🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Sick work!

New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM cobaltstrike.com/blog/introduci…

Have you ever wanted to mutate Beacon Object Files? William Burgess and I have created a mutator kit that allows you to easily mutate Cobalt Strike sleep masks or BOFs in general. cobaltstrike.com/blog/introduci…

Working on a pretty scary project. I combined 5pider Stardust and William Burgess recent work LLVM obfuscation work. ENDLESS_WALTZ produces unique PIC .bin's each time it's ran (== unique agents each compile...) L is normal Stardust, M+R are the same code but different runs of EW

super hot technique for preventing EDR dll loaded into the process from Marcus Hutchins (malwaretech): malwaretech.com/2024/02/bypass… just tested it successfully ;)

Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink. In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too. research.checkpoint.com/2024/the-risks…

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

This will be siiiiick, now want a recon ticket

collection of kCTF exploits. not just exploit source, but documentation about the bug and documentation about how the exploit works. very cool stuff, and some really creative people out there

The video just went live for my recent BlueHat IL talk about a new Windows vulnerability class, including an exploit for kernel code execution 👇 youtube.com/watch?v=1LvOFU…

When I was a sec consultant, one of my favourite days was when a new CS dropped and there were plenty of goodies to play with. A lot of effort went into this release and there is a looot of cool stuff to hack around with

New CS Blog - Revisiting the UDRL Part 3: cobaltstrike.com/blog/revisitin… If you like the idea of loading a custom c2 channel in your UDRL then this blog may be of interest 👀

New blog: Get details on recent changes, upcoming plans for #CobaltStrike R&D, and our strategy for increased communication. cobaltstrike.com/blog/cobalt-st…

[BLOG] This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs. rastamouse.me/udrl-sleepmask…

I drafted a janky mind map of Beacon's components and their relationships. Might be able to make it neater if people find it useful. Perhaps we could get this on a desk mat William Burgess 😅

😍😍😍

Planning on tinkering with #offensivesecurity over the holidays? After all, tis' the season to get ahead of #cyberattacks! In this short demo of the #CobaltStrike mutator kit we show how easy it is to generate LLVM randomized sleepmasks and #BOFs> linoma.wistia.com/medias/ncw3ov9…

Cobalt Strike 4.11 is out now! This release introduces a novel Sleepmask, a novel process injection technique, a new prepend reflective loader with new evasive options, asynchronous BOFs, DNS over HTTPs and more! cobaltstrike.com/blog/cobalt-st…

👀

The final part of j00ru//vx’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for googleprojectzero.blogspot.com/2025/05/the-wi…