I'm starting another series - Buffer Overflows in the Modern Era. I'll go over the basics of using a debugger all the way to successfully achieving a buffer overflow exploit on Windows 11 24H2, using ROP gadgets and bypassing ASLR, etc. Here's part 1! g3tsyst3m.github.io/binary%20explo…

Introducing the BloodHound Query Library! 📚 Martin Sohn & Joey Dreijer explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

A few weeks ago, I was responding to a cybersecurity incident - $500,000 have been stolen from a #blockchain developer. The infected operating system was freshly installed, and the victim was vigilant about cybersecurity. How could this happen? New supply chain attack? [1/6]

excited to be back in vegas for my second DEF CON, and second talk on the creator stage! i’ll be diving into a mix of my favorite things: network fingerprinting, honeypots, and ai agents! tool drops in a few days--stay tuned 👾defcon.org/html/defcon-33… wallofsheep

It's here. The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking. 📚 Blog: blog.delivr.to/delivr-tos-top…

New? Initial Access maybe, yep we all heard of WSL and it's great integration with Windows you can build "WSL" file extensions. Maybe these files are 100MB+ but we can double click, and achieve command execution!!. Was tricky but working!! #redteam

Now that there are tons of these and I can never find them when I need them, thanks Oddvar Moe for showing me all the LOLS lolol.farm

Two years ago, I left red teaming for a new challenge in endpoint security. I'm humbled by the incredible team we've built and so proud to share this research preview of our work. It’s an idea I believe in deeply, and I can’t wait for what’s ahead. 🖤

Unmasking the China-nexus #Storm2603 toolset that pre-dated the ToolShell wave. 📅Active since at least Apr 2025. 🔑Multiple ransomware deployed together: LockBit + Warlock. 💥Custom backdoors: ak47dns & ak47http. Read more --> research.checkpoint.com/2025/before-to…

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…

Even spicier seasoning on the battle-tested NachoVPN from the wonderful AmberWolf team! Just the right kick for my next GlobalProtect encounter 🤌

🔥🔥

An infostealer that runs in the browser? Kinda. In our latest research, we explore how Chromium File System APIs can be abused to exfiltrate mapped network drives with a single drag-and-drop. Blog: blog.delivr.to/filejacking-ex…

Just completed my longest training session ever- 10,5 hours straight talking phishing talk 😍 Exhausted but equally pumped to have a brilliant class that sticked with me this long 🤯 Everything worked except Browser In The Middle part that swallows all RAM and CPU you give it 😅

Thanks to everyone who joined my DEFCON33 talk!🎉 For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube: youtu.be/z6GJqrkL0S0