New video: quick run through of 5 post-access Microsoft 365 abuse mechanisms (app creds, Graph permanent delete, Intune device wipes/scripts, MDE LR) WATCH: youtube.com/watch?v=Y_DazkEv… Lot of defensive controls I didn’t fit in e.g. workload identities or most RBAC things... more on those soon.

Tool to dump Windows Local SAM Credentials from registry or Shadow Snapshot and capable of doing Stack Spoofing via TP Custom Callbacks. When using Shadow Snapshot method SYSTEM privs are not needed. github.com/PeterGabaldon/Wha… #redteam #cybersecurity #windows

Chinese hackers hijack auth flow, spy on isolated network for a decade bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

New write-up on our blog. This research takes a closer look at those IOCTLs and how they can be used to build a physical memory read/write layer. exploitpack.com/blogs/news/w… #WindowsInternals #ReverseEngineering #OffensiveSecurity #infosec #pentest #exploit #exploitpack

When WDAC blocks your implants, Electron apps become the way in. The post walks through using Loki C2 to backdoor signed applications like Mailspring and communicate over Azure Blob Storage via HTTPS. ⬇️ bit.ly/4utI8i4

DLL Injection via Thread Hijacking Without Executable Memory New Medium post. Today we cover a technique that combines thread hijacking with Return-Oriented Programming (ROP) to inject a DLL into a remote process without allocating executable memory medium.com/@s12deff/dll-inje…

Ready to Fuzz USB stack like never, get an ESP32 and let's do it! github.com/fuzzsociety/usbSt…

We are releasing Tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory using only lowlevel runtime telemetry. No signatures, no scanning. Only pagefaults. github.com/threathunters-io/…

New NightmareEclipse Bitlocker Bypass 0-Day github.com/MSNightmare/Great…

Trying to use Fable 5 for anything benign...

This is big 🔥🔥 techcommunity.microsoft.com/…

Excited to be speaking at @x33fcon 2026 alongside my colleague @dphillips__. We’ll be presenting “Fingerprinting Modern C2 Implants via Runtime Telemetry” and the tool we built as part of our research. See you there!

👀 github.com/MSNightmare/Rogue…

So this model is waste for cybersecurity for now.

“For this reason, we conclude that Fable 5 does not provide an uplift on cyber tasks relative to Opus 4.8”💀

sqlmap shipped v0.1 on 25 July 2006. Almost 20 years later, it finally has a real home, and a face. Meet the tarsier, sqlmap.org

My latest blog post: Using BYOVD to loot LSASS bypassing HVCI and all other security protections built in to Windows 11 25h2: g3tsyst3m.com/byovd/BYOVD-an…

New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker

If you really want your coworkers to hate you: Add-Content -Path $PROFILE -Value "`$ExecutionContext.InvokeCommand.CommandNotFoundAction = { Stop-Computer -Force }" If they type a command that isn't found, it shuts down their computer 😂

Introducing a new side project called Model Regression. It tests daily Claude, GPT, and Grok on various benchmark statistics to determine how well its performing and to identify model degrades over time. @edskoudis had an idea for model testing before they conducted offensive testing to ensure the model was performing as expected, and @BlasikRandy pushed me down this road with actually going and doing it. The main intent here is the frontier models will experience outages, issues, bugs, intentional/unintentional nerfing of the models without notice. You can't typically trust day to day activities in these models for stability, so leveraging this on your daily routine to see how well the model is performing for that day is something I'll be using everyday. Runs every morning in my DGX sparks environment and automatically updates with how well its performing. Enjoy! modelregression.com/ Also open-sourced the project, can run on your own server as well and look at the benchmarks and how they are calculated: github.com/HackingDave/model…