For those that missed my DEF CON Cloud Village talk - Here’s the recording

🧠 Mental models are useful for developing solutions and stimulating thinking. In this post, I discuss some personal mental models I've found useful for offensive capability R&D, which can also generalize to understanding opponent processes in InfoSec. jackson-t.ca/operational-me…

SharpMapExec update * Minor logic improvements * /system now gives stdout/stderr and disables AMSI * /delegwalk executes in a delegated process context sorted by unique users (useful for shared workstations/servers) * /comsvcs automatically parses LSASS github.com/cube0x0/SharpM…

Arbitrary shellcode injection in Perl for MacOS. I never formalized it, but assume it might be helpful to someone. gist.github.com/monoxgas/c0b0f…

New blog post: how we created a phishing document signed by Microsoft - from Microsoft with love 😉 CVE-2021-28449 h/t Pieter Ceelen Outflank outflank.nl/blog/2021/12/0…

[New Tool] RogueAssemblyHunter 🛡️ Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes github.com/bohops/RogueAs… #BlueTeam #ThreatHunting

github.com/jonaslyk/temp/… My webdav based reflective loader/per process devicemap based dll injector POC is by now usable. I would really like to have a OOP wrapper for NT- designing such is surprisingly difficult, but this approach shows potential especially considering simple

AccChecker is a pretty interesting #lolbin (+ AppLocker Bypass) from the Win SDK. Load a managed DLL with this cmd: AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll More info in this gist: gist.github.com/bohops/2444129…

Introducing Ivy a unique, stealthy method of executing shellcode using VBA and COM objects without dropping office macro documents to disk. Ivy also allows for the unhooking EDRs from the VBA environment. Check it out: github.com/optiv/Ivy 👀 #netsec #redteam #EDR #evasion

New post is up on the @trustedsec blog, this time looking at how to use ProcessDeviceMap to load arbitrary DLL's into a process on start. trustedsec.com/blog/object-ov…

Packt currently has a few books (including Penetration Testing Azure for Ethical Hackers) on sale on Amazon. Use code “20SECURITY” to get the 20% off discount - packt.link/NEBPw

In this post, I discuss one key difference in the thinking between sophisticated adversaries and many of the red teams that try to simulate them, as well as what that means for tradecraft and tooling. jackson_t.gitlab.io/it-depends.html

An interesting post about Kernel Callback used by EDR. It’s a nice article to read if you want to dive into EDR Kernel Callbacks bypass. Thanks Zach Stein for the blogpost ! :) The part about rui evil.sys driver and experiments is really nice ! :) synzack.github.io/Blinding-EDR-O…

I am sharing the slides from my latest presentation: “0-Day Up Your Sleeve – Attacking macOS Environments” I gave at NULLCON 👉securing.pl/en/presentatio…

I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. posts.specterops.io/stalking-insid…

Fun little DLL making a request out to an LLM. Still have some troubleshooting left with sRDI. While it’s ultimately just a we request, LLMs + Ops os fun to think about.

Before NVIDIA, I was lucky enough to work with Ram Shankar Siva Kumar and Hyrum Anderson at Microsoft. We got to write tooling, risk assessments, and attacks IRL. MLSec seems new, but their work on this topic is all over the Security community. If you’re looking to orient yourself to the current

Minnesota Vikings Kevin O'Connell Phil Mackey 🎙 Dustin Baker Season over. 24 hours after the most devastating event of his career, OUR quarterback doesn’t sit home feeling sorry for himself. No, he attends the Kids Club Trick-Or-Treat Trail in Egan. That’s our QB. #Vikings

Welcome to my 2023 Irreverant Red Team TTP Wrap Up (Trends, Trolls, Predictions) It's likely some of these will ruffle feathers, but hackers break things right? 😁 🧵👇

After trying LangChain, then Haystack, Rigging has been the best option so far. Removes all the unnecessary abstractions and allows you to focus on building an LLM powered toolset.