Xz backdoor reversing gist.github.com/smx-smx/a6112d…

TO THE WINDOOWWWWW TO THE WALL $(printf "\033[31mroot\033[34m@\033[32mlocalhost:#")

Watching people tweet they bypassed a certain EDR is just cringe at this point. When you ask them what did they bypass, they dont know what. So let me take you back to school... Executing OpenSource tool is not a bypass. An EDR employs several mechanisms for detection. Getting a

Reached Holo rank in Season Season 4 from Hack The Box labs.hackthebox.com/achievement/se… #hackthebox #htb #cybersecurity

🆕🆕🆕 Deep dive into the new RCE in Microsoft Outlook (CVE-2024-21378) from PT SWARM ⚠They've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirmed it works well! No back connect required! A brief instruction for red teams: 1.

Just pwn it ✔️ The first Machine of the new #HTB Season is here! Runner created by TheCyberGeek will go live on 20 April 2024 at 19:00 UTC. Surveillance will be retired! ✓ Medium ✓ Linux → Join the competition & start #hacking: okt.to/wMAhYv

I noticed an interesting change starting from Windows 11 22H2 in the behavior of NtSystemDebugControl when taking a live kernel dump (SysDbgGetLiveKernelDump) including user-mode pages (flag IncludeUserSpaceMemoryPages). Until Windows 11 21H2 code in nt!DbgkCaptureLiveKernelDump

🚨 I am giving away 1 seat each of our June Red team (CRTP) and Azure (CARTP) bootcamps. 🚨 Repost, like and reply to this tweet to participate. I will announce the winners on Monday (27th May). alteredsecurity.com/bootcamps #redteam #pentest #giveaway

🚨 #NetExec v1.2.0 (codename "ItsAlwaysDNS") has been OFFICIALLY released. There are too many amazing features, modules, and bugfixes to talk about all of them (just look at the notes 🤯github.com/Pennyw0rth/Net…), but the codename is because you can now specify a DNS server!

List of Burp Extension Useful For Pentesting !

With kali 2024.2 the latest NetExec version 1.2.0 is now also available in their repositories🎉🚀 Huge thanks to Arszilla for taking care of all the packaging, dependency requirements and communication with the Kali team! ⬇Go ahead apt install netexec⬇

🔥We have big news for you, NetExec now has a new protocol: NFS🔥 Main features: - Detecting NFS servers - List exported shares - Recursive enumeration of shares - Up&Download files Many thanks to Mehmetcan TOPAL who had the idea and implemented the protocol with me.

Last night a cool new method to find defender exclusion paths was brought to my attention by Hai vaknin Give him a follow, his account is GOLD This is even better than going through the event logs like I showed a few months ago. Malware stored in these locations will NOT

Someone made a python version of Evilwinrm and it works well! Although it is missing a few features like bypassing amsi I would add this into your tools to have: github.com/adityatelange/…

Just found out a BIG OSINT change that was just applied by Microsoft. You can no longer enumerate one-to-many domain-to-AD tenant. Domain keying will be harder to implement. mc.merill.net/message/MC1081… For example, this tool is obsolete: aadinternals.com/osint/

Search 15M+ Microsoft 365 tenants by org name or domain and discover all known domains in the same tenant: micahvandeusen.com/tools/tenant-d…. Legacy methods like Autodiscover/GetFederationInfo no longer work (mc.merill.net/message/MC1081…).

💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets

New from Bishop Fox: Burp Variables, a Burp Suite extension that automates variable handling. Define once. Reuse everywhere. No more manual token edits!

Marcus Hutchins, the guy famous for stopping the WannaCry Ransomware, probably has the best take on Mythos doing vulnerability research