With NoConsolation you can now custom load all the dependencies from the PE you are going to execute, ensuring no image load events! github.com/fortra/No-Cons…

I saw some discussion a week or two ago about HW breakpoints not working anymore when applied to bypassing AMSI or ETW after the latest windows update. Anyone have further info on this or who can confirm/deny?

A repost, but I still think this blog is super cool. Use the native Windows SSH client and shortcut files for initial access by opening a tunnel to the victim network: redsiege.com/blog/2024/04/s…

Going through CASP+ practice tests. I might have an aneurysm.

[Tool & Blog release] - smbtakeover, a technique to unbind/rebind port 445 without loading a driver, loading a module into LSASS, or rebooting the target machine. The goal is to ease exploitation of targeted NTLM relay primitives while operating over C2. Github repo is linked at

Over a year ago, I left my position at WithSecure to start a new journey, create something new, and do my own thing. Today, I'm excited to publicly announce what I've been working on all this time. Introducing 0xC2, a cross-platform C2 framework targeting Windows, Linux, and

I haven’t been to DEFCON before and the things I see on here aren’t super encouraging either (cost, lines, badge drama, hotel drama, etc). Maybe WWHF or something as my first industry convention

On today's episode of "do you know your tools", did you know that both CrackMapExec and NetExec both make TWO connections to each target? And that the first one (for enum) uses an empty user/hostname/domain name? And that both connections ALWAYS try SMB1 first?

This is probably not news to some of you, but the next iteration of all the red team/pentest tooling matching how Windows does things is required when it comes to flags, timing, and other areas. It's often been ignored with the bare minimum to do an X attack however, comparing

Setting the env up in AWS was nearly the end of me, but cross Palo Alto's "Possible Impacket Tool Traffic Detection" spyware detection off the list 🙃. This was fun to dig into, and after ID'ing 4 fields/factors for change I was surprised to find out that only one was required.

Pay Comptia money for cert -> "reset your pass for our new SSO" -> "Unable to send verification code." -> submit trouble ticket -> instareply to my email from "Henry AI Bot" closing my request as resolved. I want off this ride.

I liked OSCP (the test at least, course was nothing special) back when I took it, but having to take it again every 3 years… woof. I don’t know that I would pass it if taken tomorrow, the skills and strategies for the test are def not the same ones I use day to day for #realjob

Saw this and then sat down and did a little speed run challenge for myself. Took ~1hr 15 mins but have a nice little BOF version of this now. Will release at some point. Thanks Grzegorz!

Here is the full tool. Small and quick but still learned some things🙂 Enjoy! github.com/Octoberfest7/e… #redteam #cybersecurity #Pentesting #infosec

I know nothing about AI, but watching from the sidelines as AI companies scrape tons and tons of data that feels like would otherwise fall under copyright/ownership laws is sure interesting. Curious to see how this new frontier shakes out legally.

Inspired by this, is anyone aware of a way to execute a dll directly without aid of rundll32.exe or another utility?

I saw this article about MSFT changes as a result of the CS incident, but in reading the actual MSFT blog the phrasing is “additional measures outside the kernel”. I didn’t read it as a “no more kernel level access”. Interesting implications for the offsec world regardless.

Recently completed a move I’ve been looking forward to for 4 years. Good to be back.