Publicly disclosing the bluehammer exploit, at the time of writing this, this vulnerability is still unpatched. Full PoC source can be found here - deadeclipse666.blogspot.com/2026/04/public…

mstsc /shadow is a built-in Windows feature for RDP session shadowing A technique demonstrated by Slavi Parpulev shows how to attach to a session using its ID and how consent behavior depends on configuration and privileges Learn more: justhacking.com/course/masteri… #cybersecurity

COMouflage: Surrogate Injection New Medium post, in this one we have a great technique used to inject a DLL into the svchost.exe process, masquerading the parent process id. The technique is named COMouflage Surrogate Injection Author: zer02504 medium.com/@s12deff/comou…

Bluehammer Privilege escalation via Microsoft Defender. No patch yet github.com/Nightmare-Ecli… #0day #lpe

I just wrote a tutorial explaining how to combine Adaptix C2 with MacroPack and ShellcodePack! This provides multiple initial access and EDR evasion options to Adaptix C2 users. Tutorial includes: LNK, CLickOnce, DLL Sideloading, Exe, HTA, etc! #redteam blog.balliskit.com/tutorial-adapt…

1/ Recently an unnamed source shared data exfiltrated from an internal North Korean payment server containing 390 accounts, chat logs, crypto transactions. I spent long hours going through all of it, none of which has ever been publicly released. It revealed an intricate

As someone who scraped for a living for years, anyone recommending lightpanda to do it shows that they don’t have any experience regarding the subject. Only one thing to understand: TLS Fingerprinting You can have the fastest headless setup, puppeteer, lightpanda,… one wrong

Persistence Techniques That Persist An overview of evolving persistence methods in malware and red team operations. A post by Ari Novick. Source: cyberark.com/resources/thre… #redteam #blueteam #maldev #malwaredevelopment

KslKatzBOF Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory. No OpenProcess, no auditable API calls github.com/Muz1K1zuM/kslk… #apt #redteam

github.com/senderend/ghos… “NTLM HTTP relay tool with SOCKS proxy for browser session hijacking. 1️⃣Capture NTLM auth, 2️⃣relay to HTTP/HTTPS targets, 3️⃣then browse as the victim through a SOCKS ❄️proxy. This works even when cookie replay doesn't.” 🎯 github.com/senderend/ghos…

Implementing a dynamic Call Stack Spoofer TL;DR: PoC to implement of a true dynamic stack spoofer, which will allow us not only to spoof the call stack to our call, but also to hide the real origin of the call... klezvirus.github.io/posts/Stackmoo…

EDR/XDR Bypass and Detection Evasion Techniques: An Investigation of Advanced Evasion Strategies from a Red Team Perspective meetcyber.net/edr-xdr-bypass…

I’m excited to announce my newest training course, Breaching M365, is now available on-demand through Antisyphon Training. For $295, you get a full offensive methodology for attacking Microsoft 365 environments, from unauthenticated recon and initial access to OAuth abuse,

Introducing Combat Theater, a malware technique emulator built for blue teams, detection engineers and security researchers to perform testing and detection validation quickly and easily. Check out the introduction blog to learn more! combat.theater/blogs/introduc…

In response to CVE-2026-33825 (BlueHammer patch), The RedSun, a new unpatched windows defender EoP vulnerability has been publicly disclosed and can be found here - deadeclipse666.blogspot.com/2026/04/public…

Initial Access with sideloading. Using DLL sideloading for initial access in red team operations. A post by Print3M Source: print3m.github.io/blog/dll-sidel… #redteam #blueteam #maldev #malwaredevelopment

NTLMv1 is still out there. And now it’s easier than ever to break. Skyler Knecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required. Check it out! ⤵️ ghst.ly/4vqx9Id