus Vervier presented his research on security aspects of embedded SIM cards. We are releasing SMShell, an SMS based implant proof of concept for Red Teaming that can evade out of band. Blogpost: persistent-security.net/post/introduci… GitHub: github.com/persistent-sec…