Understanding the #pe file format is key to #reverse #engineering windows executables. If you need help, I have a playlist with over 4 hours of content covering many of the most important aspects on #youtube 👇 ▶️ youtube.com/playlist?list=…

If you're looking to learn #malware or #reversing , I have a couple of #github repos that can help 👇 👿 github.com/jstrosch/learn… 🛠️ github.com/jstrosch/learn… Source code that you can compile to help w/ deeper understanding - many link to videos on #youtube as well!

🚨 I am giving away 1 seat each of our June Red team (CRTP) and Azure (CARTP) bootcamps. 🚨 Repost, like and reply to this tweet to participate. I will announce the winners on Monday (27th May). alteredsecurity.com/bootcamps #redteam #pentest #giveaway

¿Un reto de investigación? Chronophoto es un sitio web donde debes investigar la fecha de una imagen que te muestran (generalmente películas) -Chronophoto - Game chronophoto.app/game.html #OSINT #IMINT

New blog post! DarkPeony (related to SmugX campaign) started to execute #PlugX using MSC file 🤔 jp.security.ntt/tech_blog/cont…

You've gained Domain Admin privileges, but an EDR is blocking your attempts to dump the entire domain's hashes. In this article, I'll share a technique I used to bypass this obstacle. medium.com/@0xcc00/bypass…

Nerds are reporting Lockbit ransomware group's blog now requires a blog access key to visit it. The blog access key: NDWZ3NXU66EWUFBMJWQOC2FXIIHFZFKZRULHBGAYFYX4HEIDRF5Q Have a nice day

Hello! I've just uploaded a new post discussing techniques for evading ETW-based detections, including tampering, hijacking sessions, and patching ETW functions :) Please enjoy s4dbrd.com/evading-etw-ba…

12-hour timelapse of American Airlines, Delta, and United plane traffic after what was likely the biggest IT outage in history forced a nationwide ground stop of the three airlines.

For that need, I wrote a quick Python script that will bind to an interface and build subnets file based on incoming packets: gist.github.com/Dfte/9cfeb8789… was very useful lately 👀

Nueva campaña de #FenixBotnet dirigida a México 🇲🇽 Ahora también utilizando la técnica "Copy&Paste" Distribución a través de SMS con URL: ▪ https://sat[.]citatorio[.]com/file/declaracion.pdf (falso PDF). Siguientes etapas desde: ▪ https://d3f8cv[.]top/d1zK3flPWA/v.txt ▪

Did you know attackers can register scheduled tasks configured with a custom handler (COM) to hide the full path of their payload? In my revisited post I explore (source code) how it is possible to register a task using the IComHandlerAction interface stmxcsr.com/persistence/sc…

a free tool that lists open s3 buckets and helps you search for interesting files.⚔️ - buckets.grayhatwarfare.com - grayhatwarfare.medium.com/how-to-search-… #infosec #cybersec #bugbountytips

Excited to release LDAPNightmare! The first PoC tool exploiting CVE-2024-49112 that I created with Shak Mo ! Check out the repo and blog post detailing about the vulnerability: github.com/SafeBreach-Lab… Honored to be a part of the SafeBreach labs team once again🫠

Bad news, my friends: my polymorphic reverse shell generator’s a legal no-no. 😭 Gooder news: I’ve unleashed this PowerShell Obfuscator to "protect" your scripts! 🎉 Check it out: powershellforhackers.com/tools/obfuscat… Oh, and totally unrelated, there’s a new payload example on my

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

🐧 After 6 months of research, my 5-part Linux Persistence series is now complete!🐧 🧵 Full series below👇 1️⃣elastic.co/security-labs/… 2️⃣elastic.co/security-labs/… 3️⃣elastic.co/security-labs/… 4️⃣elastic.co/security-labs/… 5️⃣elastic.co/security-labs/… #Linux #Persistence #redteam #Elastic

Since this is on here now, here's how to avoid the ADExplorer `(objectGUID=*)` IoC