I wannabe Red Team Operator, so what Now?
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
👾10
executing shellcode from non-executable memory and "bypassing" DEP/NX.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
👾6
Meet the Malware: Extension
#stealer
TigerJack's Extensions Continue to Rob Developers Blind Across Different Marketplaces
#stealer
👾2
Bypassing Web Filters - SNI spoofing
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
👾7
👾4
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
👾6
Forwarded from 1N73LL1G3NC3
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
🔗 DumpGuard
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.
Please open Telegram to view this post
VIEW IN TELEGRAM
👾9
👾5
Forwarded from Threat Hunting Father 🦔
ADCS ESC9_15 Offzone2025.pdf
2 MB
На Offzone 2025 показали, как цепочки ESC9–ESC15 позволяют эскалировать права через AD Certificate Services: обход StrongCertificateBindingEnforcement, подмена
altSecurityIdentities, злоупотребление IssuancePolicy, и новый баг — CVE-2024-49019 (arbitrary Application Policy).🦔 THF
Please open Telegram to view this post
VIEW IN TELEGRAM
👾3
call stack signatures with call gadgets
Published on Thu 06 November 2025 by SAERXCIT (@SAERXCIT)
TL;DR: Using call gadgets to insert arbitrary modules in the call stack during module load, breaking signatures used in detection rules. The code is available here: https://github.com/AlmondOffSec/LibTPLoadLib
👾4
Forwarded from Proxy Bar
Visual Studio 2026 is here
Keys:
Keys:
Professional: NVTDK-QB8J9-M28GR-92BPC-BTHXK
Enterprise: VYGRN-WPR22-HG4X3-692BF-QGT2V
👾3
sideloading PoC using onedrive.exe & version.dll
This document provides a detailed technical analysis of a proof-of-concept that demonstrates DLL sideloading by targeting OneDrive.exe with a malicious version.dll. This technique is leveraged for achieving persistence, evading defenses, and executing arbitrary code within the context of a trusted process. The proof-of-concept further employs DLL proxying to maintain the normal operation of the host application and utilizes a sophisticated hooking mechanism based on Vectored Exception Handling (VEH) and hardware-like breakpoints to intercept and modify application behavior.
👾5
Ebyte-Syscalls
https://github.com/EvilBytecode/Ebyte-Syscalls
#obf #CF
https://github.com/EvilBytecode/Ebyte-Syscalls
Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte switching without memory or assembly allocation.
#obf #CF
👾6