Filter
Exclude
Time range
-
Near
/ˈziːf-kɒn/
@x33fcon
Jun 11
"#Breaching The #Perimeter: The Forgotten Attack Vector That Always Works" workshop at #x33fcon run by Jiří Vanek and @tatramaco - x33fcon.com/#!/w/JiriVanekCh… - #physical_security, #physical_penetration_test, #covert_methods_of_entry, #physical_breach, #offensive_security
2
6
628
Mr. OS@ksg93rd
May 26
#tools #Offensive_security "Hooking Windows Named Pipes", Apr. 2026. ]-> Windows named pipe hooking toolkit github.com/synacktiv/thats_n… // During security assessments, we often see desktop apps composed of several processes. Some of them run as SYSTEM, and others run in the user session context, meaning they are unprivileged. These processes need to communicate in some way, and often use Windows Named Pipes as IPC mechanisms. Once opened, named pipes are a bidirectional communication channel, just like TCP/Websocket, that may be used by a low privileged process to attack an elevated process

GitHub - synacktiv/thats_no_pipe: Windows named pipe hooking toolkit

Windows named pipe hooking toolkit. Contribute to synacktiv/thats_no_pipe development by creating an account on GitHub.

github.com
18
92
8,386
Mr. OS@ksg93rd
May 22
#tools #Offensive_security 1⃣. CrabLoader - Cobalt Strike User-Defined Reflective Loader written in Rust github.com/qmadev/CrabLoader 2⃣. AIMap - security testing platform for AI agent infrastructure github.com/BishopFox/aimap 3⃣. CLR-Stomp - BOF that loads a .NET assembly into a Cobalt Strike beacon github.com/nettitude/CLR-STO… 4⃣. EntraFalcon - tool for assessing the security posture of Microsoft Entra ID github.com/CompassSecurity/E… 5⃣. ghosttype - Local forensic scanner that extracts credentials from AI tool conversation history github.com/xFreed0m/ghosttyp…

GitHub - qmadev/CrabLoader: A PoC Cobalt Strike UDRL written in Rust

A PoC Cobalt Strike UDRL written in Rust. Contribute to qmadev/CrabLoader development by creating an account on GitHub.

github.com
2
239
Mr. OS@ksg93rd
May 3
#Offensive_security Bypassing Windows (11 24H2/Server 2025) authentication reflection mitigations for SYSTEM shells Part 1 (CVE-2025-33073) synacktiv.com/en/publication… Part 2 (CVE-2026-26128) synacktiv.com/en/publication… // Authentication relay (or reflection) attacks will persist as long as integrity mechanisms are not enforced by default on Windows services

Bypassing Windows authentication reflection mitigations for SYSTEM

Bypassing Windows authentication reflection mitigations for SYSTEM

synacktiv.com
11
53
3,617
Mr. OS@ksg93rd
May 1
#Research #Offensive_security GPT-5.5 vs Claude Opus 4.7 for Pentesting: A Practical Workflow-Based Comparison penligent.ai/hackinglabs/gpt… // A model that writes convincing exploit code is not automatically useful for pentesting. A model that explains a vulnerability clearly is not automatically able to verify it. A model that scores well on coding or agent benchmarks is not automatically safe to connect to scanners, browsers, shells, credentials, or production-like targets...

GPT-5.5 vs Claude Opus 4.7 for Pentesting: A Practical Workflow-Based Comparison

Compare GPT-5.5 and Claude Opus 4.7 for real pentesting workflows, from recon and attack surface mapping to exploit drafting, verification, reporting, and AI agent safety.

penligent.ai
3
261
Mr. OS@ksg93rd
Apr 26
#tools #Offensive_security Kerberos with Titanis trustedsec.com/blog/kerberos… // Titanis - github.com/trustedsec/Titani… Windows protocol library, including SMB and RPC implementations, among others

Kerberos with Titanis

trustedsec.com
7
287
Mr. OS@ksg93rd
Apr 5
#tools #AIOps #MLSecOps #Offensive_security Recursive Autonomous Penetration Testing and Observation Robot github.com/gadievron/raptor // Autonomous Offensive/Defensive Security Research Framework, based on Claude Code

GitHub - gadievron/raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive...

Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we confi...

github.com
1
5
203
Mr. OS@ksg93rd
Apr 2
#tools #Offensive_security 1⃣. dexfinder - github.com/JuneLeGency/dexfi… Cross-platform APK/DEX method & field reference finder with call chain tracing, ProGuard/R8 deobfuscation, and Android hidden API detection 2⃣. LogonTracer - github.com/JPCERTCC/LogonTra… tool to investigate malicious logon by visualizing and analyzing Windows AD event logs 3⃣. efiguard-detect - github.com/sapdragon/efiguar… tool to detect EfiGuard 4⃣. ReDyne - github.com/speedyfriend433/R… iOS Decompiler/Reverse Engineering Suite 5⃣. Disconnected RSAT - github.com/CCob/DRSAT launcher for running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

GitHub - JuneLeGency/dexfinder: Cross-platform APK/DEX method finder with call chain tracing,...

