New release: pe_to_shellcode (#pe2shc) v1.0 - with new stubs - added features & improvements: github.com/hasherezade/pe…

Obfuscating Malicious, Macro-Enabled Word Docs #infosec #pentest #redteam depthsecurity.com/blog/obfuscati…

It's coming ! #PingCastle

Pull requests accepted for SharpUp! ProcessDLLHijack and ModifableScheduledTask modules are now available. github.com/GhostPack/Shar…

"Taking the pain out of C2 Infrastructure (Part 1)" #infosec #redteam #pentest byt3bl33d3r.substack.com/p/taking-the-p… Part 2 #redteam #infosec #pentest byt3bl33d3r.substack.com/p/taking-the-p…

Today is #BOFFriday! Time for some new candy: > New BOF for CVE-2022-26923 > New BOF KerbHash (hash passwds to kerberos keys) > New BOF version of PetitPotam attack > Domaininfo updated with Azure support Check out the Outflank C2-Tool-Collection repo: github.com/outflanknl/C2-…

Have multiple engagements, past and present? Wanting more flexibility in your download locations? You asked, I listened. Now you can specify synchronization between Cobalt Strike download locations on a per TeamServer basis. More tools coming shortly. bit.ly/3FK0wM5

"Shell Code Injector with AES Encryption - EDR Bypass" #infosec #redteam #pentest san3ncrypt3d.com/2022/03/24/AES…

Reproduced the MS-MSDT Office RCE (on up-to-date Win10 and up-to-date Office 2019). Had some troubles with building the appropriate docx with external HTML reference, so quickly made some notes how to do it, step-by-step: gist.github.com/tothi/66290a42…

MS Defender for Endpoint detects Primary Refresh Token (PRT) extraction based on ProcessCreate event with BrowserCore.exe Guess what? Copy BrowserCore.exe to %TEMP%\random.exe - no more detections ¯\_(ツ)_/¯ Got it implemented in my sponsorware SharpPRT for anyone intersted :)

"Red Teaming Active Directory" #infosec #pentest #redteam h4ms1k.github.io/Red_Team_Activ…

"SharpEventPersist: Persistence by writing/reading shellcode from Event Log" #pentest #redteam #infosec github.com/improsec/Sharp…

Another #ShellcodePack video by MC JR! Stealthy XLL generation running a Sliver implant. With AV running in background of course :) vimeo.com/728885276

Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard. These techniques also work on victims logged on before the server was compromised. research.ifcr.dk/pass-the-chall…

Of course it's disputed... 😅 #keepass Will Schroeder Do not forget policies..., enforced ones ! > keepass.info/help/kb/config… "Disable trigger system" / "Disable trigger system, delete user triggers" + <ExportNoKey>false</ExportNoKey>

#PingCastle 3.0 released !!! pingcastle.com/download/ Active Directory & AzureAD security health check in seconds >200k AD audited, management readable, no install, no admin, no data sent "to a cloud" Example of report: pingcastle.com/PingCastleFile… github: github.com/vletoux/pingca…

#TEC2023

Fidenza Corsa connect.garmin.com/modern/activit…

malwaretech.com/2024/02/bypass…

techcommunity.microsoft.com/t5/windows-ser…