I was today years old when I learnt that you can run ELF using ld-linux. Useful when the executable bit is not set (and you can't change it).

Tool release form my SteelCon talk. Nothing ground breaking but free tools are free tools github.com/two06/LinkedIn…

This is so much! 🔥🔥😎 Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate. github.com/warpnet/MS-RPC…

The RPC-function RAiForceElevationPromptForCOM from the appinfo.dll library allows SYSTEM coercion. This only works on domain joined systems. This function can be called from any low privileged user to trigger SYSTEM authentication to an arbitrary location github.com/rtecCyberSec/R…

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…

There is a party at #GLx and you have been invited. Brand new training course giving you a deep dive into #SPTM, #TXM, #SK and #Exclaves antid0te.sg/blog/25-12-15-…

GitHub - 0pepsi/Linux-persistence: A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion. github.com/0pepsi/Linux-p…

Lance Cain & Daniel Mayer shared examples of Jamf exploitation techniques available to threat actors in their #BHUSA briefing today, which included the introduction of two new tools: JamfHound & Eve.

Solid overview of OPSEC considerations when operating with Sliver C2 by zimnyaa 💪 #redteam #c2 #malware #opsec tishina.in/opsec/sliver-o…

Beyond Beacon: Writing BOF and a Native Rust COFF Loader malware-decoded.com/rust-bof-coff-… #redteam

EDR vendors secure their sales pipelines but neglect monitoring GitHub for exposed installer tokens -leaving customers vulnerable to abuse and over-licensing. Adversaries likely exploit these tokens to build sandboxes for payload testing. Here are search patterns to help

Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? Hope Walker breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication. ghst.ly/45h2Zw3

[Crystal Kit] Evasion kit for Cobalt Strike. github.com/rasta-mouse/Cr…

My very first Crystal Palace shared library 🤗 github.com/rasta-mouse/Li…

rolled out a bof for getting the dpapi_system key used by mimikatz /system: when ingesting master keys. If that's something you need it's live at github.com/trustedsec/CS-…

Credential Guard was supposed to end credential dumping. It didn't. Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

Redirect any Windows TCP and UDP traffic to HTTP/Socks5 proxy github.com/InterceptSuite…

Last month, Dylan Tran and I gave a talk Munich Cyber Tactics, Techniques and Procedures called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft. Check out the slides here: github.com/bohops/COM-to-… Recording should be released soon.

Forget common backdoors — a DLL hijack in Windows Narrator can grant SYSTEM-level persistence at login. In our new blog, Oddvar Moe shows how attackers abuse accessibility features and what defenders should monitor. Read now! trustedsec.com/blog/hack-cess…

A Rust-based tool that generates Windows PE executables containing data patterns designed to trigger YARA rule matches. github.com/Sam0rai/guilty…