🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Cool XSS WAF/Blacklist bypass using "?.". Payload: alert?.(document?.cookie)

No problem BurpSuitePro 😂

A Red Teamer's guide to pivoting #infosec #pentest #redteam artkond.com/2017/03/23/piv…

Magic #2: How the hacker can shutdown your 🪄🪄 next gen/IA Active Directory monitoring when your AD has been compromised in one command ? Just by putting the IP of the platform in lDAPIPDenyList for an immediate shutdown. Fun part: it replicates 🤣

ROFL old but gold

Reminder to self: if you cannot elevate WindowsTerminal from an account with admin rights, run it from within SYSTEM context

When you finally find out randomness isn't random reddit.com/r/ProgrammerHu…

1995: Mudge published "How to Write Buffer Overflows", one of the first papers about buffer overflow exploitation. Then Mudge sent a copy to ℵ₁ @[email protected], who wrote "Smashing the Stack For Fun and Profit" in 1996. Seminal paper to seminal paper. Mudge's: insecure.org/stf/mudge_buff…

SOC watching the attacker in the SIEM, notifies IR team, and then watches the attacker steal NTDS.DIT in real time...

2009: The Metasploit Project announced that it had been acquired by Rapid7.

#Malware Reverse Engineering Handbook - by NATO CCDCOE ccdcoe.org/uploads/2020/0…

A phishing campaign tries to evade detection by dividing its attachment into code segments and encoding them using various mechanisms. It’s like a jigsaw puzzle that only reveals its malicious intent once all pieces are combined and decoded. Details: msft.it/6019nLKsX

ever wanted to fake sign a binary, but didn't want to install additional dependencies? well now you can using my super 1337 automation github.com/jfmaes/LazySign this tool was very hard to create, I swear! I may or may not have been inspired by Conti.

Allan “Ransomware Sommelier🍷” Liska Sergiu Gatlan

Hunting the #LockBit Gang's Exfiltration Infrastructures yoroi.company/research/hunti…

Elevate your cmd.exe to LOCAL_SYSTEM? \\live.sysinternals.com\tools\PsExec.exe -s -c cmd.exe Have you ever seen this being used by an adversary? I haven't but I like it.

🚨 BREAKING: History written with just 9 lines of code! We've discovered #PyLoose, the FIRST documented Python-based fileless attack targeting cloud workloads. See the power of 9 lines of Python code below 👇🏽

Sketch of the recent Okta incident involving a compromise of their support system:

OffensiveX 2025 was a blast 💥