My intern research from IBM X-Force Red last summer just got released! Introducing SoaPy - a completely custom engineered way to use Active Directory Web Services (ADWS) from Linux hosts for stealthy Active Directory interaction! Read about it here! securityintelligence.com/x-force/stealt…

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: medium.com/@ale18109800/c…

New findings show threat actors from Iran, China, North Korea, and Russia are experimenting with AI for reconnaissance, phishing, malware development, and more. See how Google Threat Intelligence Group is tracking misuse by government-backed attackers: bit.ly/4hRnthR

New blog post just dropped! 🙌 Read the latest from Matt Creel on how an operator can perform situational awareness steps prior to making an Entra ID token request and how tokens can be effectively used once obtained. ghst.ly/4lA5Iqu

Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb blog.cryptoplague.net/main/research/…

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…

I blogged about my discovery of CVE-2025-26684 - Microsoft Defender for Endpoint (MDE) on Linux Elevation of Privilege stratascale.com/vulnerability-…

⚡️ Loki C2 just leveled up! 🍄🧙‍♂️ 🔗 Agents can now link to each other, and across platforms! 🔗 No internet? No problem. Chain them, pivot deep, and keep moving! X-Force IBM IBM Security Check out the new release here: github.com/boku7/Loki

I'll be returning to #BHUSA Black Hat this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk, with lots of cool stuff to share 🎢 😄.

What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution? We explored process injection using nothing but thread context. Full write-up + PoCs: blog.fndsec.net/2025/05/16/the…

Lets go, looking forward to the next few days ;)

New attack vector: FileFix. A phishing trick that executes PowerShell straight from your browser no Run dialog, no pop-ups. Just a fake file path + clipboard + File Explorer. Red teamers, this one’s wild. 📽️ PoC + write-up: medium.com/@t3chfalcon/fi…

At TROOPERS Conference I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…

Thanks to everyone who attended our (Garrett) talk at TROOPERS Conference! Here is the companion blog post: specterops.io/blog/2025/06/2…

It was great to attend #TROOPERS25! Beautiful city, nice weather, talented researchers. My talk was just based on how Entra works but I hope it contributed to the community. Thanks for everyone I had a chance to talk to! No jet lug now. Time to go home😂 github.com/temp43487580/E…

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by Khoa Dinh to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to Markus Wulftange

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

Malicious executions of compiled JavaScript, leading to the of JSCEAL — a stealthy, multi-stage crypto stealer : ⚠️ Malicious ads for fake crypto apps installers 🧩 Modular PowerShell loaders 🕵️ Unique evasion techniques that kept the campaign undetected research.checkpoint.com/2025/jsceal-ta…

🚨Our governments are about to decide whether 450M Europeans deserve privacy - or not. Help ensure your country says NO to Chat Control: Call you local representatives! Privacy is not negotiable. Speak up now. ✊ #privacy 👉 More on how to stop Chat Control: