About a year ago, I discovered a couple of vulnerabilities in PAX Technology, Inc (North America)'s paydroid system and the CVEs were published in December 2022. Here's a showcase of what chaining those vulnerabilities can achieve on a production mode point of sale terminal.

We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉 securityintelligence.com/posts/defining…

Outflank blog: Attacking Visual Studio for Initial Access. The post shows how viewing source code can lead to compromise of a dev's workstation. A journey into COM, type libraries and the inner workings of VS. Plus practical examples for red team ops. outflank.nl/blog/2023/03/2…

Simple Disassembler/Assembler for Yan85 from pwn.college could be used with yan85_architecture challenges github.com/flex0geek/Disa…

Quick POC this evening looking at how LAPS (v2) passwords are stored and decrypted on Active Directory (tl;dr, msLAPS-EncryptedPassword attr and NCryptStreamUpdate for crypto) gist.github.com/xpn/23dc5b6c26…

When an N-Day turns into a 0-day. (Part 1 of 2) by b1ack0wl github.com/b1ack0wl/vulne…

I've just released acheron, a package that you can use to add indirect syscalls capabilities to your Go tradecraft. github.com/f1zm0/acheron

I'm proud to announce 2 new features that I've been working on: Reverse Port Forwarding & Agent Customization. With Agent Customization, you can now generate an agent with only the features needed for a particular engagement - no more using full feature sets if no need. #RedTeam

i tried to deeply understand and write an exploit code for CVE-2021-3156 Heap Overflow in sudo github.com/flex0geek/cves… #exploit #pwn #cve_2021_3156

NEW BLOG POST!!📢🔥 In this blog post, I have shared my notes from my exploration of the clipboard, including my attempts to dump the clipboard history even if it has been deleted. At the end, I wrote a CME module. xret2pwn.github.io/The-Art-of-Cli… Peace out! ✌ #cybersecurity #redteam

🔥 Big update! Nanodump now supports the PPLMedic exploit! meaning you can dump LSASS on an up-to-date system with PPL enabled 😃 github.com/fortra/nanodump

My team mate @m_fielenbach recently created a python script to automate the process of discovering and exploiting ESC1 & ESC8 ADCS vulnerabilities: 🙌 github.com/grimlockx/ADCS… So if you want to save some minutes of time in your next projects feel free to test it out. 🔥

First blog post in a while! This article describes an undocumented trick to embed executable code within (what appears to be) a read-only PE section. secret.club/2023/06/05/spo…

I'm glad to release Jormungandr! Jormungandr is a kernel COFF loader inspired by TrustedSec's COFF loader that allows kernel developers to write and execute their COFFs in the kernel and making more modular rootkits. github.com/Idov31/Jormung… #infosec #cybersecurity

Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stomping", attack flawed implementations of my anti-rootkit, hide system threads via the PspCidTable and detect that as well. Enjoy! eversinc33.com/posts/anti-ant…

pwno.io exploiting a v8 engine pwn challenge