💥One shell to HANDLE them all New approach to escalate privileges from a web shell by abusing open token handles. #RedTeam /cc Kurosh Dabbagh ➡ tarlogic.com/blog/token-han…

Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc Antón Ortigueira Kurosh Dabbagh ➡️ github.com/blackarrowsec/…

Have you ever tried exploiting a Spring Boot Actuators RCE but the restart endpoint was disabled? ⬇️ Abuse this behaviour using this #TrickOrThreat by Antón Ortigueira

It turns out that gdi32full.dll is vulnerable to "delayed" dll sideloading, which means that virtually any software that uses Windows dialog boxes (of any kind) is vulnerable to this attack. And they are not few. 🧵

In our latest post, ☞ zǝuıʇɹɐɯ olqɐd ☜ introduces a new technique to obtain cleartext passwords from MSSQL by abusing linked servers through the ADSI provider. ➡️ Read more: tarlogic.com/blog/linked-se…

Watchguard has fixed 4 vulnerabilities in Watchguard EPDR discovered by our researchers Antón Ortigueira and Marcos Díaz. These vulnerabilities can be used to turn-off the defensive capabilities of the product and achieve privilege escalation. ➡️ Advisories: watchguard.com/es/wgrd-psirt/…

Seekolver #python tool for searching and filtering subdomains using different APIs: SecurityTrails AlienVault VirusTotal SpyOnWeb Crt sh github.com/Krypteria/Seek… Creator krp

Are you aware that Threat Actors can use virtualization as an effective evasion technique? Our #ThreatHunting team presents some useful queries to detect this technique. ➡️ github.com/blackarrowsec/…

Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…

Our colleagues Kurosh Dabbagh & Inés will be at #HackOn2024 presenting an alternative approach to ROP-based sleep obfuscation technique to evade memory scanners. ➡️ Read more: hackon.es/charlas/In%C3%…

Although it's nothing new, Inés and I are pleased to publish our own ROP-based implementation of the code fluctuation technique. We've tried to keep it simple and functional, avoiding to use common features like Timers, HWBP or APCs. github.com/Kudaes/Shelter

🤘🏼 Success. Antón Ortigueira and @calvaruga, BlackArrow Red Team specialists, not only took control of an EDR but also captured the attention of the entire /RootedCON.

Are you aware of this technique for achieving fileless persistence? Find out how it works and how to detect it. ➡️ github.com/blackarrowsec/…

In a few hours, our colleague Kurosh Dabbagh will talk at EuskalHack about call stack spoofing to hide the execution of implants from memory. #ESCVII ➡️ Read more: securitycongress.euskalhack.org/ponentes_es.ht…

I created a tool designed to simplify the generation of proxy DLLs (i know, a bit late to the game) while addressing common conflicts related to windows.h when it comes to redefining an existing function when performing proxy DLL. It was a fun project 😁 github.com/Krypteria/Prox…

I've just released Eclipse, a PoC of what I call Activation Context Hijack. This technique redirects any application to load an arbitray DLL, allowing to inject code into any trusted process. More info available on Github. github.com/Kudaes/Eclipse

Although direct access to disk is not new at all, especially when it comes to forensics, I think this approach could be useful in a number of contexts during a RT engagement. github.com/Kudaes/MFTool

This Thursday, our colleague Kurosh Dabbagh will be at Navaja Negra Conference presenting Activation Context Hijack: a new code execution technique for Windows environments. ➡️ More info: navajanegra.com/2025/speaker/k…

Kudos to our colleague Kurosh Dabbagh , who yesterday delighted us at Navaja Negra Conference with his talk 'Activation Context Hijack,' which can be rewatched here: twitch.tv/videos/2581089…

Overly complex ACL graphs? Neo4LDAP now helps you prioritise attack paths without losing visibility. • Editable ACE weights • Shadow Relationships Details + PoC 👇 medium.com/@kripteria.sec…