Want to supercharge your Beacons Object files with Direct SystemCalls? Check our latest @OutflankNL blog here: https://t.co/ilwtqhG1ek

New blog! Here's our case study on using LLMs for accelerating offensive R&D. Our post details how we used Large Language Models to identify and exploit trapped COM objects. Next week at BlackHat we'll drop even hotter stuff on offensive AI research. 🔥 https://t.co/PFKGjc4sVX

Have you always wanted to roll out your own offensive monitoring network? See how Async BOFs enable automatic notifications for when users log in, useful applications (such as password vaults) are started, or the user tries to log off/shut down. https://t.co/fLsj3ljk9L

Who doesn't love a sequel? Part one our series on secure #enclaves for #offensive operations highlighted how enclaves work and how to develop your own. Part two is out now and shares what we discovered while digging into enclave internals: https://t.co/oe9A6Rp4tt

[BLOG] Dynamically Instrumenting Beacon with BeaconGate - For All Your Call Stack Spoofing Needs!

Virtual fortresses aren’t as invincible as they seem 🏰⚔️. Read about our latest research on using Secure Enclaves in Windows for offensive ops — plus fresh insights for red teamers. Check out Part 1 of our blog series here: https://t.co/I7eDWJFMQp

Just finished this mix on my brand new AlphaTheta XDJ-AZ 🤩💪 It’s mix of progressive trance, which builds up to some nice uplifting trance bangers 😎 Some amazing new tracks included from @fariusmusic @djoliversmith @danstonemusic @RobertNickson https://t.co/wzSQT5kGlE

First 2 hour set on mix cloud. Mix of progressive and trance with a nice builtup. For anyone into dance/house music... i hope you like it. https://t.co/8aubB7uScM

Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS #HackfestHollywood 2024 🌮🔒 Find the details on the @AmberWolfSec blog, along with the individual advisories, including a not-yet-fully fixed PaloAlto GlobalProtect client RCE👀

We worked with @_dirkjan to get this as an exclusive into Outflank Security Tooling with a new tool called ROADtune. ROADtune allows red teamers to: - bypass CAP by faking device compliance registration - loot secrets from applications pushed to compliant devices Cool stuff!

For anyone who's badge I managed to "Pwnz0rz111" today at RedTreat, you can revert back to the "original" FW by booting the badge, and once my spooky purge face shows up, press the middle button (the up button) and then the top button (the select button). The image just overlays

And thats a wrap of #RedTreat 2024 2 days of hardcore red teaming research and meeting other rt researchers and operators. Mind still 🤯 processing some of the discussions! Thanks to all the attendees and speakers for being present at our little conf! /c @MDSecLabs @OutflankNL

New Blog Alert! 🚨 Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs. Learn how it combines Early Bird APC Injection & EDR-Preloading: https://t.co/oWreVHNKyL

I am excited to share that I have graduated for my master's degree in Cybersecurity from the Radboud University🎓. I completed my thesis "Endpoint Detection & Response Evasion during Windows Process Creation" with a 9/10!

We’ve been working on some really big stuff this year… and it’s finally ready to demo 😁

Even mature security orgs are vulnerable to NTLM relay attacks. In our latest blog post from @zyn3rgy explores a "lower-touch" method to control inbound 445/tcp traffic and leverage NTLM relay primitives more effectively. Read for more ⤵️

How we did this in the old days: When I was on Windows, this was the type of thing that greeted you every morning. Every. Single. Morning. You see, we all had a secondary "debug" PC, and each night we'd run NTStress on all of them, and all the lab machines. NTStress would

It's not *always* about Windows--macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery_ explains more about the telemetry sources for these under-discussed #endpoint products> https://t.co/fxA5s7vKUH

"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: https://t.co/3I9JjQ1QaK 😃

Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled. https://t.co/kN5MTieLLc

I'm going to take this a step further and say segmentation has the biggest impact on early detection of an attack. Adversaries are generally lazy in the sense that they will take the path of least resistance. 1/n