Think you know WMI? Do you know how to write your own WMI provider? Senior Research Analyst Adam Todd is back to demonstrate how to create your own WMI provider for fun and profit. hubs.la/Q01dc6p70

OUs and GPOs and WMI Filters, Oh My! reddit.com/r/redteamsec/c… #redteamsec

[#Tooling ⚔️] 🧵 (1/6) A thread of integrating #shellcode #fluctuation technique into DInjector: github.com/snovvcrash/DIn… Main credits to mgeeky | Mariusz Banach, Rasta Mouse and S3cur3Th1sSh1t for their great tools and blogs which I heavily relied on here. #redteam #maldev

Want to learn about the "Top 10 Ways to Improve Active Directory Security Quickly"? Sean Metcalf Sean Metcalf, Tyler Robinson Tyler Robinson, & Darryl Baker I break Windows.... cover AD attacks & improving AD security June 23rd 3pm-4:15pm (ET) Register here: trimarc.co/TWRAD202206tw

I recommend mquery to test #YARA rules for false positives on a big corpus of indexed goodware We've even integrated it into our internal VSCode extension via API so that we can trigger a query and get results right into our editors github.com/CERT-Polska/mq…

🔥Working hard on a public release of my Malware Dev CI/CD toolkit ☢️ProtectMyTooling - Multi-Packer, supporting 23+ obfuscators ☢️RedBackdoorer - PE shellcode injection via 6 techniques ☢️RedWatermarker - IOC injector for implants tracking Already available to my sponsors 😁✨

Want to dump LSASS but dealing with MDE/ATP and ASR rules? Learn how to extract a list of whitelisted exclusion paths from Defender's signature update files in this blog post: adamsvoboda.net/extracting-asr…

Going forward Brute Ratel will focus only on evasions and Red Team and not the purple team counterpart. Anything that does not contribute to Red Team will be Open Sourced. The PowerShell loader which was used in BRc4 is now added here: github.com/paranoidninja/…

New update to nanodump! You can now force WerFault.exe to dump LSASS for you. Thanks to Asaf Gilboa for the original research. github.com/helpsystems/na…

☢️ I'm so excited - just issued my first blog post☢️ As promised - sharing my WarCon slides deck on: mgeeky.tech/warcon-2022-mo… Power of positive feedback made me publish them during my first day of holidays (●'◡'●) Let me know if you like it 🔥

Cool blog on abusing callback functions to execute shellcode. There are so many windows APIs that can be leveraged to execute your shellcode. Really cool stuff! ropgadget.com/posts/abusing_… #redteam #infosec

Here's the official release of Chisel-Strike: A .NET XOR encrypted Cobalt Strike Aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. github.com/m3rcer/Chisel-… #RedTeaming #CobaltStrike #Pentesting

🧵In part 5 of the blog series we're looking at implementing and bypassing common EDR functionality. As a part of this we look at Kernel Callbacks, Hooks, and Thread Call Stacks: pre.empt.dev/posts/maelstro… 1/3

Execute commands as another user w/t dumping LSASS or touching the ADCS server ? Thanks to Aurélien Chalot a new module has been added to CrackMapExec 🚀 The module will impersonate any logged on user to exec command as "this" user (system, domain user etc) 🔥

New blog and tool: Introducing ROADtools Token eXchange (roadtx) - Automating Azure AD authentication, Primary Refresh Token (ab)use and device registration. Blog: dirkjanm.io/introducing-ro… Code: github.com/dirkjanm/ROADt… Some features in screenshot attached.

StealthHook - A method for hooking functions without modifying memory protection. This tool automatically discovers writable global pointers/vtable entries that are nested within the target function, enabling stealthy function hooking and interception. x86matthew.com/view_post?id=s…

More updates. You can now create and use a custom template `python random_c2profile.py --template templates/my_template.jinja`. This should allow you to control your own OPSEC needs and still use random data. github.com/threatexpress/…

Interesting one - like ♥️ if you are trying to gain muscle and retweet 🔁 if you are trying to lose weight… #wehackhealth

You have 105 hours to save some $$. For the whole month of October we are running a discount with code - password1234 at check out. hackingyourhealth.com/supplements Retweet this tweet for a chance to win a full stack pre and protein... #wehackhealth

Improved bypass for Windows 11 OOBE: 1. Shift-F10 2. start ms-cxh:localonly Only required on Home and Pro editions.