🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

New #TinyTracer (v3.0) is out - with many cool features: github.com/hasherezade/ti… - check them!

- option of custom parsing exports directory allows to pinpoint even the APIs that the malware author tried to hide by erasing exports table in memory: github.com/hasherezade/ti…

Truly excited for the upcoming workshop. Covering modern ransomware evasion & detection and also implementing your own ransomware/decryptor for Windows, MacOS and Linux. See you soon! 👻

My hot take on AI 🌶️. It's less about efficincy and more about scale. byt3bl33d3r.substack.com/p/ai-doesnt-ma…

New course update coming this month: - Introduction To LSASS Dumping - Fetching LSASS Handle And Bypassing PPL - LSASS Dump Via Duplication - LSASS Dump Via RtlReportSilentProcessExit - LSASS Dump Via Seclogon Race Condition

[BLOG] Part 2 of Crystal Palace PIC loaders. Here we patch GMH and GPA function pointers into a post-ex reflective loader. rastamouse.me/harvesting-the…

This is a great read for people interested in hypervisor development in both pre-boot and post-boot (Windows) environment, the source is public and written in rust as well. Great work memN0ps 😀🙌 github.com/memN0ps/matrix… github.com/memN0ps/illusi… memn0ps.github.io/hypervisors-fo…

Potato exploits have been a cornerstone of local priv esc on Windows for years, but how & why do the inner starchy workings of the potatoes function? Join Max Andreacchi next week to understand Windows access tokens & their use in the Windows environment. ghst.ly/june-web-tw

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when working from a C2 agent. Way easier than before thanks to some great research by Nick Powers youtube.com/watch?v=e4f3h5…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…

SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O coderush.me/hydroph0bia-pa… #uefi #infosec

I was messing around with symbol resolution in ELF and came up with an obfuscation technique on abusing symbol resolution in ELF programs that is able to trick tools (i.e. Ghidra, IDA, GDB) into showing the wrong library function calls. blog.elmo.sg/posts/breaking…

Palo Alto Networks researchers explore the obfuscation techniques employed by the malware authors in the SLOW#TEMPEST campaign and highlight methods and code that can be used to detect and defeat these techniques. unit42.paloaltonetworks.com/slow-tempest-m…

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cr…

Introducing: Hells Hollow - Thought rootkit SSDT hooking was dead? Following my previous work, I have managed to essentially reintroduce SSDT hooks, capable of modifying the *original* KTRAP_FRAME and more! Whitepaper: fluxsec.red/hells-hollow-a… #infosec #cybersecurity

I am excited for us to finally share our fully user-mode detection agent research preview! Intel Processor Trace, Last Branch Record, thread scheduler and PMU telemetry all from user-mode, using the latest Windows features!