Today, I'm releasing the first version of a small web 🚀: rosti.bin.re It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites. I hope it proves useful to some of you ... 🙏✨ #ThreatIntel

Yep 👍

#Redteam Old New Techniques: When you need to temporarily drop a file to disk, using CreateFile with the FILE_FLAG_DELETE_ON_CLOSE flag specified in dwFlagsAndAttributes means you won't need to call DeleteFile after you're done using it. #malware #pentest

SMSS.EXE vs EDR.EXE: which one is tougher? Registry add: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations REG_MULTI_SZ Value: MsMpEng.exe path with \??\ prefix & NO quotations FileDelete: ACCESS DENIED SMSS 0; EDR 1 #redteam #pentest #malware

#pentest : output files with the naming format "SMSS-PFRO*.tmp". Set \CurrentControlSet\Control\Session Manager\TempFileDirectory pointing to this, add "ClearTempFiles" with value 1. SMSS will automatically clear these files without you having to get your hands dirty. #redteam

Today Lockbit ransomware group issued a message to Kash Patel, the new Director of the United States Federal Bureau of Investigation. He requested Kash Patel contact him via Tox and offered him a file titled "personal_gift_for_new_director_FBI_Kash_Patel.7z". The file is

🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research! 🔍 Blog: mohamed-fakroud.gitbook.io/red-teamings-d… 💻 Code: github.com/T3nb3w/ComDotN…

I found a #vulnerability in the software. Tried to submit a report to the software development company through a #bugbounty platform, but this website requires my passport to submit.

We have uncovered a Windows .lnk shortcut bug (#ZDI-CAN-25373) being exploited by #APT groups and cybercriminals worldwide. This bug in Windows  .lnk files allows attackers to execute hidden malicious commands that aren't visible when viewing shortcut properties. More details 🧵

How many times have you forgotten to adjust these two flags in your Visual Studio project? /MT means not require the Visual C++ Redistributable. No debug will exclude the debug information in the final executable. #redteam #malware #blueteam

#oldnewthing You can use CreateFileMapping to obtain the contents of a file without having to call the ReadFile function. #redteam #malware

Good new: you can dump the full kernel on Windows 11 using PowerShell Bad new: this dump file does not contain the memory regions of PPL processes, so don't think about using katz kitten to dump LSASS 😂 #redteam #lsass #credentialdumping

Did you know you can run certutil to decode Windows HRESULT/NTSTATUS error values? certutil -error <code>

#oldnewthing When conducting red teaming operations—especially over RDP—adding the "ClearRecentDocsOnExit" value to the registry can help erase traces of your activities on the target machine #pentester #redteam