Great write-up on MSI privilege escalations from pfiatde! Check it out now while it's hot 🔥

In Havoc 0.7 [Bite the Dust] is going to be able to use gadgets while performing sleep obfuscation to indirectly call functions without triggering detections like patriot (by Joe Desimone )

I published the slides for my talk at #SANS #Hackfest. I sort of hijacked my own talk to give my perspective on Offensive Security capability engineering, framing it with a practical example. github.com/FuzzySecurity/… I want to shout out mr.d0x and Adam Chester 🏴‍☠️ of course <3

ETW Internals is a huge topic, wrote down a little part of it (and some windbg scripts to help your research)

Asistimos en la sala 20 al taller Malware Development 201 - Creando un Loader en C++ centrado en Evasión (Windows), en la sala 20, patrocinada por #CSA, a cargo de Nacho Gomez y Antonio Pérez, de NTT DATA España #XVIIJornadasCCNCERT #VJornadasESPDEFCERT

Ya están subidas las diapositivas y las POCs del taller "Malware Development 201" presentado ayer en las XVII Jornadas STIC de CCN-CERT. Espero que os gustara! github.com/ASOT-LABS/XVII…

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses github.com/Mazars-Tech/AD…

Found a funny way to detect Rubeus. There's a typo in the process name used when calling LsaRegisterLogonProcess, which shows up in the Windows audit logs. Not sure if that was intentional given the code comment right next to it.

Everyone thinks they want some fancy full featured bespoke c2 when they really just want a c2 with a socks proxy.

Want to learn malware analysis and development? Join me and @MalFuzzer for a training course like no other! training.trainsec.net/malware-analys…

It’s been an awesome week offensivecon! Yarden Shafir’s Windows Internals Training was 🔥🔥 Sadly I could not stay for the talks, but already thinking in the next one! Awesome training if you want to dive deep into the Windows kernel from an offsec perspective

Tangled is a social engineering platform that weaponizes calendar event processing in Outlook and Gmail to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction. github.com/ineesdv/Tangled Technical breakdown: tarlogic.com/blog/abusing-c…