W00T - Finally got root #pain #oscp

K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation. A story of endpoint post-exploitation by @kaluche_ blog.quarkslab.com/k7-antivi…

La 10e édition de notre conférence la plus à l'Ouest est terminée ! Un grand merci à tous : sponsors, intervenants et public, toujours aussi présents et enthousiastes. Vous êtes la raison pour laquelle l'événement continue d'exister. 💪 Kenavo da vloaz ! #UYBHYS25 #UYBHYS

#UYBHYS [Vendredi 7/11 14h] WORKSHOP de Pauline Bourmeau & William Robinet Atelier pratique de vision par ordinateur – Classification d’images avec FastAI unlockyourbrain.bzh/ateliers…

The funniest part about this is that in my experience a tweet talking about ~80 lines of HTML racks up a lot more engagement than some insane low-level windows/malware stuff. I'm assuming it's because it's easier to understand for the general public. Might have to start building HTML malware if @vxunderground approves 😂

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞 The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: blog.redteam-pentesting.de/2…

Unlock your brain Harden your system 2025 Call for papers is open till June 30th L'appel à propositions pour Unlock your brain Harden your system 2025 est ouvert jusqu'au 30 juin pretalx.com/unlock-your-brai… #UYBHYS #UYBHYS25

“Both sides get paid to do their job.” Sure. But do you really understand what the red team’s job is? It’s not to win. It’s not to flex. It’s not to build cool malware. The job is to make the blue team better. That’s the purpose of the simulation. That’s the point of red teaming. No, red teams don’t need to write detection tools. But they should know their role in the bigger picture. I’m not convinced everyone does.

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

🫡🫡🫡🫡🫡❤️❤️❤️❤️❤️ 🇬🇧 bbc.com/news/articles/c78jd3…

🔥💀My Advanced .NET Exploitation training is now open for register! bit.ly/4hwNFyM 32-hours of intense .NET exploitation (PoC||GTFO) We'll be exploiting 15 remote code execution chains (25 bugs in total) 🪲 I’d truly appreciate your support, your RT would mean a lot!🙏

Computer forensic folks. Can anyone recommend a tool to ‘undo’ a Gaussian blur? I want to do a demo showing how you can unblur an image. Did it on a CTF years back that needed it for a challenge, now can’t find the tool.

Security conferences should stop inviting self-proclaimed 'infosec rockstars' for keynotes. Instead, they should take risks by selecting speakers who have done real research or meaningful work—not those who recycle news headlines and charge hefty fees to show up.

We have a profound respect for the video game cheat makers and video game reverse engineers. The video game cheat producers and video game reverse engineers are very much disenfranchised by the information security community. There is an innate bias and condescending tone directed toward them because of the dislike of video game cheaters and the false belief that this skillset (video game reverse engineering) is not an applicable skillset in real-world scenarios. This cannot be further from the truth. Individuals capable of reverse engineering video games and developing cheats for them are lethal. These people can easily transfer and apply this skillset to targeted application exploitation or weaponization. We've had the privilege of conversing with some truly special and gifted young people. Unfortunately, we are not privy with this community in totality, but we wanted to take this moment to express our gratitude to people such as @daaximus, @JustasMasiulis, and @namazso. We have witnessed these individuals make considerable contributions to recent trendy research topics and, in our opinion, have been given insufficient credit for their work. Very few people seem to realize these people have been core contributors to recently re-discovered (or newly announced?) process injection techniques. Additionally, Namazso is in essence the primary person who produced code and information on the recent trend of stack spoofing. Much love and respect to these people. We see you. We hope others do too. 🫡

La billetterie de #UYBHYS24 est ouverte ! Vous n'aurez pas de meilleure nouvelle aujourd'hui. 😎 Go go go ! unlockyourbrain.bzh/

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

#UYBHYS24 #UYBHYS ✯✯ The Call for Papers is open ✯✯ ✯✯ L'Appel à Contributions est ouvert ✯✯ ✯✯ Save The Date! ✯✯ pretalx.com/unlock-your-brai… 8 & 9 Nov 2024 #Brest

Indisputable C2 tier list

#uybhys très belle édition et ce, contre vents et marées! Merci à tous les participants, les partenaires, speakers et bénévoles ! Bon retour à toutes les personnes qui ont de la route demain <3 Cc @CertArkea @SourcitecSAS @Bzhunt1 @diateam_labs @Thales_Cyber