🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

My intern research from IBM X-Force Red last summer just got released! Introducing SoaPy - a completely custom engineered way to use Active Directory Web Services (ADWS) from Linux hosts for stealthy Active Directory interaction! Read about it here! securityintelligence.com/x-force/stealt…

Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- Dylan Tran and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙‍♂️🪄

Getting to work with the legends that wrote the blogs that I learned from years ago is crazy, feeling truly blessed 🥹

Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to Dylan Tran and chompie for all their contributions to Loki C2! IBM IBM Security X-Force securityintelligence.com/x-force/bypass…

A little while ago I tweeted about a potential BOF-PE design. So here it is, a new design that includes a fully linked PE, C++ exceptions and use of the STL template library.

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

Posting my write up for XINTRA 's Hybrid Azure APT Emulation Lab (Husky Corp) bri5ee.sh/blue%20team/20…. Fairly in depth blog post walking through OAuth, Managed Identity, and PTA abuse, Pass the PRT, etc. Huge s/o to ✞ inversecos and the team for making an amazing lab.

I Backdoored Cursor AI 😎 youtu.be/FYok3diZY78 Finally getting a chance to play with Loki C2, the super cool Node JS C2 framework for backdooring Electron applications (think Discord, Slack, too!) -- put together by the incredible Bobby Cooke 🔥We even got to nerd out over DMs to

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…

I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :) logan-goins.com/2025-04-25-scc…

.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-and-ni…

MY GOAT KEEPIN WEST COAST BEST COAST

I want to remind people that do research - don’t hesitate to release your findings just because you’re worried if it’s “novel” or not. Your perspective is novel and the time you took to dive into something is valuable. Show people what you have learned, it might help the next

I got hit with the CRWD RIF. Looking for any DFIR Consulting or SecEng-ish role.. Been doing DFIR for 5 years both at CRWD and at Cylance- I can provide references and resume on request.

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

Graduated

I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files. github.com/MEhrn00/boflink Supporting blog post about it. blog.cybershenanigans.space/posts/boflink-…