I'm super please to announce the release of NSGenCS - an extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Pick a technique and delivery method or create your own - new ones can be added in under a minute github.com/t3hbb/NSGenCS

It's been a few months since I released a few short "Mythic Developer" videos. Before making more, I'd like to first get your feedback on the current ones. Please take a few min and fill this out so I can make sure you get the best content :) specterops.typeform.com/Myth…

Meanwhile I have not seen a *single* useful use case of ANY AI working inside of ANY mainstream Microsoft products.

BREAKING: @AOC just completely went off on Trump after ICE murdered Alex Pretti. "Donald Trump [is] accusing a Veteran Affairs ICU nurse (Alex Pretti) as being a terrorist against the United States. A man who was treating services members to our country, who was dedicating his life to serving Americans. Who in his final act on this earth was helping a woman pushed to the ground. And they are calling him a Domestic Terrorist, in order to defend their gross abuse of power, their absolute breaching of the law and in order to precipitate greater conflict."

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germany…

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/identi…

Fancy breaking out of ConstrainedLanguageMode, disabling userland ETW and bypassing AMSI? All at once and all with one tool? Signed by Microsoft? Well have I got some good news for you : shells.systems/one-tool-to-r…

Plain text credentials from Palo Alto GlobalProtect v6.3.2-525 Will update github.com/t3hbb/PanGP_Extra… later but the new pattern (~line 300) is {0x48, 0x8D, 0x15, 0x63, 0x62, 0x4E, 0x00} BlueSky Account : bbhacks@bsky.social

Hey @AXS_UK, pretty sure that's not my IP address, being a private one (RFC1918 and all that). #HappyNewYear

So Palo Alto apparently silently updated (nothing in the release notes I could see) and decided rather than fix the issue, they would just stop the PoC working. So here is the tool getting plaintext creds on the latest version. Stop blocking the tool and start fixing the issue

Make sure to take your chances this holiday season to grab a free gift from the "cybercrime santa" 😂

🐋 Orca has arrived! The latest Proxmark3 source code is here, packed with fixes, features, and expanded capabilities. From enhanced iClass tools to new Python/Lua support, this is our most versatile update yet. 🔗 github.com/rfidresearchgroup… #Proxmark3 #RFIDHacking #Orca

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: synacktiv.com/publications/r…

Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ... Full write up here : shells.systems/extracting-pl… Tooling available here : github.com/t3hbb/PanGP_Extra…

Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems. On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.

I am proud of you, my friend. I just needed to let you know!

Cards Against Humanity is suing Elon Musk & SpaceX for $15M They're being accused of trespassing on and damaging company-owned property in Texas "We bought a plot of land on the US-Mexico border to stop racist billionaire Donald Trump’s dumb wall. But this year, an even richer, more racist billionaire — Elon Musk — fucked that land with gravel, tractors, and space garbage, so we’re suing"

Cortex XDR full bypass with stock meterpreter payload. Screenshot from tooling demo, apologies for quality.

200% this! 🤘🔥