🔧 Byont: (PoC) Load clean ntdll.dll from Microsoft symbol servers and execute functions from memory. Manual PE loading without LoadLibrary - bypass userland hooks for security research. github.com/Teach2Breach/b…

Following S3cur3Th1sSh1t's TROOPERS talk and release of BitlockMove, we're releasing our internal DCOMRunAs PoC made by @SAERXCIT last year. It uses a similar technique with a few differences, such as DLL hijacking to avoid registry modification. github.com/AlmondOffSec/D…

🐉 New plugin available for airgeddon! Dragon Drain adds WPA3 DoS attack support via SAE flooding. Initially thought to affect only early WPA3 devices, but in testing we found more vulnerable routers than expected 👀 🔗 github.com/Janek79ax/drag… #airgeddon #WPA3 #wifi #hacking

It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…

Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (Aurélien Chalot), including instructions for reproducing the test environment yourself. (link below)

The code is here. As always, "Not tested in prod, use at your own risk". All credit goes to Yuval Gordon, sn🥶vvcr💥sh and fulc2um. gist.github.com/ThePirateWhoSm… 🌻

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…

#oldnewthing Need something blue? Create the file "C:\Windows\System32\config\OSDATA" and restart Windows. You’ll get a permanent Blue Screen of Death( BSOD ). #pentester #redteam

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…

GitHub - 0pepsi/Linux-persistence: A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion. github.com/0pepsi/Linux-p…

GitHub - hunters-sec/CVE-2025-55188-7z-exploit: 7z exploit POC versions prior to 25.01 - github.com/hunters-sec/CV…

In continuation for my recent research about UAC bypass I wrote a tool "Find-UACAutoElevate" to find executables that match the requirements to achieve UAC Bypass. github.com/ADPunisher/Fin… #PowerShell #UACBypass #AutoElevate

Find the POC for my new finding, CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch. github.com/rubenformation…

Hoy a las 20:00 (hora España) estaré hablando sobre Windows, suplantación de usuarios y movimientos laterales en el canal de Alberto J Garcia YouTube: HablemosCyber

You're lazy, I'm lazy, so what if your compiler did the evasion for you? Based on my blogpost from earlier this week: 0xkylm.github.io/posts/offensiv…

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

Payments are still broken — and we proved it at DEF CON 33. 2,000+ attendees, 5 CTF tracks, workshops, and ferrofluid revealing magstripes. Here's the full write-up of what happened at @PaymentVillage this year: 🔗 paymentvillage.substack.com/p/def-con-33-w… #DEFCON #CTF #payments

I'm releasing my new tool: DllShimmer 🔥 Weaponize DLL hijacking easily. github.com/Print3M/DllShi… - backdoor any function, no reverse engineering - all functions proxied, no program crash - built-in debug info and mutex to every function - more... #redteam #malware #security

Official MVS Aug 2025 updated ISOs have been added. 🎉 Windows 10 22H2 Windows 11 24H2 Windows 11 23H2 Server 2025 Server 2022 Server 23H2 massgrave.dev/genuine-instal…