😈 [ Justin Elze @HackingLZ ]

Speaking of LLVMs:

🔗 https://trustedsec.com/blog/behind-the-code-assessing-public-compile-time-obfuscators-for-enhanced-opsec

🐥 [ tweet ]

😈 [ Melvin langvik @Flangvik ]

FULLHD OFFICIAL OFFSEC C2 Tier List

🔗 https://www.youtube.com/live/iYKItfBbPoY?si=AoUAwkwdUS30lEwe

🐥 [ tweet ]

😈 [ Melvin langvik @Flangvik ]

List is complete😂 Thanks to all who joined live! I had a blast, and I hope you all did too🥳 Next week, same time, I'm apparently doing an EDR tier list... 🤡If u missed it, VOD is here:

🔗 https://youtu.be/iYKItfBbPoY

🐥 [ tweet ]

😈 [ Red Siege Information Security @RedSiege ]

🛠 NEW TOOL 🛠

Introducing: Jigsaw
Developed by Principal Security Consultant @hardwaterhacker

Link:
🔗 https://redsiege.com/jigsaw

A Python tool that scrambles shellcode bytes, providing a possibly undetectable payload.

Start challenging traditional detection with this low-entropy, puzzle-like approach.

🐥 [ tweet ]

кринж, но больше ниче интересного нет

😈 [ Adam Chester 🏴‍☠️ @_xpn_ ]

New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta.

🔗 https://blog.xpnsec.com/identity-providers-redteamers/

🐥 [ tweet ]

😈 [ 📔 Michael Grafnetter @MGrafnetter ]

Extending Active Directory Users and Computers context menus with PowerShell

🔗 https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/

🐥 [ tweet ]

😈 [ Guillaume Caillé @OffenseTeacher ]

Just published my methodology for finding good DLL side-loading candidates while avoiding using DllMain for injection to bypass Loader Lock limitations.
If you have been struggling with this, I hope this saves you time in the future.

🔗 https://www.okiok.com/achieving-dll-side-loading-in-the-original-process/

🐥 [ tweet ]

😈 [ SapientFlow @sapientflow ]

My first ever blog post is out:

🔗 https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca

Happy for any constructive criticism or anyone that just wants to engage on the topic.

🐥 [ tweet ]

😈 [ Lsec @lsecqt ]

My blog about executing shellcodes via Direct Pointer is live:

While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.

🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/

🐥 [ tweet ]

#для_самых_маленьких

😈 [ Pedro Gabaldon @PedroGabaldon ]

Just landed 2 PRs on Impacket:

🔗 https://github.com/fortra/impacket/pull/1719
🔗 https://github.com/fortra/impacket/pull/1719

🐥 [ tweet ]

SAM/LSA через shadow copy

😈 [ Zero Day Engineering @zerodaytraining ]

Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)

A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage

🔗 https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html

🐥 [ tweet ]

😈 [ bakki @shubakki ]

Naively bypassing new memory scanning POCs

first chapter of two, stay tuned 🤠

🔗 https://sillywa.re/posts/flower-da-flowin-shc/

🐥 [ tweet ]

😈 [ Mayfly @M4yFly ]

New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.

More information here:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x0/

Repository here:
🔗 https://github.com/Orange-Cyberdefense/GOAD

Thx again @KenjiEndo15 for your help to building this!

🐥 [ tweet ]

😈 [ eversinc33 🩸🗡️ @eversinc33 ]

New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.

More research on rootkit evasion coming soon : )

🔗 https://eversinc33.com/posts/anti-anti-rootkit-part-i/

🐥 [ tweet ]

😈 [ Melvin langvik @Flangvik ]

Had an absolute blast on stream today, thank you so much to everyone who showed up☺ VOD is on YouTube if you missed it👏 Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST

🔗 https://youtube.com/live/2H-Wlxq1kpo

🐥 [ tweet ]

Kaspersky - B, вы поняли

CVE-2024-1086 Linux kernel LPE

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.

😈 [ The Haag™ @M_haggis ]

Code blocks are free!!!

🔗 https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

🐥 [ tweet ]

😈 [ Nettitude Labs @Nettitude_Labs ]

Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.

Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.

🔗 https://labs.nettitude.com/blog/introducing-sharpconflux/

🐥 [ tweet ]

😈 [ Zoro @Evi1cg ]

atexec-pro

🔗 https://github.com/ridter/atexec-pro
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.3_from_RPC_to_lateral_movement.html

🐥 [ tweet ]

люблю такой креатив

😈 [ Cody Thomas @its_a_feature_ ]

I created a draft blog post that goes over the general concepts for making changes to agents, Mythic, and even Mythic's UI. If there's something specific you're hoping to see though, let me know and I can probably add it!

🔗 https://medium.com/@its_a_feature_/agent-customization-in-mythic-tailoring-tools-for-red-team-needs-1746fd02177f

🐥 [ tweet ]