Randomly had this idea to check changelogs of the vendor affected by my CVE from ~2.4 years ago. Can't see any s/w updates which reference a mitigation to the CVE.. If it's still not fixed that's pretty mad

Wut CS now has ollvm support 0.o

VrMeister inside  Gab Kağan IŞILDAK vx-underground Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎

Does anyone know how CS's `strrep` function works? Cannot seem to find much about it

Work in progress!

This is unacceptable, should not be possible

Made possible by 𝕭𝖏ø𝖗𝖓 𝕾𝖙𝖆𝖆𝖑

Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!

gist.github.com/adamsvoboda/8e…

It bombs out on LSASS, but most other processes work.

Do you want to start the RemoteRegistry service without Admin privileges?
Just write into the 'winreg' named pipe 👇

CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 and I identified a couple of issues on Fujifilm and Xerox multi function printers which allows you to get encrypted credentials from the web interface (without authentication) and then decrypt them. Read about it here:

It’s truth

Useless use of cat😃

Detecting fileless malware with memory controller, by Marcus Botacin

#redteam

github.com/marcusbotacin/…

😮bbc.co.uk/news/technolog…

Fuck-Etw

Bypass the Event Trace Windows(ETW) and unhook ntdll.

github.com/unkvolism/Fuck…

#infosec #pentesting #redteam

Using WTSQueryUserToken() to kindly ask for a remote token, by Omri Baso

#redteam

medium.com/@omribaso/wts-…

Bypassing Crowdstrike Falcon EDR hooks with targeted algo, decomposing agent's hooking logic.

Although extremely Falcon-specific, nevertheless good exercise for any maldev.

Great work, inbits!

#redteam

inbits-sec.com/posts/in-memor…

No no, everything is fine!

If you want to know why people have lost faith in capitalism, this might help

This actually happened to Evernote. They took the advice of “keep talking to your customers and ship whatever they want” as the only guiding principle for product development. And what ended up happening was paying users liked it, but the product become unintuitive and feature…