https://t.co/ai6LeweBRB - a cursed sigreturn-oriented programming (srop) based sleep obfuscation for linux that encrypts PT_LOAD segments + heap

Can we have better implant comms please? Some ideas for different options and design ideas. https://t.co/UlnkgBT4Ae Woo Claude etc.

Detecting Entra ID Enumeration at Scale Every attacker and Red Teamer enumerating your Azure/Entra ID tenant runs the same playbook: AzureHound, RoadRecon, GraphRunner, all of which query the Graph API for service principals, group memberships, and role assignments to find

We are live! 15 canary token providers (10 persistent, 5 ephemeral) - all designed to exploit an adversary's decision making process. (And has the added fun consequence of making folk say "wait, that's a canary token??" in a demo)

CVE-2025-59287 WSUS Remote Code Execution | HawkTrace -

preview: ida-cyberchef #idapro #cyberchef

Finally releasing Sekken-Enum, an ADWS enumeration BOF we've been using internally for a while now. Based on the research from SOAPHound/SoaPy moving away from relying on .NET execution or proxying. Output works with BOFHound for Bloodhound ingesting. https://t.co/wVF2safhXC

kernel hackers go serverless ring0 → cloud 9 ☁️ ?? brb pwning yr gpu nodes ✨

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

If you find yourself wanting a pdf for a single instruction (Intel || AMD), and not dealing with the entire manual: https://t.co/L5Z5lv6UzI<instruction>.pdf You can see the index @ https://t.co/L5Z5lv6UzI Just as an alternative to FelixCloutier’s site, it will update every new

I wanted to find out if you could start the WebClient service remotely, so I ended up digging into it

@_batsec_ in the US there is no formal standard for red team or purple team. everyone gets to do whatever the client wants. some companies hire great teams to do good work, others don’t get so lucky. without a TIBER equivalent, there is nothing to stop me from selling a pentest (or worse,

Hi, I just released this python-version of @CICADA8Research's nice RemoteKrbRelay-tool. It is based on @_dirkjan's KrbRelayx and @sploutchy's https://t.co/sLJiDOZjPQ and https://t.co/SjvgbFz7WX. Please check it out: https://t.co/LWtuRyVoue

🔴 Red and blue teams, this one's for you. 🔵 LudusHound bridges BloodHound Attack Paths with lab automation by creating a functional Active Directory replica testing environment. Read @bagelByt3s blog post for more. https://t.co/YOGMEQ8upC

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! https://t.co/0aPVihoFIU

Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!

🦀🦀 https://t.co/K5NSxUrLoM

Password cracking with https://t.co/Yoyypck3N8 made easier :) Enjoy. https://t.co/1xXYbuJaWG

single-threaded event driven sleep obfuscation poc for linux utilizing file descriptors, inspired by "pendulum" from @kyleavery_ https://t.co/7Zji03O1Ut

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - https://t.co/c969sNjQH0