Publishing https://t.co/QlL5L05Ps6! It's a generalisation of LibTPLoadLib to proxy APIs with an arbitrary number of args. Provided as a Crystal Palace shared library. API made compatible with @_RastaMouse 's LibTP. Hooks are provided to show off the newest Crystal Palace features

Callstacks are largely used by the Elastic EDR to detect malicious activity. @SAERXCIT details a technique to evade a callstack-based detection and allow shellcode to load a network module without getting detected. Post: https://t.co/hckL3n8it5 PoC: https://t.co/0dqBDQeKWm

The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution in the context of an active session? 😎 Here you go: https://t.co/FkljGCquGF

Following @ShitSecure's TROOPERS talk and release of BitlockMove, we're releasing our internal DCOMRunAs PoC made by @SAERXCIT last year. It uses a similar technique with a few differences, such as DLL hijacking to avoid registry modification. https://t.co/yq80EAtSEo

Did you know deleting a file in Wire doesn’t remove it from servers? Team member @myst404_ took a closer look at Wire's asset handling and identified 5 cases where behaviors may diverge from user expectations. https://t.co/jYyZJ3on8b

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post https://t.co/eF5nhHfPuS

To escape a locked-down Citrix environnement, team member @saerxcit wrote a basic shellcode loader in OpenEdge ABL, a 40 years old english-like programming language. We're sharing it in the off chance someone else might one day need it: https://t.co/elT14mb8Ss

This issue was assigned CVE-2024-52531. While the CVE description states that the vulnerability cannot be reached from the network, it seems, in fact, possible (check the blogpost for details).

You can now also follow us on Mastodon : https://t.co/tQt8SiWEFU

You can now also follow us on Bluesky: https://t.co/4ZGiTzbRRB

📢 Hunter Alert! Here's an excellent write-up by @sigabrt9 - who recently uncovered a bug in @gnome’s #BugBounty program. Perfect to expand your knowledge about finding bugs in open-source programs 👉 https://t.co/QQOnmdWRvw Thank you @sigabrt9 for this valuable contribution!

Team member @sigabrt9 describes a fuzzing methodology he used to find a heap overflow in a public @yeswehack bug bounty program for Gnome: https://t.co/BFibCnOTaF

New article on F5! A write-up on CVE-2024-45844, a privilege escalation vulnerability in BIG-IP by team member @myst404_ https://t.co/44CishyuHT

If you are lucky enough to have a Windows Server Datacenter with Hyper-V, you can automatically activate @M4yFly 's GOAD VMs, so rebuilding the lab every 180 days is no longer needed. We POCed a Vagrant-style script here: https://t.co/9Jk3cutl85

How does F5's Secure Vault, its "super-secure SSL-encrypted storage system" work? Response in this article by team member @myst404_ https://t.co/RRfcA3sJY6

Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @lowercase_drm and @myst404_ https://t.co/5YD46wKCMC

Stoked to see PassTheCert featured in @ippsec ‘s solution to @hackthebox_eu Authority🧑‍⚖️! Find the tool here: https://t.co/i18vnbcwDh

You can now also follow us on Bluesky: https://t.co/4ZGiTzbRRB

We updated this old gem by @myst404_ to include the new GLPI decryption algorithm. https://t.co/7JudmYm9ww

Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries. https://t.co/uSUvSVsu17