Life-time access is so back! From now on, individuals can get life-time access to all of our online courses. Learning how specific TTPs work, understanding coding, debugging and troubleshooting is much simpler with video-based content. Check it out - https://t.co/HK29Al06a5

Step-by-Step Malware Analysis Using x64dbg. A tutorial on how a popular debugger can be used to unpack Emotet malware. Please consider supporting Duncan (@mrexodia) with his development of this incredible tool (a link to support below). A solid guide by Neil Fox (@varonis)

Model Y Standard & Model 3 Standard are here

Lateral movement across server room? Steven Flores (@0xthirteen) of @SpecterOps describes a new fancy WMI class that can be used to move laterally between Windows server boxes. Also, mentions methods of extending this tactic to workstations. Post: https://t.co/ZTlIuMkE9P

Detecting Process Hollowing. A post by Leo Bastidas from @TrustedSec exploring the popular technique, where a malicious payload is concealed within a legitimate process, and providing detailed methods for its detection and defense. Source: https://t.co/dIoRAADAeR #redteam

Yes... This is Friday... 😎 Enjoy the ride, Theodore! #redteam #maldev #malwaredevelopment

We have also prepared a dedicated offer for existing students who purchased the courses earlier or their courses expired. Please reach out to us via an email to get more details.

Exploring Windows Defender Detection History - a file containing key forensic information like the threat file's hash, file path, initiating process, associated users, and detection/remediation timestamps. Team at Orange Defense reverse engineered the file format and internals.

SuperMega - a shellcode loader framework. Generates a backdoored version of legit binary with smart shellcode loader - making shellcode to call external functions via IAT with referencing data from .rdata section (Cordyceps technique). No need to play with call stacks or

Grand strategy with RTS flavor. Time to taste it yourself...

AMSI bypass techniques - a 2025 update. A collection of various AMSI evasions, for both Powershell and .NET assemblies, with verification which ones still work and which shouldn't. As an extra one can find additional simple, yet clever tricks - make AmsiScanBuffer() buffer

Exploiting Asus driver to escalate privileges. With few clever tactics Marcin Noga managed to bypass several constraints implemented by the driver devs. With hardlinks and ObfDereferenceObject() one can decrement PreviousMode of a process to enter god mode (this was patched in

Morphing shellcode during execution. Once a part of code is done executing, overwrite the block with new code to run. A proof of concept by Debjeet Banerjee (@whokilleddb) Src: https://t.co/Msj6JNOiZf #redteam #maldev #malwaredevelopment

Block EDR dynamic libraries from loading. By using debugging API, exception handling and simple hooks, one can spawn a clean process (PoC blocks amsi.dll). A nice post by @dis0rder_0x00 Source: https://t.co/z6b03Nlo3Z #redteam #maldev #malwaredevelopment

Diving deep into Windows hypervisor. A great post by r0keb (@r0keb) on Hyper-V loader, partitions, startup and other details, combined with lots of rev-engineered C code. Worth reading! Source: https://t.co/DEz5zi24zd #redteam #maldev #malwaredevelopment

If you're into grand strategy gaming, don't miss this title...

Triggering shellcode on certain network status. Register your custom callback with InternetSetStatusCallback() and condition your payload execution on different network events. Excellent idea (w/ source code) by Debjeet Banerjee (@whokilleddb ) Link: https://t.co/7vsvexxJ5H

Overwriting files with Clipup as PPL. Clipup.exe launched as Protected Process Light can corrupt Windows Defender binary (during system startup). An interesting post by @TwoSevenOneT. Source: https://t.co/jTxPD0aM3L #redteam #maldev #malwaredevelopment

A list of LSASS dumping techniques. From utilizing built-in commands, to minidump API and Shtinikering. A good post by Jonathan Bar Or (@yo_yo_yo_jbo). Source: https://t.co/R0YwBigki3 #redteam #blueteam #maldev #malwaredevelopment

DLL Injection with Timer-based Shellcode Execution. A classic DLL injection with CreateThreadpoolTimer to run shellcode in-memory using legit system threads. A post by Andrea Bocchetti. Source: https://t.co/itJDNChN73 #redteam #maldev #malwaredevelopment

Skipping Winsock - AFD.sys for-the-win! A series of posts by Mateusz Lewczak (@MateuszLewczak) on how to use afd.sys driver to implement custom network connectivity. Highly recommended! Source: https://t.co/2MAaAUZqUM #redteam #maldev #malwaredevelopment