What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?.We explored process injection using nothing but thread context. Full write-up + PoCs:.

RT @kfosaaen: I'm very excited to share that Thomas Elling and I will be presenting "We Know What You Did (in Azure) Last Summer" at the DE….

RT @codewhitesec: We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to p….

RT @delivr_to: It's here. The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from….

RT @watchtowrcyber: Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257. https://t.co/….

RT @Teach2Breach: Locate dll base addresses without PEB Walk:.

RT @SEKTOR7net: VEH² technique to bypass ETW-based detection. Hardware breakpoints abuse can be detected with Microsoft-Windows-Kernel-Aud….

RT @Bl4ckShad3: While researching in Azure with my partner @IdanLerman we found some cool misconfiguration in Azure role condition that ca….

RT @kfosaaen: I have a new post out on the @NetSPI blog today. This one is on extracting sensitive information from the Azure Load Testing….

RT @SEKTOR7net: Modern lateral movement techniques detection (mainly DCOM/DCE/RPC/RDP) with examples. Some assumptions worth mentioning: v….

RT @G3tSyst3m: Part 3 of the Buffer Overflows in Modern Era series has been posted! In this lengthy yet detailed walkthrough, we'll start….

RT @SEKTOR7net: Credentials access via Shadow Snapshots, WMI and SMB, all done remotely. Technique implemented inside impacket framework a….

RT @silentgh00st: #bugbountytip .Quick tip and script : ✅️. If you are hunting or scanning a WordPress instance, don't forget to look for e….

RT @SpecterOps: In the year since Misconfiguration Manager's release, the security community has been actively researching new tradecraft &….

RT @trickster012: This is my research project in creating read, write and allocate primitives that can be turned into an injection in order….

RT @_dirkjan: Last two weeks I talked about BYO Identity Providers in Entra ID and backdoors to External Auth Methods to bypass MFA. Only p….

RT @Jonas_B_K: I publish two blog posts today! 📝🐫 . The first dives into how we're improving the way BloodHound models attack paths through….

RT @mrgretzky: If you're battling phishing detections through CSS canary tokens, make sure to add these entries into your Evilginx MS365 ph….

RT @SEKTOR7net: Swimming deep inside Windows Security Center service to re-engineer API access allowing to disable Windows Defender. COM i….

RT @SpecterOps: Get the scoop on the incoming Administrator Protection for Windows 11. @_xpn_ covers the architecture, access controls, an….

RT @_xpn_: My second blog post of the month is up. Nothing too crazy, this time I’m looking at the upcoming Windows Administrator Protectio….