@Weasel_Sec profile picture
Weasel Sec @Weasel_Sec

RedTeam | PurpleTeam | PenTest | Chef . Views are mines 🇬🇧🇸🇬

Joined April 2018
  • Tweets 276
  • Following 838
  • Followers 1,221
34 Photos and videos
Pinned Tweet
Weasel Sec@Weasel_Sec
8 Feb 2024
Full access now and no more issue with UAC.
1
3
32
4,359
One way to get around MOTW is to use ClickOnce to download a malicious doc. Since dfsvc.exe handles the download, the file doesn’t get tagged with the MOTW flag.
1
11
90
4,408
Weasel Sec retweeted
Kyle Cucci@d4rksystem
Apr 1
I uploaded all the malware samples used in my book #EvasiveMalware to my Github: github.com/d4rksystem/Evasiv… I received some questions about the lab samples, so just posting it for everyone here 🤓

GitHub - d4rksystem/Evasive_Malware_Book_Samples: The samples referenced in my book, Evasive...

The samples referenced in my book, Evasive Malware (No starch Press) - d4rksystem/Evasive_Malware_Book_Samples

github.com
4
79
338
12,767
Weasel Sec retweeted
Nicolas Krassas
@Dinosn
Mar 15
Bypassing EDR in a Crystal Clear Way lorenzomeacci.com/bypassing-…

Bypassing EDR in a Crystal Clear Way | Lorenzo Meacci

Most operators spend days engineering the perfect shellcode loader and ship the payload naked. This blog takes you from how C2 payloads actually work under the hood all the way to building a fully...

lorenzomeacci.com
1
13
47
3,732
Weasel Sec retweeted
Nathan McNulty
@NathanMcNulty
Feb 13
Why yes, yes we can use ESTSAUTH captured from evilginx to automatically register a passkey
0:32
Kuba Gretzky
@mrgretzky
Feb 9
Replying to @NathanMcNulty
This is super cool! (just catching up late after the weekend) Is it possible to generate that passkey using the previously captured cookies or tokens, through phishing? (using browser cookies in general)
4
31
129
34,857
Weasel Sec retweeted
Clandestine
@akaclandestine
7 Aug 2025
GitHub - bats3c/shad0w: A post exploitation framework designed to operate covertly on heavily monitored environments github.com/bats3c/shad0w

GitHub - bats3c/shad0w: A post exploitation framework designed to operate covertly on heavily...

A post exploitation framework designed to operate covertly on heavily monitored environments - bats3c/shad0w

github.com
2
50
240
15,564
Weasel Sec retweeted
kmkz@kmkz_security
25 Apr 2025
Goexec is a new take on some of the methods used to gain remote execution on Windows devices. Goexec implements a number of largely unrealized execution methods and provides significant OPSEC improvements overall falconops.com/blog/introduci… Github repo: github.com/FalconOpsLLC/goex…

Introducing GoExec! — FalconOps

GoExec! A new offensive security tool that focuses on OPSEC for lateral movement operations.

falconops.com
3
110
305
15,374
Weasel Sec retweeted
Rasta Mouse@_RastaMouse
16 Dec 2024
I FINALLY got call stack spoofing working inside BeaconGate.
7
25
206
16,780
Weasel Sec@Weasel_Sec
23 Oct 2024
Raw payload. No obfuscation, nothing. Just 9.31MB in size.
8
17
2,660
Weasel Sec@Weasel_Sec
23 Oct 2024
Now, same payload increased to 250MB. Just added a lot of null bytes after the raw payload:
4
6
376
Weasel Sec retweeted
Kostas@Kostastsale
18 Oct 2024
🚨EDR Telemetry website is live! 🥳 I hope this makes it even easier for folks to compare the telemetry of EDR vendors and visualize their visibility gaps 🙂 ‣ Website🔗edr-telemetry.com ‣ GitHub 🔗github.com/tsale/edr-telemet… **Telemetry results reflect the most recent updates from the EDR Telemetry project.
Kostas@Kostastsale
14 Oct 2024
I created the first draft of a website for the EDR telemetry project to help people quickly compare vendor telemetry visibility. What do you think about it? Are there any specific features you want to see for the website? Built with ChatGPT 4o with canvas (wanted to test it out😂) EDR Telemetry project 🔗: github.com/tsale/EDR-Telemet…
0:30
19
281
890
127,221
Weasel Sec retweeted
Cube0x0@cube0x0
30 Sep 2024
0xC2 is now available and the site has been updated with a brief introduction 0xc2.io/posts/introduction-a…

Introduction to 0xC2 | 0xC2

0xc2.io
10
57
231
22,932
Weasel Sec retweeted
S4ntiagoP@s4ntiago_p
14 Sep 2024
After a bit of trickery (inline-assembly and stack pivoting), No-Consolation can now run a PE within the main thread, meaning no new threads are created github.com/fortra/No-Consola…
6
51
202
20,346
Weasel Sec retweeted
S3cur3Th1sSh1t@ShitSecure
27 Jun 2024
Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now: github.com/CICADA8-Research/… That's huge news from my perspective🔥

GitHub - CICADA8-Research/RemoteKrbRelay: Remote Kerberos Relay made easy! Advanced Kerberos Relay...

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework - CICADA8-Research/RemoteKrbRelay

github.com
5
151
396
27,725
Weasel Sec retweeted
Viking@Vikingfr
27 Apr 2024
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉 v1k1ngfr.github.io/fuegoshel…

Fuegoshell : Windows remote shell re-using TCP 445

v1k1ngfr.github.io
2
31
100
6,722
For OPSEC, always specify the baseDN when using impacket or it will attempt an SMB authentication to derive the baseDN which can lead to detection.
7
44
2,803
Some LDAP tools supporting channel bindings include SharpView, AD Explorer, and Certipy. While you can still use SharpHound, it's limited to DCOnly parameter, thereby ignoring LDAP.
5
28
3,183
Weasel Sec@Weasel_Sec
21 Mar 2024
Apparently, ldap3 library doesn't support channel binding nor signing so how do I get impacket to work for Kerberoasting if this's the case ?
1
3
963
Weasel Sec@Weasel_Sec
20 Mar 2024
setspn -T [domain] -Q */* is the best command for situational awareness. It helps you to identify Kerberoasting accounts, exchange servers, SQL servers, LDAP servers, domain computers, DCs, ADCS, potential RDP/WinRM hosts, shared folders, etc.
1
4
42
4,086
Weasel Sec@Weasel_Sec
15 Mar 2024
I just found out you can just use net1.exe instead of net.exe.
2
1
8
832
Load more