silentwarble
@silentwarble
Followers
365
Following
161
Media
8
Statuses
158
RT @its_a_feature_: Are you thinking of writing a C2? Do you want to modify an existing C2? Have you ever thought "why on earth did they do….
0
9
0
RT @passthehashbrwn: New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through o….
ibm.com
The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and...
0
78
0
This continues to be a great tool. I'm using it to make stripped down throwaway VMs for when we do ops. Otherwise win11 is such a hog:
github.com
Scripts to build a trimmed-down Windows 11 image. Contribute to ntdevlabs/tiny11builder development by creating an account on GitHub.
0
8
43
Ooh someone's taking notes. @SentinelOne If ya'll got any questions feel free to hit me up. Referrers hitting the Hannibal agent repo:
0
1
8
RT @its_a_feature_: This has been a LONG time coming! This is just the beginning though :) I'll be recording more for updates, features, wo….
0
20
0
RT @0xBoku: As promised. this is Loki Command & Control! 🧙♂️🔮🪄.Thanks to @d_tranman for his work done on the project and everyone else o….
github.com
🧙♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications - boku7/Loki
0
237
0
RT @0xC0rnbread: Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C. Notable features include:.📁 Modular co….
github.com
A Mythic agent for Windows written in C. Contribute to MythicAgents/Xenon development by creating an account on GitHub.
0
92
0
If your org has MS 365 don't overlook PowerApps and Power Automate. I'm finding it to be quite useful for both nefarious and process purposes. Easier to deploy tooling in an already approved platform vs a custom webapp.
0
0
8
Another shellcode template. Added to PIC-Library:
github.com
Contribute to rbmm/SC_DEMO development by creating an account on GitHub.
0
4
31
Just came across this AutoIT malware framework. Haven't tested it but looks interesting. Boy I haven't used AutoIT in over a decade.
github.com
BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment. - CroodSolutions/BypassIT
0
8
39
I found this blog post to be useful as I'm also just now starting to look at implementing RAG for a project. Nice to see how someone else is using it in a security context:
trustedsec.com
1
1
7
RT @AnthonySecurity: Harald is an in-memory tiny high-level CPU, able to process a set of instructions to generate….
0
9
0
Ah so that's where that spike in Chinese traffic came from. Along with an increase of vuln scanners slamming my website. My site is static, you guys can stop now. - -
0
0
2
RT @its_a_feature_: Many in the Mythic Community have asked for a way to standardize BOF/.NET execution within Mythic Agents. Today I'm rel….
0
35
0
Assuming this is true I certainly didn't have PHP coming to iOS on my 2025 bingo card.
This changes EVERYTHING. I just announced on stage at @LaraconEU that the FIRST EVER iPhone app to built on @LaravelPHP and @LaravelLivewire has been released on the iOS App Store. Yes, you read that right!. PHP now has Apple's approval as a legitimate way to build iOS apps. 🔥.
1
0
5
Stumbled across this. Really nicely organized anti-debugging techniques for malware dev or otherwise.
anti-debug.checkpoint.com
Anti-Debug Tricks
0
7
34
Wonder how many red teamers are going to leak private in-house evasion tech if these kind of bounties grow. 🫡.
We’re adding a new section to @elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here:
1
2
17
RT @rad9800: Wrote a short blog post on:.- ETW Threat Intelligence generated by SetThreadContext (hardware breakpoints).- Kernel debugging….
0
78
0