Hey guys! Here's my latest blog post: Using Direct Syscalls with an In-Memory PIC Shellcode Loader g3tsyst3m.github.io/fileless%20tec… in short, we code an in-memory shellcode loader and convert it to PIC shellcode. Then, call it using createthread syscall ID and load final payload 😁

Starting to see MFA internally on RDP more and more, which is great, but on the flip side I’ve also seen PSRemoting NOT restricted. Reminder that by default local administrators on servers can by default use psremoting to access those server remotely, even if there’s MFA

Here's my 1995 code to Windows Task Manager that draws the "green graph paper" of the CPU and Memory graphs. Not complicated by any stretch! But now that I'm older and wiser, I'd likely build a small 12x12 DIBSection cell with the grid lines baked in, turn it into a pattern

Remote dumping cred files with Shadow Snapshots: labs.itresit.es/2025/06/11/rem… To use it: secretsdump -use-remoteSSMethod PR For SAM: github.com/fortra/impacke… (merged) PR For NTDS.dit: github.com/fortra/impacke… (not merged) Detection: github.com/I3IT/Detect.Re…

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

Setting up a new personal laptop today and FYI, you can still bypass the annoying Windows 11 Microsoft account requirement at setup by: > get to Microsoft account login prompt > hit Shift + F10 > type: start ms-cxh:localonly > create local account > ??? > profit

Updated #PEsieve / #HollowsHunter / #MalUnpack: github.com/hasherezade/pe… / github.com/hasherezade/ho… / github.com/hasherezade/ma… - check them out 💙

If you couldn't make it to BH Aresenal 2025, this blog summarizes my work, and what the final POC looks like from the CS client 😎

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Most of the best offensive cyber people I've met don't have college degrees.

AOL has now ceased dial-up service as of September 30. Let us play the forgotten music...

🚨 Rhadamanthys v0.9.2 is here! What’s new in this multi-layered stealer’s latest evolution? We break down the updates, tactics, and what defenders need to know. Dive into our blog for the full analysis. research.checkpoint.com/2025/rhadamant…

🆕Recent additions to LOLBAS-Project.github.io: • iscsicpl.exe for DLL exec+UAC bypass • eudcedit.exe for UAC bypass • reset.exe/change.exe/query.exe for proxy exec • pixtool.exe/applauncher.exe/mpiexec.exe for dev tool proxy exec ⭐Nearly 8,000 GitHub stars - thank you all!

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!

Been a long time since I've written something for my blog. Recently got inspired to break down how a very basic evasion attack on a machine learning model might work. Check it out steve-s.gitbook.io/0xtriboulet/ar…

Hey everyone. Here's my latest blog post. We'll be discussing one of my favorite techniques, 'Module Stomping' 😀 Nothing new, but always fun to revisit. Thanks! g3tsyst3m.com/process%20inje…