Cross-platform APK/DEX method finder with call chain tracing, ProGuard deobfuscation, and hidden API detection - JuneLeGency/dexfinder

github.com
2
18
974
Mr. OS@ksg93rd
Mar 19
#tools #exploit #Offensive_security 1⃣. Fritter - github.com/0xROOTPLS/Fritter tool that generates unique, evasive, position-independent shellcode for in-memory execution, building on Donut's framework with dynamic memory management and randomized components for enhanced stealth 2⃣. KslDump - github.com/andreisss/KslDump exploits a Microsoft-signed Defender driver vulnerability via IOCTL 0x222044, enabling unrestricted kernel and physical memory access, bypassing security protections, through registry manipulation and local privileges 3⃣. RegPwn - github.com/mdsecactivebreach… privilege escalation exploit affecting Windows 10, 11, and Server editions (CVE-2026-24291)

GitHub - 0xROOTPLS/Fritter: Fritter is a heavily modified fork of TheWover and Odzhan's Donut...

Fritter is a heavily modified fork of TheWover and Odzhan's Donut shellcode generator. - 0xROOTPLS/Fritter

github.com
8
29
1,531
Mr. OS@ksg93rd
Mar 17
#tools #Offensive_security #Red_Team_Tactics 1⃣. VMkatz - github.com/nikaiw/VMkatz Extract Windows credentials directly from VM memory snapshots and virtual disks 2⃣. github.com/kapla0011/KaplaSt… KaplaStrike - module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal 3⃣. github.com/Ghaleb0x317374/St… StealthyWMIExec - a stealthier approach to WMI-based command execution using Impacket without touching the disk 4⃣. Kerlab - github.com/airbus-cert/kerla… a Rust implementation of Kerberos for Fun and Detection 5⃣ Ghost in the PPL - core-jmp.org/2026/03/ghost-i… LSASS Memory Dump

GitHub - nikaiw/VMkatz: Extract Windows credentials directly from VM memory snapshots and virtual...

Extract Windows credentials directly from VM memory snapshots and virtual disks - nikaiw/VMkatz

github.com
14
72
3,792
Mr. OS@ksg93rd
Mar 10
#hardening #Offensive_security Breaking Out of Citrix and other Restricted Desktop Environments pentestpartners.com/security… // This article details techniques for escaping restricted environments like Citrix by exploiting misconfigured Windows dialogues, help files, and accessibility features to launch unauthorized shells. The post emphasizes hardening virtualized environments through strict, least-privilege configurations

Breaking Out of Citrix and other Restricted Desktop Environments | Pen Test Partners

Introduction Many organisations are turning to virtualisation of apps and desktops. This often involves virtualisation platforms such as Citrix to deliver these services.  Get your configuration or...

pentestpartners.com
4
452
Mr. OS@ksg93rd
Mar 5
#Offensive_security A Deep Dive into the GetProcessHandleFromHwnd API projectzero.google/2026/02/g… // From Windows XP to Windows 11 24H2 See also: ]-> PPLwindow PPL Bypass via GetProcessHandleFromHwnd github.com/R41N3RZUF477/PPLw…

A Deep Dive into the GetProcessHandleFromHwnd API

In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t k...

projectzero.google
1
16
51
2,678
Mr. OS@ksg93rd
Feb 28
#tools #Infographics #Offensive_security "Attacking Windows IPC Mindmap", CST Edition, 2026.
19
80
3,030
STEALIEN
@stealien
Feb 23
[언론보도] 제주도, 박찬암 화이트 해커 초청해 공직자 대상 사이버 보안 교육 개최 v.daum.net/v/202602201321063… @hkpco #스틸리언 #STEALIEN #사이버보안 #정보보안 #Offensive_Security #공격자관점 #화이트해커 #박찬암 #제주도 #유퀴즈 #인공지능 #AI #사이버전쟁사례 #보안사고 #사이버보안강연 #정보보호교육 - 27일 복지이음마루에서 진행... 도내 공직자·공공기관 직원 대상 tvN '유퀴즈 온 더 블록' 출연으로 대중에게 친숙한 화이트 해커 박찬암 강사를 초청해 '사이버 전쟁 사례로 알아보는 정보보호'를 주제로 진행된다. 김남진 제주도 혁신산업국장은 "사이버 위협이 일상과 업무에 직접적인 영향을 미치고 있다"며 "이번 교육을 통해 사이버 보안에 대한 경각심을 높이고 안전한 정보환경을 토대로 도민이 안심할 수 있는 행정을 펼치겠다"고 말했다.

