Checkout my CRTO Review which i recently published on my blog. https://t.co/jES2hhZV4N #crto #redteam #infosec #blog

Malware Sideloading via MFC Satellite DLLs: https://t.co/kMcFN9mgiP This blog post describes a DLL sideloading technique that is used by Turla, BRONZE BUTLER and likely also other threat actors. This technique affects thousands of MFC applications.

Giveaway. Thank you @mrd0x for sponsoring this. We've got FIVE @MalDevAcademy vouchers. These vouchers are bundles. This vouchers give you: - Full access to malware source code database - Full access to malware development course Comment below for a chance to win.

SCOM monitors critical systems, but insecure defaults make it a powerful attack vector. At #BHEU, @unsigned_sh0rt & @breakfix show how to abuse SCOM for credential theft, lateral movement, and domain escalation, plus how to defend it. https://t.co/bxW5PYyhyl

Whether you’re creating your first agent or refining an existing one, our new Mythic for Developers series, hosted by @its_a_feature_ breaks down development from an operator’s point of view. 👀 Dive into the playlist and send us your feature requests: https://t.co/8YDydqJoN9

https://t.co/fRN9lhj4oY

Bypassing AMSI with Guard Pages. Combining Vectored Exception Handler to handle exceptions generated by PAGE_GUARD set on AmsiScanBuffer() memory leads to flow control over the said function. A post by Leon Weinmann (ShigShag). Source: https://t.co/fRL316WBJ0 #redteam

Collection of blogs about malware development and analysis

Reversing for dummies - x86 assembly and C code (Beginner/ADHD friendly) https://t.co/kOQwycBFE5

ClickFix Gets Creative: Malware Buried in Images - @HuntressLabs @polygonben @RussianPanda9xx https://t.co/I0TPIsogAn

EvilBytecode/Ebyte-amsi-patchless-vehhwbp: Patchless AMSI bypass using hardware breakpoints and a vectored exception handler to intercept AmsiScanBuffer and AmsiScanString before they execute. -

Hey Fam, Just released a small research on threat campaign known as Operation Hanoi Thief targeting Vietnamese IT professionals with Pseudo-Polyglot payload, a DLL implant known as LOTUSHARVEST and much more you can read it here: https://t.co/jHXZYQZgaC

And a write-up illustrating its capabilities:

Hello everyone, I’ve just released Kharon v0.1. It includes evasion features such as timer-based sleep obfuscation, heap obfuscation, stack spoofing with indirect syscalls, and a BOF API proxy for spoofed/indirect execution. Agent behavior can be configured through the config cmd

Managed to get RTO II out in time for everyone to enjoy the Black Friday sale, so have at it.

New release: #TinyTracer v3.2 is out: https://t.co/qvbQqaUq16

A very big hashcat rules collection with 455 rulesets: https://t.co/NkcDSZXs1A Spreadsheets with benchmarks on how these rules score: 🟢 https://t.co/zly4ULQJY4 🟢 https://t.co/Bl0knWfXYj

@_dirkjan and my joint talk at #TROOPERS25 is now available on YouTube. "Finding Entra ID CA Bypasses - the structured way" @WEareTROOPERS https://t.co/fAQ0aCreKj

Making the NtCreateUserProcess Work From CreateProcess() to NtCreateUserProcess. Blog: https://t.co/O1GZN9hSX5 Rust Poc: https://t.co/YjcE6XYuhN

Install all SysInternal tools on Windows machines with command line alias: winget install --id Microsoft.Sysinternals.Suite Or use the good old: https://t.co/N7YIXIEEC8

This blogpost is interesting - has Windows internals, my own novel solution to a problem red teamers have had for a while, EDR bypasses, debugging and much more. Spoofing command lines on Windows and solving the problem of length limitations: https://t.co/4R5FCfNvsV