Oh holy Nimikätz / custom invoke-mimikatz If you want the l33t shit for your next engagement you should: Read -> s3cur3th1ssh1t.github.io/Bypass-AMSI-by… Read -> s3cur3th1ssh1t.github.io/Building-a-cus… Use -> github.com/danielbohannon… from Daniel Bohannon Use -> private tools from S3cur3Th1sSh1t by sponsoring him

Since Microsoft plans to disable macros by default, I have decided to release a proof of concept that I use on my engagements by leveraging the document properties built in Microsoft Office. Here is the link to the article: offensive-security.com/offsec/macro-w…

Just added the two new AMSI bypass PoC's via Provider Patching into my Amsi-Bypass-Powershell repo. Plus one PoC in Nim as pull request for OffensiveNim: github.com/S3cur3Th1sSh1t… github.com/byt3bl33d3r/Of… Tested both, works perfectly fine. 👌 (1/2)

Um trying out this too now. Let me know how it is. Ways to Dump LSASS crypt0ace.github.io/posts/Dumping-…

Here's another interesting one Guide to DLL Sideloading crypt0ace.github.io/posts/DLL-Side…

lessgooo I've earned the Throwback Badge on TryHackMe for Hacking Throwback by exploiting a Windows AD network tryhackme.com/crypt0ace/badg… #tryhackme via TryHackMe

90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go. 1/12

Happy Arctic Monkeys are back day to all of those who celebrate

WinAPI and P/Invoke in C# crypt0ace.github.io/posts/WinAPI-a…

Searching for DLL Sideloading binaries? A short Powershell Script in combination with Siofra will give you thousands of possible combinations. github.com/Cybereason/sio… Either try to replace any Windows DLL Import with your payload DLL or search for Phantom DLLs.

Process Hollowing in C# as a part of shellcode injection technique 🙃🙃 crypt0ace.github.io/posts/Shellcod…

yes crypt0ace.github.io/posts/Using-DI…

Opensource from Hack The Box involved a flask application running in debug mode, vulnerable to directory traversal had two routes, uploading your own route or generating the console pin, accessing gitea, and escalating privileges through git hooks. arz101.medium.com/hackthebox-ope…

Shared from Hack The Box involved exploiting sqli in json, ipython for code execution, finding credentials to redis from a golang binary, and abusing CVE-2022–0543 for privilege escalation arz101.medium.com/hackthebox-sha…

Hathor from Hack The Box , an insane windows machine, involved logging into mojoportal with defautlt creds, uploading aspx web shell, IIS Impersonation, Bypassing Applocker, DLL Hijacking, signing powershell script and DCsync. arz101.medium.com/hackthebox-hat…

We're happy to be sponsoring HackSpaceCon 23. Did someone say pool party? #hackspacecon

☢️ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness❤️ Check out Nick Powers and Steven insights on weaponising them: posts.specterops.io/less-smartscre… Pssst. there's a training & framework already scratching that surface too🥳

DotNet: Not Dead...Yet 😏

Did i have plenty of time allocated to reporting this week? - Yes Did i spend that time reporting? - No.. is procrastinating a bitch? Yes.... Now blog post + tool inbound tho! 😅🍻

Wrote a complete walkthrough of the NHA lab by Mayfly. Give it a read if youre interested in pwning an AD environment from start to finish with some really interesting pathways! crypt0ace.github.io/posts/NHA-Part… crypt0ace.github.io/posts/NHA-Part… crypt0ace.github.io/posts/NHA-Part… crypt0ace.github.io/posts/NHA-Part…