Hot take that isn't really a hot take: The security community is quietly outsourcing the exact cognitive capability that makes it valuable. Braindumped how to address it: 👉 https://t.co/C4PVeMpzXQ

https://t.co/J0eef1haHO

FYI you can recompile libtcg (for crystal palace) with the mutator kit for some simple static signature resistance https://t.co/ifSW77bM2a

After over a year of work my second course with @_ZeroPointSec is now available! In it students will apply low level windows tradecraft in the writing of Cobalt Strike’s UDRL and Sleepmask components. To celebrate, the BOF course is 25% off thru Jan 12th! https://t.co/WFcoj2rQaq

if anyone is too lazy to learn to use @M_alphaaa 's boflink and doesnt want to fight MSVC to stop using funny sections in your bofs, heres a drop in replacement for the TrustedSec BOF template that uses boflink (standalone) in the makefile https://t.co/6htqGwHw6s

Santa's dropping a new BOF down the chimney! My Christmas gift to RedTeam operators: BOF_ExecuteAssembly https://t.co/jQeNZjPi65

A fun little Friday night project porting @AndrewOliveau C# SessionHop code to a BOF. Built off of @tiraniddo session moniker research & @CICADA8Research original IHxHelpPaneServer blog. Enjoy! https://t.co/QYcsPKaOii

Threw together a Cobalt Strike MCP yesterday. Fortra is going to release an official one apparently, but until then.. It uses the official OpenAPI spec + FastMCP. Implementation details in the blog post Github: https://t.co/JqAj9ey0aT Post: https://t.co/i8SMdU4gun

Which one of you was it?

lol whole new calling conventions for PIC literally a day after I release my kit 😅

Wrote a post on implementing Syswhispers3 syscalls into BOFs. Gave an example using a previous BOF I wrote and adding syscalls to it. Added some thoughts on OPSEC and detection in there too. Blog: https://t.co/YhZfiVCaeL Repo: https://t.co/Sex7cLnwuE

AWS quietly updated T&Cs to ban “Fireprox”style use of API Gateway closing a handy pentest trick. @ZephrFish and @turvsec already rolled alternatives such as Omniprox and Flareprox. Banning tools only hampers legit testers, attackers will proxy anyway.

WAX files another file format capable of grabbing NTLM hashes the file requires authentication to remote file servers that host our playlists #redteam

Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. https://t.co/761G96JDF1

knew win10 had the dsquery.dll laying around but never knew what to do with it "rundll32.exe dsquery.dll OpenQueryWindow" will pop open a console for you and you can do some light LDAP recon you can also open with with win + ctrl + f probably useful for VDI/Citrix type tests

👀🔥

We presented Module Override, an alternative process injection technique, you can find the blog posts on it at zer0phat’s blog

Had an awesome time at #DefCon 33. Lots of new discoveries, first time speaking at the #redteamvillage along with @zer0phat and met lots of cool people. Looking forward to the next one!

I remember that I had to do some research online on how to make exploits for vulnerabilities over MS-RPC. With this blog, I hope to fill the gap on the lacking information available online on how to make these yourself. https://t.co/1YLS5ZY4A3

This is going to be a fun one. Delighted to join @zer0phat for this one! If you see me around at Defcon and want to nerd out on this stuff please say hi!