Fun little time sink creating a red team logger. Feel free to play around, give some feedback, and if there is enough interest I'll put some more time in to it. https://t.co/mAqORgY28O

The Only Git Command List You'll Need to Bookmark → Daily Lifesavers: • git status — Your repo’s daily health check • git add . — “Take everything, I’m ready” • git commit -m "msg" — The diary entry for your work • git push — Send it to the world • git pull --rebase —

Custom Mach-O Image Loader with in-memory Mach-O loader https://t.co/WxQldyQcZP #redteam

Reduced Docker image size from 2.1GB to 180MB. Deployments 8x faster. The original Dockerfile: - Started with ubuntu:latest - Installed everything via apt - Included dev dependencies - Copied entire project directory - Left build artifacts - No layer optimization The problems:

Forget common backdoors — a DLL hijack in Windows Narrator can grant SYSTEM-level persistence at login. In our new blog, @Oddvarmoe shows how attackers abuse accessibility features and what defenders should monitor. Read now!

A Rust-based tool that generates Windows PE executables containing data patterns designed to trigger YARA rule matches.

rolled out a bof for getting the dpapi_system key used by mimikatz /system: when ingesting master keys. If that's something you need it's live at https://t.co/lIBsG7JXWA

Last month, @d_tranman and I gave a talk @MCTTP_Con called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft. Check out the slides here: https://t.co/1KNln1ldzF Recording should be released soon.

Redirect any Windows TCP and UDP traffic to HTTP/Socks5 proxy

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️

[Crystal Kit] Evasion kit for Cobalt Strike. https://t.co/RYlbXGn1bQ

My very first Crystal Palace shared library 🤗 https://t.co/LTeeIXkvkh

Why should Microsoft's Nested App Authentication (NAA) should be on your security team's radar? @Icemoonhsv breaks down NAA and shows how attackers can pivot between Azure resources using brokered authentication.

EDR vendors secure their sales pipelines but neglect monitoring GitHub for exposed installer tokens -leaving customers vulnerable to abuse and over-licensing. Adversaries likely exploit these tokens to build sandboxes for payload testing. Here are search patterns to help

Beyond Beacon: Writing BOF and a Native Rust COFF Loader https://t.co/Di8EmEGAuN #redteam

I was today years old when I learnt that you can run ELF using ld-linux. Useful when the executable bit is not set (and you can't change it).

Solid overview of OPSEC considerations when operating with Sliver C2 by @zimnyaatishina 💪 #redteam #c2 #malware #opsec https://t.co/lXHuoQFYTJ

Lance Cain & Daniel Mayer shared examples of Jamf exploitation techniques available to threat actors in their #BHUSA briefing today, which included the introduction of two new tools: JamfHound & Eve.

GitHub - 0pepsi/Linux-persistence: A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion.

There is a party at #GLx and you have been invited. Brand new training course giving you a deep dive into #SPTM, #TXM, #SK and #Exclaves

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: https://t.co/fxAIXNXsEr