.Chris Sullo has finally squashed enough bugs and added enough new features to release Nikto 2.5.0. Well done, a really good bit of work. github.com/sullo/nikto/re…

Off By One Security streams are back! Join me Thursday, the 7-DEC at 11AM PST with the amazing Didier Stevens, who will give us awesome insight (and likely some new tools) on Cobalt Strike from a Blue Team Perspective! AKA: Improve your red team chops! youtube.com/watch?v=ZtenI_…

Finally put my GOVEE rope lights on the house! I’ll be putting some more up later, but they are awesome!!!

To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose. More PoCs will be added later (filesystem/network mini-filter things especially). github.com/daem0nc0re/Vec…

The Havoc Framework 0.7 Bites The Dust - added support for the key/value store API - several fixes (smb agent, port forwarding, ...) - added callbacks for new demons - updated python api - refactor the hwbp engine - sleep obf with gadgets and so much more github.com/HavocFramework…

Ahoy! We are DELIGHTED to announce the launch of SANS Holiday Hack Challenge 2023! It's a free gift to the community from SANS Institute. Build cyber skills while having fun, leveraging AI. For all skill levels, novice to advanced & everyone in between! sans.org/holidayhack

After a little break, it’s time to get back to the SANS Offensive Operations Intro to C workshops! 😁 Always free. Always recorded. Register online when you have a chance.

Paged Out! #3 is out! Download it here pagedout.institute/download/Paged…

Great blog from CrowdStrike on leveraging Windows Defender AV’s MpLog file during DFIR. Before someone is claiming that they have bypassed Windows Defender. I always suggest them to check the MpLog file. It contains lots of useful telemetry. crowdstrike.com/blog/how-to-us…

is this thing still on?

Forget about the server-side Golang plugin way. I managed to expose the Havoc client qt6 library to Python and now the client UI can be fully scripted using Python and pyside6. It is now possible to create full UI elements/widgets for the Havoc GUI.

TLDR; 4 new releases from Hacker House for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak. 1. github.com/hackerhouse-op… 2. github.com/hackerhouse-op… 3. github.com/hackerhouse-op… 4. github.com/hackerhouse-op… Happy New Year & Enjoy 2024!🎇

Goad small update ! 🏰 🥳 i added scenarios to complete some compromise path. - files with secrets in shares - gmsa account - asrep account on essos - write dacl on container - unconstrained delegation on user - protected user - sensitive user - ppl github.com/Orange-Cyberde…

Happy New Year’s Eve everyone!!! I’m looking forward to 2024!!!! 😁

🔥Big News! I’m thrilled to finally announce Asymmetric Research (asymmetric research), a web3 security venture I’ve recently co-founded with Felix Wilhelm (Felix Wilhelm).

Real quick for anyone looking for VMware Fusion and Workstation downloads in the new Broadcom portal: Fusion: support.broadcom.com/group/ecx/prod… Workstation: support.broadcom.com/group/ecx/prod… You need an account and you need to log in, but the ‘Downloads’ link in those pages takes you to the

It’s official!!! The first update to #SEC670 is done and approved for release at #SANSFIRE 🔥 for those coming in person, I have some cool things up my sleeve for you all. It’s not too late to register in person 👇🏻 sans.org/cyber-security… SANS Offensive Operations SANS Institute

The decision to bring on an investment partner was a momentous one for me. PortSwigger’s story is highly unusual: a hobby project that turned into a business; fully bootstrapped for 15 years; a widely adopted product with minimal sales and marketing. We’ve always been led by our

Before you know it, SANS Baltimore will be here. I’m pumped to be the event chair and be teaching #SEC670 😁 there was a massive update released in July and that’s what I’ll be teaching 🤓 I’d love to C you in person! sans.org/cyber-security… SANS Offensive Operations SANS Institute

SANS CDI 2024 is fast approaching. I'll be teaching my SANS Offensive Operations implant dev class #SEC670. Sign up for some nerdy C++ fun as you make Windows implants for a custom Python C2 server.