Had a lot of fun digging into COM stuff with @bohops recently! We ended up finding a way to laterally move without dropping a file. https://t.co/F6NahVpuHP

This was a really fun talk. It was even more fun rewriting all my slides 3 AM the day we were speaking.

I feel like @YuG0rd's briefly mentioned new dMSA account takeover mechanism in his last blog didn't get enough attention. A new account takeover mechanism is on the horizon. I wrote a blog detailing it, releasing with a new BOF I wrote called BadTakeover https://t.co/fyUkDYKAeP

We're putting out the transcript for our talk - Deductive Engine: Human Inspired Taint Reasoning at OffensiveAICon. Have fun reading! https://t.co/ye08VRKpYT

Ever been on an SCCM site server and *this* close to a DA pw that you couldn't decrypt for some reason? Check out my new blog looking at encryption in use within SCCM sites configured for High Availability and accompanying tooling to recover passwords:

I am also enjoying the rooftop pool before @OffensiveAIcon

@chompie1337 that's our boy that's wassup

kernel hackers go serverless ring0 → cloud 9 ☁️ ?? brb pwning yr gpu nodes ✨

Proud to have you here @bohops & Dylan Tran #mcttp #hansesecure #meetfriends #itsecurity @HanseSecure

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method. https://t.co/8oavXwyGEv

Excited to be presenting "Keep COM and Hijack On: Redefining Windows Session Hijacking" at Black Hat Arsenal Europe this December. Looking forward to connecting with many of you there! 🤟 https://t.co/QPV9dUpqru

Super excited for this!

I Just documented a cool way to authenticate proxied tooling to LDAP in an AD environment using C2 payload auth context, without stealing any tickets or hashes! Keep tooling execution off-host and away from EDR on your Red Team assessments! https://t.co/VLE2Kh4idY

Hi everyone, I was the captain of the the captain of the winning team for the 20th NCCDC season. Over the past few months, I’ve taken the time to write up my advice, experiences, and concerns about CCDC in a blog. You can read here: https://t.co/x9FGe0esBb #CCDC #cybersecurity

Shoutout to @nos3curity @bri5ee @baseq_twt @_c0ve for teaching me how to SSH, HTB, etc. 4 years ago. its been a fun road since

full time time. i can't use the intern code excuse anymore GG

My first @SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. https://t.co/6SFxGDpQkL

Call For Speakers closes this Friday 7/18. Tell your friends. Tell your favorite offensive AI researchers. 🏃💨

The uncanny hacking powers of @0xBoku and @d_tranman

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence.

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. https://t.co/GY37MMfCGl