Very proud of this. You can run arbitrary BOFs through Beacon and every API call will have a fully backed stack without needing to modify or recompile them.

Beacon Object Files (BOFs) in C2 platforms limit developers. ow.ly/rQ2e50VjZBU Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.

Ever wondered if the user is active or not on a red team? Well, I created a bof called useridletime found in github.com/trustedsec/CS-… that you can use to query for idle time of the user. Useful in some scenarios 😉

ZigStrike 2.0 is out! I have released a new version of ZigStrike to address several issues from the previous release and add more techniques and UI enhancements, read more below :

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…

As this is public now - an alternative to modifying AppIds to make them use the interactive user via the remote registry you can also use a lot of existing CLSIDs which have the interactive user configured and coerce an incoming RPC authentication from loggedon users.😎

Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: ow.ly/WcuW50VAOTg

GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. github.com/Sh3lldon/FullB…

With some guidance from DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 blog.felixm.pw/rude_awakening…

Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥 r-tec.net/r-tec-blog-win…

Short post on an alternative method for obtaining Microsoft Entra refresh tokens via Beacon. Proof of concept BOF is available on my GitHub 🙂 infosecnoodle.com/p/obtaining-mi…

The Ruy-Lopez technique sometimes helps a lot with evasion. The technique was published and open sourced by our founder @Shitsecure two years ago. In #RustPack version 1.3.1 we added a custom, non-public version of this technique that is much more OPSec safe than the public

Utilizing our previously discovered registry key to hook LSASS's SamIGetUserLogonInformation2 API and capturing plaintext login credentials. github.com/Maldev-Academy…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

Enjoy github.com/Octoberfest7/z…

Thanks to the awesome work of Aleem Ladha , the CTF Windows Active Directory lab for Barbhack from 2024 is now public! 🔥 You can build the lab and pwn the AD—13 flags to capture! No public write-up exists yet—waiting for someone to submit one! github.com/Pennyw0rth/Net…

Many are asking why Microsoft's announcement of MCP for Windows OS is significant. Windows OS is now AI-agent accessible. Take a look at this ex. AI-OS. Replace LLM System Call Interface with Microsoft's new Windows OS MCP. The world's most used OS is now AI agent accessible.

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version. Simply sign

Congratulations to Tract0r for clearing our Certified by Altered Security Red Team Expert for Azure exam! #CARTE #AlteredSecurity cc Nikhil Mittal alteredsecurity.com/azureadvanced

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…