The Navaja Negra Conference conference is just around the corner! Kurosh Dabbagh will be on-site to talk about malware development and EDR evasion. ➡️ Read more: navajanegra.com/2023/speaker/k…

In a few minutes, our colleague Kurosh Dabbagh will present at Navaja Negra Conference a new method of threadless code injection for Windows processes through the hijacking of DLL entry points. #NN11ED ➡️ Watch it live (Spanish) at: twitch.tv/navajanegra

Our colleague Iago Abad has weaponized the leaked token handles technique for MSSQL. Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain. github.com/blackarrowsec/…

🚨 Confirmamos primera charla 🚨 Ines (Inés) y Kurosh (Kurosh Dabbagh ), operadores de Red Team en la unidad de seguridad ofensiva de Tarlogic, son la primera charla confirmada de la #HackOn2024. 👨‍💻 Muchas gracias por venir, estamos encantados de recibiros.

Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…

Our colleagues Kurosh Dabbagh & Inés will be at #HackOn2024 presenting an alternative approach to ROP-based sleep obfuscation technique to evade memory scanners. ➡️ Read more: hackon.es/charlas/In%C3%…

Although it's nothing new, Inés and I are pleased to publish our own ROP-based implementation of the code fluctuation technique. We've tried to keep it simple and functional, avoiding to use common features like Timers, HWBP or APCs. github.com/Kudaes/Shelter

In a few hours, our colleague Kurosh Dabbagh will talk at EuskalHack about call stack spoofing to hide the execution of implants from memory. #ESCVII ➡️ Read more: securitycongress.euskalhack.org/ponentes_es.ht…

¡No parpadees si no te lo quieres perder! Kurosh Dabbagh nos habla de "Call Stack Spoofing para ocultar la ejecución de implantes desde memoria" #WindowsInternals #Malware #EDR Kurosh Dabbagh

AvePoint has fixed a vulnerability in DocAve, Perimeter and Compliance Guardian discovered by our researchers mintko and Marcos Díaz. This vulnerability can be used to achieve Remote Code Execution (RCE) in affected systems. ➡️ Advisory: avepoint.com/company/docave…

This Thursday, our colleague Kurosh Dabbagh will be at Navaja Negra Conference presenting Activation Context Hijack: a new code execution technique for Windows environments. ➡️ More info: navajanegra.com/2025/speaker/k…

Kudos to our colleague Kurosh Dabbagh , who yesterday delighted us at Navaja Negra Conference with his talk 'Activation Context Hijack,' which can be rewatched here: twitch.tv/videos/2581089…