"CVEAC-2020: Bypassing EasyAntiCheat integrity checks" by iPower secret.club/2020/04/08/eac…

Now you can use #PEsieve via Golang & Python: github.com/hasherezade/pe… & github.com/hasherezade/pe…

Just released a post on Windows driver signature timestamp forging 👀 really stoked to finally release this! This technique effectively bypasses driver signature enforcement in Windows blog.talosintelligence.com/old-certificat…

We investigate a new piece of a signed #rootkit that communicates with a large C&C infrastructure for an unknown threat actor who may be the same one behind the #FiveSys rootkit: ⬇️ research.trendmicro.com/3rmJOzc

Excited to release 🚀BadZure, a tool that automates the population of Azure AD tenants, introducing misconfigurations and attack paths. 📺youtu.be/7IdyU7tQgww 🔗github.com/mvelazc0/BadZu… #RedTeams, here's your chance to practice your cloud tradecraft. #BlueTeams, test and

you can learn rust in 2 hours, to be effective in rust takes a 'a

Finally done! My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓 I hope you'll enjoy it! alice.climent-pommeret.red/posts/process-…

I drafted slides for an extended talk on forged tickets which was apparently not good enough for a con this year so Andrew and I have decided to publish the slides (around 99% done) and I'll leave the rest up to the imagination of the reader, enjoy: github.com/0xe7/Talks/blo…

I know I haven't blogged for a bit, but I promise Lee Chagolla-Christensen, Max Harley, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data" posts.specterops.io/on-structured-…

If you don't want to remember all the flags (and you're not using fzf for your history), you can use the following compose file with: docker-compose -f neo4j.yml up gist.github.com/f1zm0/13c82465…

Finally got around to implementing an automatically generated single-header version of the phnt library by System Informer github.com/mrexodia/phnt-…. Include it and you can start using native functions.

my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy: exploit.ph/des-is-useful.…

I have posted the slides for the #BlackHat talk chompie and I gave yesterday -> Close encounters of the advanced persistent kind: Leveraging rootkits for post-exploitation github.com/FuzzySecurity/…

My talk about "Thread Stack Spoofing" at x33fc0n is out now! Personally, I don't think I've ever being so nervous, I was literally forgetting what I was talking about 😅. youtube.com/watch?v=dl-AuN… Feel free to hit me up with your thoughts!

The illusion of free choice

Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port. sensepost.com/blog/2023/filt…

🔥 New blogpost 🔥 Running PEs inline without a console. You now can, for example, run PowerShell in CobaltStrike and obtain its output without spawning any process (including conhost.exe) coresecurity.com/core-labs/arti…

To jump on Justin Elze ‘s statement. I also believe that every internal red team should have a development team. Yes, separate people who specialize in software development, to build tools to make the red team more effective. One good developer is multiplicative on a red team.

Andres Freund, the principal software engineer at Microsoft who discovered the xz backdoor really does deserve a big pat on the back. 👏 The outcome could have been much, much worse.