Finally finished to develop an exploit for CVE-2024-49138: vulnerability in CLFS.sys. exploit code: github.com/MrAle98/CVE-20… I'll provide a detailed analysis in a blog post.

An ADCS honeypot to catch attackers in your internal network github.com/srlabs/Certice…

Building a custom Mimikatz binary by S3cur3Th1sSh1t s3cur3th1ssh1t.github.io/Building-a-cus…

I don't pay for premium, so please read the longform in the picture. TLDR: Cool new VS x86/x64 shellcode template from alex short 🇺🇦 at github.com/rbmm/SC_DEMO, he lives in Ukraine and is looking for remote work, help him make a connection if you can.

If you guys are still using CobaltStrike, here is a small terraform/ansible script to deploy a CS with an AWS redirector based on lambda and CloudFront ! It can be nice to bypass some companies proxies or just to hide your true C2 IP. github.com/OtterHacker/AW…

Making a Mimikatz BOF for Sliver C2 that Evades Defender medium.com/@luisgerardomo…

Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay U can find PDF/HTML/PNG version here: github.com/CICADA8-Resear…

You need to run Rubeus, Seatbelt, or other .NET tool on an EDR protected machine? Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! 😎 We wrote a tutorial about that here: blog.balliskit.com/obfuscation-an…

Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today. en.r-tec.net/r-tec-blog-byp…

UDRL / Sleepmask combo is finally getting there. LitterBox(github.com/BlackSnufkin/L…) from BlackSnufkin makes it super convenient to test processes with multiple awesome dynamic analyzers. Kudos to to the authors of those tools as well, they pushed this project to another level.

While trying out #BOF, I had some fun turning my HookSentry into an "inline-execute" thing. #RedTeam #MalDev -- github.com/UmaRex01/HookS…

This has been a LONG time coming! This is just the beginning though :) I'll be recording more for updates, features, workflow updates, and yes - a developer series too! Be sure to let me know what you do/don't like about this format and what kinds of things you'd like to see!

Blog post is out, BOF coming tomorrow 🐸 legacyy.xyz/defenseevasion…

GitHub - Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. github.com/Sh3lldon/FullB…

After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉blog.washi.dev/posts/recoveri…

Many in cybersecurity (myself included!) lack AI/LLM knowledge but the truth is you can’t hack what you don’t understand. So I wrote a no-fluff guide on AI/ML/LLM basics for security folks, ending with why prompt injection happens (not just how). Hope it helps others like me

With some guidance from DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 blog.felixm.pw/rude_awakening…

AMSI Bypass via RPC Hijack (NdrClientCall3) This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC github.com/andreisss/Ghos…

Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑‍🦯 Post includes full operational details. Plus our OST offering has been updated with a Cobalt Strike sleep mask exploiting secure enclaves. Full read ➡️ outflank.nl/blog/2025/06/1…

This was part 2 of a series. Part 1 can be found here: outflank.nl/blog/2025/02/0…