LAPSUS$ is a great reason to check that ms-DS-MachineAccountQuota

Bypassing CrowdStrike, Microsoft Defender for Endpoint etc. for fun.. not profit vanmieghem.io/blueprint-for-…

This is your yearly reminder that ALL Udemy Bug Bounty courses are a waste of money. The content you need is out there, completely for free. Don't believe me? Here is a list of the best Bug Bounty Ressources out there 🧵👇 #bugbountytips #BugBounty

SCCM network access accounts (NAAs) are back... And they're not going away. Not only can we query the credential blobs from WMI, we can also retrieve previously used account blobs from the CIM repository, even if the computer is no longer a client... posts.specterops.io/the-phantom-cr…

sometimes encrypting your message is not enough.

What did Yoda say when he saw himself in 4K? HDMI

ZeusBox Yep. You are partially correct but theres a lot more to it than EAT and IAT hooks. Finding syscalls are fine, but in order to do that you must first find the ntdll in memory which is the tricky part. I think if you evade S1, you by default evade almost every EDR there is.

We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege How? Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM Should be "lighter" than the classic S4U cc Andrea P gist.github.com/antonioCoco/19…

This is a must-see for me at LABScon next week: ** The life and times of Sysinternals -- Mark Russinovich, Microsoft (@markrussinovich) Agenda is legit 💪 labscon.io/#day-1

reverse shell? do u mean hollaback curl?

Master Plan 3, the path to a fully sustainable energy future for Earth will be presented on March 1. The future is bright!

This is great! its also cross-platform! Download the CLI code binary for other os's/chipsets from code.visualstudio.com/Download# and they offer the tunnel feature too!

We are happy to announce we are hosting our first ever Malware Research Contest! Sponsored by our friends at SentinelOne * Must be novel research * Applicants can only be from the United States due to anti-gambling and money laundering laws * First place is a new Macbook Pro ♥️

My latest research which completely breaks trust transitivity, enjoy :-) exploit.ph/external-trust…

GPT-5: can perfectly build any website GPT-6: can build and run a company GPT-7: passes Turing test GPT-8: overthrows world governments GPT-9: fails to understand how Jira is supposed to work, gives up, asks humans for help

New blog: Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust I teased this a bit during my Windows Hello talks, now found some time to write about this interesting technique. Also contains defenses and detection opportunities. dirkjanm.io/obtaining-doma…

Made a tool which finds DLL files with RWX section in memory. I came up with this idea after I stumbled upon an interesting article by Security Joes github.com/pwnsauc3/RWXFi…

Today I am pleased to announce the release of a code analyser I’ve been working in my free time - wSAST (wsast.co.uk) wSAST aims to make code analysis easier for application security consultants by providing tools to graph relationships, find paths between functions,

bro no one is burning a 0day at a hacker cosplay convention PLEASE

🔥 Super excited to soon present my lifetime project publicly🤩 - 4yrs of R&D + 1y in commercial sale - Weaponization of 95+ file types - 140kLOC - 20+ tools - 10+ shellcode exec techniques (ts) - 8 MSI ts - 20+ LNK ts - 30+ script/macro ts ⚡ Battle tested, low-profile arsenal