What's the worst tool in Burp Suite and why is it Decoder?

Red Teamers, struggling to find DA creds, but have sa privs to MSSQL? Create regkey that sends a post request to you with username of who logged in, kill sqlsvc.exe, and wait. YMMV with how pissed the client gets. #redteam #redteamtips

Red Teamers - what’s your best story during a pentest? I’ll start. Very early in my career I yelled “YOLO” and bettercap’d the entire network, which went as expected… Crashed everything. 🤦‍♂️ #redteam #TalesFromTheRedTeam #ILikeChaos

First and foremost, I would like to thank crack.sh and toorcon for their DES cracking service over the years. I am in absolutely no way trying to remove a revenue stream or cut into their profits.

Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not

Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌: r-tec.net/r-tec-blog-whe…

coming soon to every C# C2 in existence HYPE Scott Nusbaum TrustedSec Skyler Knecht

MFA cramping your style? Check out CuddlePhish! A weaponized Browser-in-the-Middle attack. Also, come see my Arsenal talk at Black Hat next week! github.com/fkasler/cuddle… mr.d0x I think you might like this ;) #Pentesting #redteam #BlackHat

Want to take phishing to the next level via BiTM (Browser-in-The-Middle)? My talented coworker made it possible to get a video feed of the victims browser instance. Check out his talk at DEFCON github.com/fkasler/cuddle…

Imagine putting in the work to setup legit phishing infrastructure and then hosting files via open directory. Then imagine hardcoding your telegram bot for anyone to spam messages to....

Holy crap - SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures sec.gov/news/press-rel…

Navigating "corporate speak" isn't easy. Here's a helpful guide I put together: "Let me check with my team" = No "Possibly" = No "On my roadmap" = Not happening "This will be done in Q4" = This will be done in Q2 next year "Disagree and commit" = I hate you "Per my last

Kerberos Ticket Question: ✅ Is there a way to convert a TGT that’s in hex format from Windows built-in klist into a useable format (kirbi) without Rubeus?

Introducing Cuddlephish. Check out the open-source BitM attack tool from Forrest Kasler, which allows pentesters to use the Browser-in-the-Middle technique on their campaigns & raise awareness of this attack vector for credential stealing. ghst.ly/3QHIfGi

Despite years passing since its discovery, EternalBlue continues to haunt networks in 2024, reminding us of the persistent threat posed by unpatched vulnerabilities. #cybersecurity #EternalBlue #exploit

I recently redesigned the web interface for the SpecterOps tool “CuddlePhish” 🐠. Such a killer Browser-in-the-Middle tool developed by Forrest Kasler! Brings phishing to the next level. github.com/fkasler/cuddle…