제주, 공직자 대상 사이버 보안 교육

[아이뉴스24 배정화 기자] 제주도는 도내 공직자 및 공공기관 직원들을 대상으로 사이버 정보보안 교육을 실시한다. 교육은 오는 27일 오후 3시 제주도 복지이음마루에서 개최되며, tvN '유퀴즈 온 더 블록' 출연으로 대중에게 친숙한 화이트 해커 박찬암 강사가 강연한다. 강연은 '사이버 전쟁 사례로 알아보는 정보보호' 주제로 사이버 전쟁과 주요 보안사고 사

v.daum.net
1
2
441
Mr. OS@ksg93rd
Feb 11
#tools #Offensive_security #Red_Team_Tactics 1⃣. Automating the Pass-The-Ticket attack ricardojoserf.github.io/auto… ]-> AutoPtT in C and Python github.com/ricardojoserf/Aut… 2⃣. Linux Shared Library to Shellcode Loader github.com/sliverarmory/mala… 3⃣. GhostLocker: AppLocker-Based EDR Neutralization github.com/zero2504/EDR-Ghos… 4⃣. MSSQL Silver Tickets and Token Privileges vuln.dev/silver-ticket-mssql… ]-> Token handles abuse github.com/blackarrowsec/Han… 5. LOLRMM tools lolrmm.io

GitHub - ricardojoserf/AutoPtT: Automated Pass-the-Ticket (PtT) attack. Standalone alternative to...

Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C , Crystal, Python and Rust - ricardojoserf/AutoPtT

github.com
2
5
459
Mr. OS@ksg93rd
Feb 5
#MalDev #Malware_analysis #Offensive_security MacOS Malware Persistence Part 1 - LaunchAgents. Simple C example cocomelonc.github.io/macos/2… ]-> Source code in GitHub github.com/cocomelonc/meow/t… Part 2 - Shell environment hijacking. Simple C example cocomelonc.github.io/macos/2… ]-> Source code in GitHub github.com/cocomelonc/meow/t…

MacOS malware persistence 1: LaunchAgents. Simple C example

cocomelonc.github.io
2
7
469
Mr. OS@ksg93rd
Feb 4
#tools #Sec_code_review #Offensive_security Claude Code in a devcontainer github.com/trailofbits/claud… // Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review

GitHub - trailofbits/claude-code-devcontainer: Sandboxed devcontainer for running Claude Code in...

Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review. - trailofbits/claude-code-devcontainer

github.com
4
325
Mr. OS@ksg93rd
Feb 1
#Offensive_security #Red_Team_Tactics Living off the Process g3tsyst3m.com/lotp/Living-of… ]-> Full Source Code ready to compile github.com/g3tsyst3m/Codefro…

Living off the Process

Hello again everyone! Hope the start to the new year is treating you well. I am excited to share a new blog post with you! Furthermore, I’d consider the content shared in today’s post to be the most...

g3tsyst3m.com
14
64
3,552
Mr. OS@ksg93rd
Jan 26
#tools #Offensive_security HuntCyberArk - CyberArk Security Audit Suite github.com/Logisek/HuntCyber… // A comprehensive PowerShell-based security assessment tool for Privileged Access Management platforms See also: zBang - Risk assessment tool for privileged account threats github.com/cyberark/zBang Conjur - Secrets management platform github.com/cyberark/conjur ACLight - Shadow Admin discovery Ansible Security Automation github.com/cyberark/ACLight Collection - CyberArk Ansible integration github.com/cyberark/ansible-…

GitHub - Logisek/HuntCyberArk: CyberArk Security Audit

CyberArk Security Audit. Contribute to Logisek/HuntCyberArk development by creating an account on GitHub.

github.com
1
14
818
Mr. OS@ksg93rd
Jan 22
#tools #Kernel_Security #Offensive_security AV/EDR Killer: AV/EDR processes termination by exploiting a vulnerable driver (BYOVD) github.com/xM0kht4r/AV-EDR-K… // This project demonstartes how a legit, and signed driver can be weponized to gain kernel level access

GitHub - xM0kht4r/AV-EDR-Killer: AV/EDR processes termination by exploiting a vulnerable driver...

AV/EDR processes termination by exploiting a vulnerable driver (BYOVD) - xM0kht4r/AV-EDR-Killer

github.com
1
10
464
Load more