Today I share my first ever blogpost and give u another tool drop. I'll show you how to delegate your C2s HTTP-traffic to chromium-based browsers, using the Chrome DevTools Protocol. Blog: https://t.co/FOvN65z01S GitHub Repo with library for you to use:

Holy smoke batman I found an enterprise software that bundles Remcom 🙈

Managed to get RTO II out in time for everyone to enjoy the Black Friday sale, so have at it.

Checks calendar, it's not April 1st. 🥳

Not a drill, I repeat, this is not a drill. https://t.co/6TPpGcmLTi

My Troopers talk about Cross Session Activation attacks is now available on YouTube: https://t.co/in6neSYbMa 🙌 Lateral Movement in the context of logged in user sessions 🔥🔥@WEareTROOPERS thanks for the opportunity and event! 🙃

This blogpost is interesting - has Windows internals, my own novel solution to a problem red teamers have had for a while, EDR bypasses, debugging and much more. Spoofing command lines on Windows and solving the problem of length limitations: https://t.co/4R5FCfNvsV

Cobalt Strike 4.12 is LIVE, complete with a new look for the GUI! Additionally, we're introducing: - A REST API - User Defined Command and Control (UDC2) - New process injection options - New UAC bypasses - and more! Check out the release blog for details. https://t.co/o80AbK9U8E

Install all SysInternal tools on Windows machines with command line alias: winget install --id Microsoft.Sysinternals.Suite Or use the good old: https://t.co/N7YIXIEEC8

Just learned something wild — maybe everyone else already knew… In Edge/Chrome, you can bypass the HTTPS security warning by typing: 👉 thisisunsafe No button, no prompt. Just type it. Instantly skips the warning and loads the site. 🤯 Great write-up explaining it here:

SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501). Great deep dive by @unsigned_sh0rt! https://t.co/FGAHfaXHsY

Me: I want to have more friends Tech companies:

Microsoft is adding Sysmon directly into Windows. The Sysinternals utility will make it easier for security teams to detect and respond to threats

Section 10/12 of the UDRL/Sleepmask course is finally complete. By far the most complicated / longest to write. Super excited to finish this out and get it into people's hands!

Closing the Friedge

My #DEFCON33 @cloudvillage_dc talk is now on YouTube! 🎥 Featuring a global scavenger hunt game, hidden Easter eggs from Greece, and a Prowler module that never happened. See y'all next year for the three-peat! https://t.co/y4Qgve0Jdl

Hi @msftsecresponse ! I'm pretty sure you do not consider lateral movement techniques that require admin access on the target to be a vulnerability right?

SilentButDeadly is a powerful tool for red teamers and security researchers. It uses Windows Filtering Platform (WFP) to block cloud connectivity of EDR/AV software—like SentinelOne and Windows Defender—without terminating processes, enabling stealthy network isolation for

Actually yes - and what the function does what it says - so you can do things like: https://t.co/TRSuK0xzhw No weird VirtualAlloc calls or locating functions involved!

I might be DUMB but I was today years old when I found out that when the CLR allocates memory for IL, it has RWX permissions which means you can do this: