Tainting logs coming from ETW providers? Absolutely! In many cases it can be done from an unelevated process in userland, depending on security descriptor set on ETW_GUID_ENTRY (taken from registry). Impact? Sending fake events on behalf of almost any ETW provider, including

I wonder how much of my working day I spend making tea and going to the toilet. Or perhaps I don't want to know...

Blue vs Red in the living room. Courtesy of Invadergirl

Completed a massive overhaul to Brute Ratel 2.3, bringing crazy OPSEC enhancements and extensive modularization. Stay tuned for an exciting release.. #brc4

I wonder how many CS user have never thought about this - when you use explicit injection with an rDLL, what happens to it once it's finished? Nothing. It sits in memory until the process is closed.

secure system administration is easy...

Did you know that WSL 2 makes it easy to do GPU passthrough? This blog will help you supercharge your password cracking or AI workloads in no time. #pentesting #hashcat #ai #gpu #hacking attackd.com/blog/how-to-us…

I am back to posting to ADSecurity.org in my free time (which I have again). I plan on adding new content relating to Active Directory & Azure AD (now Entra ID). First up is "Entra & Azure Managed Access Revisited". This article expands on one I wrote years ago about

LOLdrivers.io now has SIEM queries and a tool section for those looking to operationalize the data. Thanks to Mehmet Ergene and The Haag™ for sharing the queries with the community! Also shout out to Tenable for sharing the Nessus plugin, Oddvar Moe for the

Hey there, fellow phishermen! 👋 Evilginx Pro update 4.2 has been out for a month, and I decided to spend some time documenting the new features and explaining how to use them. Enjoy the write-up and let me know what else you would like to see added in future updates. 🔗👇

I joined a security team that had very little insight into the various internal operational and SDLC processes. It took years of effort to get even basic secure coding practices and security testing in place. I can only imagine how this trend has undermined those efforts.

I made a weird tower thing today

💯 go donate to his GitHub

If you didn't find my Black Hat / Def Con slides yet, they are available on dirkjanm.io/talks . Also includes the demo videos where I use actor tokens from on-prem to access SharePoint online and get Global Admin.

one of those days Adam Chester 🏴‍☠️

The Children's Commissioner in the UK want to ban VPNs for under 18s to prevent them from circumventing the new Online Safety Act. However, their report also admits that children are more likely to see pornography by accident. assets.childrenscommissioner.gov.uk/wpuploads/2025…

I know a lot of people will hate me for saying this but it has to be said. I get a lot of DMs saying RT is getting harder everyday, traditional loaders dont work anymore, opensource tools tend to crash or get detected instantly. But wasnt that the whole point of Red team? Thats

Did you always have to be elevated to get SystemHandleInformation with NtQuerySystemInformation? Specifically the Object value on SYSTEM_HANDLE_TABLE_ENTRY_INFO? Or is that another recent change in Win11+?

Has anyone (particularly in the UK) used one of those ethernet over power gadgets? If so, are they any good?