ScriptBlock Smuggling:
Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching

what is Windows software trace preprocessor (WPP)?
MSDN

Data Source Analysis and Dynamic Windows RE using WPP and TraceLogging

AMSI Write Raid Bypass Vulnerability
bypass AMSI without the VirtualProtect API and without changing memory protection

!exploitable Episode Two - Enter the Matrix

🔗 Link

#binary
#exploitation
#SSHNuke
———
🆔 @Infosec_Fortress

🌸✨ Happy Nowruz! ✨🌸

Wishing everyone a bright and joyful Nowruz filled with fresh beginnings, happiness, and success! 🌱🔥 May this new year bring you and your loved ones health, prosperity, and countless moments of peace and celebration.

#Nowruz
#Iranian_New_Year

Too lazy to write my own 👀

404 not found LOL 😂😂

(this year is 1404 if you don't get it there isn't any problem)

Про OSINT и вокруг него

I wish I know Russian
But Google translate document translation is fine

Windows LNK - structure

Analysis
- https://zeifan.my/Windows-LNK
- https://u0041.co/posts/articals/lnk-files-artifact/

while reviewing sans CTI summit 2025 i see this interesting talk : "Advanced Threat Research Methodologies: Unraveling a Triple-APT Intrusion" . (by Tom Fakterman & Lior Rochberger )
which they discuss above attack 👀 and how did they cluster this attack


don't miss it

I regularly have people ask me about tools I use in my investigations so here’s a comprehensive list:

Cielo - Wallet Tracking (EVM, Bitcoin, Solana, Tron, etc)
TRM - Create graphs for addresses/transactions
MetaSuites - Chrome extension that adds additional data on block explorers
OSINT Industries - email/username/phone lookups
LeakPeek - db lookups
Snusbase - db lookups
Intelx - db lookups
Spur - IP lookups
Cavalier (Hudson Rock) - Infostealer lookups
Impersonator - Chrome extension to spoof login to dApps
MetaSleuth - Similiar to TRM but intended for retail users
Arkham - Multichain block explorer, entity labels, create graphs, alerts
Obsidian - Create flow charts / diagrams
Wayback Machine - archive web pages
Archive Today - archive web pages
Etherscan/Solscan - block explorer for EVM / Solana
Blockchair - bitcoin block explorer
Range - CCTP bridge explorer
Pulsy - bridge explorer aggregator
Socketscan - EVM bridge explorer
Dune - Analytics platform to query blockchain data
Mugetsu - X/Twitter username history & meme coin lookups
TelegramDB Search Bot - Basic Telegram OSINT
Discord[.]ID - Basic Discord account info
CryptoTaxCalculator -Track PNL for an address

Note: I am not paid by these platforms to mention them and do not have referral links to share

دیدم از افتا تشکر کردن بعد یک عمر یک گزارش داده ولی گویا افتا رول‌های کسپر دزدیده ریپلیس کرده اسم خودش گذاشته! خدایی اونجا یکتون بلد نیستید یارا رول بنویسه🤔

Astral-PE is a low-level mutator (headers obfuscator and patcher) for Windows PE files (.exe, .dll) that rewrites structural metadata after protection — without breaking execution.

It does not pack, encrypt or inject. Instead, it mutates low-hanging but critical structures like timestamps, headers, section flags, debug info, import/export names, and more.

Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup

GOAD - part 14 - ADCS 5/7/9/10/11/13/14/15

P.S. In the previous blog post on ADCS (Goad Pwning Part 6), ESC1, ESC2, ESC3, ESC4, ESC6, and ESC8 were exploited.