S3cur3Th1sSh1t
@ShitSecure
Followers
27K
Following
5K
Media
298
Statuses
3K
Pentesting, scripting, pwning!
127.0.0.1
Joined January 2019
This year it happened. What started as a spare time hobby and fun project became a commercial product for the Offensive Security community. I founded a company, @MSecOps . And this company will sell a Packer to Red Teams or Pentesters. (1/x) 🔥
🔥 Introducing RustPack 🔥 . RustPack is an evasive Packer/Loader, that is capable of bypassing common AV/EDR vendors. It accepts user-provided known malicious input payloads, such as shellcode, C# assemblies or portable executables (PE). Those inputs are encrypted, and
137
115
297
Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions. Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.
labs.watchtowr.com
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to...
3
91
322
Another Pentest, another time the NetExec Veeam module didn't work properly. Sometimes SYSTEM impersonation is needed, sometimes it's flagged by AMSI. You need to know about alternatives. SharpVeeamDecryptor now supports v12 and PostgreSQL Veeam instances 😎
5
46
243
Today I share my first ever blogpost and give u another tool drop. I'll show you how to delegate your C2s HTTP-traffic to chromium-based browsers, using the Chrome DevTools Protocol. Blog: https://t.co/FOvN65z01S GitHub Repo with library for you to use:
github.com
Using Chromium-based browsers as a proxy for C2 traffic. - dis0rder0x00/stillepost
3
35
125
The MSec Operations - @MSecOps - Discord channel provides vetted Cyber Security experts the opportunity to exchange TTPs, to ask questions and to get answers! 😎 More than 280 verified people already joined. https://t.co/bsKKeG8Jat
discord.com
Sieh dir die MSec Operations-Community auf Discord an – häng mit 394 anderen Mitgliedern ab und freu dich über kostenlose Sprach- und Textchats.
0
5
44
I finally came around and documented all the Conditional Access bypasses in a single blog post. It contains not only the documented bypasses, but also the results of new research. #Entra #ConditionalAccess #Security #Cheese
https://t.co/YWBfY0NhHl
cloudbrothers.info
In Microsoft Entra, Conditional Access is, after the Authentication itself, the most crucial part of defense against attackers. It’s referenced as “zero trust policy engine” and the idea behind is,...
9
153
469
ElectronVulnScanner is a tool designed to detect Electron applications vulnerable to ASAR tampering. It automatically enumerates your file system and reports identified Electron apps and their corresponding ASAR files. https://t.co/NUhTavrmbt
1
65
316
Machine learning-based detection is not yet widely used by AV/EDR vendors to flag potentially malicious executables. However, some few vendors have already implemented effective engines for unsigned executables. 💡And this has nothing todo with signatures! In the past, the
0
2
5
My Troopers talk about Cross Session Activation attacks is now available on YouTube: https://t.co/in6neSYbMa 🙌 Lateral Movement in the context of logged in user sessions 🔥🔥@WEareTROOPERS thanks for the opportunity and event! 🙃
2
31
126
NTLM relays failing because of EPA? 😒 @zyn3rgy & @Tw1sm break down how to enumerate EPA settings across more protocols + drop new tooling (RelayInformer) to make relays predictable. Check out their blog for more:
specterops.io
It's important to know if your NTLM relay will be prevented by integrity protections such as EPA, before setting up for and attempting the attack. In this post, we share how to solve this problem for...
1
56
174
As a follow up to my last post, here is part II of driver reverse engineering 101, this time about dynamic analysis. We unpack a VMProtected kernel driver and restore its IAT with some emulation. Enjoy:) https://t.co/QR5e623GX6
5
69
267
Just published a summary of "modern" Windows authentication reflection attacks. Turns out reflection never really died. 😅 https://t.co/2YxXlaRMMC
decoder.cloud
Authentication reflection has been around for more than 20 years, but its implications in modern Windows networks are far from obsolete. Even after all the patches Microsoft has rolled out over the…
3
80
226
another exploited in-the-wild FortiWeb vuln? It must be Thursday!
7
120
420
Maldev talk submittet, fingers crossed!🙌
Exciting news, infosec community! 🎉 The Call for Proposals for x33fcon is officially OPEN! Got a brilliant talk idea, a hands-on workshop, or an in-depth training you're eager to share? We want to hear from you! Conference dates: June 11-12, 2026 Training dates: June 8-10,
4
1
54
Sometimes you still find on-prem Exchange servers on the Internet. In such case you might wanna check out our fork of peas. It's Python 3 (ported by Codex) and grants full control over the appearance of the fake ActiveSync device (serial, model, OS, etc). https://t.co/P0oV0uQyAi
github.com
Modified version of PEAS client for offensive operations - glynx/peas
1
22
104
Because the last release of #NoPowerShell was 2 years ago and to celebrate the repo has 999 stars, I just merged DEV ➡️ MASTER and published Release 1.50 containing over 60 offensive cmdlets! 🥳 https://t.co/dBOcwRPgSw See examples of some of the cmdlets below 👇
github.com
PowerShell rebuilt in C# for Red Teaming purposes. Contribute to bitsadmin/nopowershell development by creating an account on GitHub.
1
46
141
Finding and exploiting a potential new LPE on Windows just to find out that my VM was not up to date and this already looks patched 😅 Anyway one n-day exploit at least and learned something.
2
0
57
I am happy to present the latest blogpost I was working on. It is about enumerating and attacking MSSQL databases from both external and internal perspective. Hope you learn something from it and as always, any feedback is welcomed! https://t.co/OnJ9sqWkGD
r-tec.net
This blog post takes a deep dive into the offensive side of MSSQL security, exploring the quantities of attack vectors that can be exploited.
1
37
93
Another Nim C2-Framework developed by @virtualloc. Can't believe you actually wrote the whole client in Nim as well 😂 Nice one! https://t.co/2rPGuqzbqr Including a Blog for parts of it: https://t.co/YvVxQpEjFG
5
76
279
Today, I am releasing the COM-Fuzzer. Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. https://t.co/RBVXP01UK4
github.com
Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful...
4
60
206
I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 https://t.co/2e2DBIndcU
specterops.io
ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise helping identify attack paths to network shares automatically.
3
93
225