Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): mansk1es.gitbook.io/AnyDesk_…

Elastic Security Labs has discovered a new method for initial access and evasion in the wild, termed #GrimResource, which involves arbitrary execution in mmc.exe through a crafted MSC file. elastic.co/security-labs/gri… gist.github.com/joe-desimone…

Happy Solstice! Time to celebrate Truth and Justice. I appreciate your support; and I want to let you try one of my value-packed & expensive commercial masterclasses: ☀️ Masterclass: Hacking Fuzzers for Smarter Bughunting (on-demand video) zerodayengineering.com/train… This class will give you a core level grasp of modern evolutionary coverage-guided fuzzing as pro hackers use it. It goes fast from fuzzing essentials to advanced customization & examining how code coverage works on CPU assembly level, 4 hours hands-on video. Free access from 21st to 23rd June (access conditions below)

One Box To Rule Them All Little write up of my way to tackle remote pentesting situations with a dropbox. This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network. luemmelsec.github.io/One-Box…

RT @Idov31: I usually tend to avoid politics but nowadays it is impossible. To all the Hamas supporters that reading this post, all the peo…

Cashing in on browser behaviour to silently download executable files. A blog post by @defte_: sensepost.com/blog/2023/brow…

The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected! posts.specterops.io/sccm-hie…

Our EXE loader is now available to everyone on GitHub: github.com/Maldev-Academy/Ma… We'll be uploading more repositories on our GitHub in the future.

Love to see our work inspires stuff like that. Check out @sam_phisher new blog post on Automating MalRDP deployment with Terraform and Ansible. Great Work!

My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure. trustedsec.com/blog/okta-for…

New blog post of mine and my first in our "The Path to DA" series where I share a cool attack path I exploited in a recent engagement to gain Domain Admin privileges. Hope you like it :) shorsec.io/blog/the-path-to-…

Part 5 of Lord Of The Ring0 is out! idov31.github.io/2023/07/19/… On this part, I explained how APC and thread injection made from the kernel to a user mode process, IRP & SSDT hook, why they don't work anymore (and their alternatives) #infosec #CyberSecurity

Excited to share my new research: a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local/remote processes. github.com/ShorSec/DllNotifi… An accompanying blog post with more details: shorsec.io/blog/dll-notifica…

Had the honor to present my research at @defcon 31 this year! Here is the link to the Github repo of the PoC tool I demonstrated: github.com/deepinstinct/Cont… Research abstract: forum.defcon.org/node/245719 A more detailed and technical blog post will be uploaded soon.

SCCM Site takeover by abusing the AdminService API. In this blog, I walkthrough the discovery process and demonstrate site takeover via credential relaying. medium.com/specter-ops-posts…

Really cool lists for hash cracking I just stumbled upon: github.com/kaonashi-password…

Wrote something on how to bypass Google Safe Browsing for Phishing campaigns🧐 r-tec.net/r-tec-blog-evade-s…

This is brilliant! Amazing work from @HamamOfir and @nm10pt 🔥🔥🔥

First blog post in our upcoming series - "Path to DA" where Shlomi and I will be sharing our experiences, stories, strategies and techniques for achieving Domain Admin privileges on engagements. Mine is up next, stay tuned! shorsec.io/blog/the-path-to-…