LOLEXFIL Living off the land Data Exfiltration method lolexfil.github.io

meet VMkatz, github.com/nikaiw/VMkatz

How many sign-in logging bypasses can Azure Entra ID contain? At least 4.

ZeroTrust Workshop is now available on the web instead of in an Excel sheet. Last week, Microsoft announced the updated, 🚀brand new ZeroTrust Workshop. Most of us used the Excel sheet with our customers. We hoped to see this Excel sheet on the web, like the ZeroTrust Assessment.

2026 is 22% complete.

New NetExec module: mssql_cbt🔥 Relaying to MSSQL can be a hidden gem when you are out of options. The only protection against relaying to MSSQL is to enforce Channel Binding Tokens (CBT). Thanks to Aurélien Chalot, NetExec now has a module that checks whether this CBT is required.

Today is another package-lock.json appreciation day! - Make sure you always commit your project with the package-lock.json file. It is the ONLY version locking enforcement mechanism. - Use npm ci instead of npm install. The first one will work ONLY if package-lock.json exists.

2026 is 25% complete.

THE ARTEMIS II ECLIPSE. April 6, 2026. Totality, beyond Earth. From lunar orbit, the Moon eclipses the Sun, revealing a view few in human history have ever witnessed. Photo: NASA

Earthset. The Artemis II crew captured this view of an Earthset on April 6, 2026, as they flew around the Moon. The image is reminiscent of the iconic Earthrise image taken by astronaut Bill Anders 58 years earlier as the Apollo 8 crew flew around the Moon.

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs

Releasing GodPotatoBOF: Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. OPSEC safe alternative to the .NET version. Based on the original GodPotato PoC by BeichenDream. github.com/incursi0n/GodP…

Welcome home Reid, Victor, Christina, and Jeremy! 🫶 The Artemis II astronauts have splashed down at 8:07pm ET (0007 UTC April 11), bringing their historic 10-day mission around the Moon to an end.

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew. github.com/Nightmare-Ecli…

RedSun seems to work on MDE aswell

If you’re into Impacket you might want to checkout Titanis. Perhaps it’s more opsec safe 🤷‍♂️ github.com/trustedsec/Tit…

Anthropic said Mythos was too dangerous to release. Then four random guys in a Discord gained access on day one by guessing the URL... This is pretty insane: → Group in a private Discord guessed the endpoint from Anthropic's naming conventions → They figured out the

Threat Intel Nom Nom — open source threat intel aggregator that monitors RSS feeds, websites, APIs, and .onion sites for your keywords. Auto-extracts IOCs, alerts via Discord/email/webhook. Docker one-liner setup. Free, no signup, no nonsense. github.com/LuemmelSec/Thr…

It's our home. This Earth Day, see our planet as our Artemis II astronauts saw it with these new images from the mission.