🧪 New technique: DreamWalkers A reflective shellcode loader that crafts a synthetic, clean call stack. Achieving stealthy execution from memory-mapped modules. 🔗 maxdcb.github.io/DreamWalkers/ #MalwareResearch #RedTeam #WindowsInternals #OffSec

CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: starlabs.sg/blog/2025/07-m… Done by our intern, Ong How Chong

Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0

A new version of ysonet.net is out, I have updated #SharePoint plugin to: - Fix CVE-2025-49704 exploit against SP2016! 🪲 - Support CVE-2024-38018 as it is very useful.👌 Remember, we should also be able to create folders in Plugin or Generators folders to keep our

🔒 Can you really trust your zero trust? We (re)discovered a vulnerability in Zscaler Client Connector that allowed bypassing device posture checks, and it was still exploitable in the wild. Full technical deep dive + remediation tips 👇 synacktiv.com/en/publication…

Last week, Borja Martínez and I spoke at DEF CON. A milestone after years of following the conference. Our talk presents how Secure Boot, WPBT, and vulnerable drivers can be abused in modern bootkits and persistence mechanisms. Code & PoCs: github.com/0xedh/DEFCON33…

I Just documented a cool way to authenticate proxied tooling to LDAP in an AD environment using C2 payload auth context, without stealing any tickets or hashes! Keep tooling execution off-host and away from EDR on your Red Team assessments! specterops.io/blog/2025/08/2…

Detecting rootkits in Windows kernel. First part of a rootkit detection series, depicting several ways to find malicious code residing in systems memory. Fantastic work by Sven Rath (eversinc33 🤍🔪⋆｡˚ ⋆). Post: eversinc33.com/posts/anti-ant… #redteam #blueteam #maldev #malwaredevelopment

A Novel Technique for SQL Injection in PDO’s Prepared Statements - Assetnote slcyber.io/assetnote-secu…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

Published here: github.com/rasta-mouse/Ga…. Enjoy.

Entrega de premios a los ganadores del CTF de la 'Navaja Negra Conference'. ¡Enhorabuena! 💪 Registro: nnctf.caliphalhounds.com Discord de la competición: discord.gg/tkBS6FZPA5 #NN2025 🖤💛

Navaja Negra Conference demuestra cada año que el conocimiento compartido multiplica su valor. Felices de haber puesto nuestro aporte en uno de los mejores congresos de ciberseguridad de habla hispana. IngPrivUVa Gabinete de Comunicación Universidad de Valladolid

Leaked system prompts for CHATGPT, GEMINI, GROK, CLAUDE, PERPLEXITY, CURSOR, DEVIN, REPLIT, AND MORE! - AI systems transparency for all github.com/elder-plinius/…

Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge. research.google/resources/data… Dataset is available for download at: ▪️console.cloud.google.com/storage/browse… [Login required] ▪️gs://net-ntlmv1-tables

EDR-Redir: You can break EDRs/Antivirus from user mode with bind link and cloud minifilter. Because your payload deserves privacy. #antimalware #itsecurity #redteam

The "EDR Internals Research and Development" course is now available on trainsec! trainsec.net/courses/edr-in…

Spent some time porting DumpGuard to C as a BOF. Abuses Remote Credential Guard to pull NTLMv1 hashes without going near LSASS or needing admin. Shoutout to Valdemar Carøe for the original research. github.com/0xedh/dumpguar…