🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

⚡️ Loki C2 just leveled up! 🍄🧙‍♂️ 🔗 Agents can now link to each other, and across platforms! 🔗 No internet? No problem. Chain them, pivot deep, and keep moving! X-Force IBM IBM Security Check out the new release here: github.com/boku7/Loki

DLL injection and DLL proxying on macOS? Yes it is possible! Checkout this blog by Antoine about macOS automated DYLIB injection! #redteam blog.balliskit.com/macos-dylib-in…

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

Get ready for an epic #x33fcon 2025 workshop in Gdynia, Poland (June 12-13) by Duncan Ogilvie 🍍, a hands-on, intermediate-level session where you’ll build a custom VM using RISC-V and LLVM to obfuscate payloads, evade detections, and harden against reverse engineering. Craft field-ready

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇

Okay so this is HUGE - our amazing AI red team have open sourced their AI red team labs so you can set up your own training! aka.ms/AIRTlabs Ram Shankar Siva Kumar

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

It’s been a while since I made a video🫥, so here’s one looking at LDAPx by Artur Marzano , which is based on the amazing research present last year by Sabi and Daniel Bohannon youtu.be/GZ7Vbvf2Dso

How the new Bad Successor dMSA domain takeover attack works. #ThreatHunting #DFIR

A new version of MacroPack Pro with improved DotNET obfuscator, new shellcode launcher, improved clickonce, and more will be released soon! Also, after Sliver, we a preparing tutorials with Mythic Apollo and Havoc 😎 #redteam

AdaptixC2 v0.5 is out github.com/Adaptix-Framew… * Windows "gopher" agent * Fast socks5 tunnels via "gopher" agent * Remote Terminal * Client side tunnels More details in the changelog: adaptix-framework.gitbook.io/adaptix-framew…

I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files. github.com/MEhrn00/boflink Supporting blog post about it. blog.cybershenanigans.space/posts/boflink-…

New video out 🥳Getting up and running with Outline, which in my opinion is the #1 on-premise, open-source Notion alternative, using Docker, Entra ID SSO and Ngrok. youtu.be/CXArj_n--04

Okta chained with Azure with auto MFA subscription for Okta and frame-buster bypass to perform Bitb ! Evilginx is really nice to setup custom phishing campaign whatever the environment is... Phishlet available here : github.com/OtterHacker/Ok…

Introducing a new tool of The Manticore Project: Delegations Manage Kerberos delegations like a pro: audit, add, remove, monitor & more — all in one tool! Supports unconstrained, constrained (+protocol transition), & RBCD. 🔗 github.com/TheManticorePr…

Phishing defenses are evolving, but so are attackers. At #x33fcon, Kuba Gretzky will show how modern anti-phishing approaches (URL scanning, browser extensions, canaries) can be bypassed. Plus, he'll reveal novel tactics like browser-in-the-browser #phishing. Don't miss this

Evilginx + BITB = ❤️