Finally, the second part of the blog post where we go from Windows Paged Pool Overflow to SYSTEM shell starting from Low Integrity 3sjay.github.io/2024/09/20/Win… have a great weekend everyone ;)

TrickDump dumps the lsass process without creating a Minidump file, generating instead 3 JSON and 1 ZIP file with the memory region dumps meterpreter.org/trickdump-dump…

10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority. research.checkpoint.com/2024/10-years-…

Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though): gist.github.com/snovvcrash/cad…

After some "repository chores" I have pushed also the code for the Timer Callbacks spoofing I have talked about in my last blog. Also, repository has a new shape with definitely less inner chaos and more screenshots👀 github.com/oldboy21/RflDl… #swappala #sleaping #reflectivedll

Some #KQL for all your LOLRMM needs let LOLRMM = externaldata( Name:string, Category:string, Description:string, Author:string, Date:datetime, LastModified:datetime, Website:string, Filename:string, OriginalFileName:string, PEDescription:string, Product:string,

COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (Sylvain Heiniger) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM blog.compass-security.com/2024/10/com-cr…

New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by Christopher Panayi over SOCKS5 UDP by wrapping the awesome PxeThiefy.py from Carsten. Enjoy :) github.com/SpecterOps/cre…

Having personally targeted Lawful Intercept systems at a number of US companies, I am not surprised these backdoors are key targets. They give real time location, call detail records, internet traffic, e911, backend backhaul infrastructure access, etc. From my perspective, the

In September, Elastic Security published 77 brand-new detection rules! Check out the overview ⬇️ #ElasticSecurityLabs

It seems amazing to me that MS have spent years talking about this feature and have not fixed well known public bypasses. My similar Kerberos trick probably works tiraniddo.dev/2022/03/bypass… as does googleprojectzero.blogspot.com/2019/12/callin… if you accept a prompt :)

Hi! We'd like to share our new research with you. You've probably heard about COM Hijacking, but we've found another way of persistence via COM. Typelib! Read the article here: medium.com/@cicada-8/hija…

We have all heard about attackers leveraging firewall policies or WFP to block EDRs from communicating with their servers. Today I am releasing a Huntress blog talking about how to mitigate that tampering technique within EDR products: huntress.com/blog/silencing…

A few months ago I've created a "Pefect DLL Loader". You can find some details on my article that was just published today ! The full implem can be found directly in the DEF CON workshop in my github ! Hope you will learn something in this 😊 riskinsight-wavestone.com/en/2024/10/loa…

Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis" I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things ! Might make it a talk...? 👀 zerotistic.blog/posts/cff-remo…

Almost embarrassed to post this, but I've always used Fiddler or Burp for capturing things like this.. I didn't have admin rights and was trying to capture network traffic from a pop-up, so Dev Tools wasn't working Apparently this is built into Chrome/Edge! edge://net-export/

🚨 New Discovery! We uncovered an undocumented technique for executing commands through the #Godot #GameEngine. Exploited by #GodLoader, this method successfully bypassed most #antivirus software since June 2024, affecting over 17,000 potential victims. research.checkpoint.com/2024/gaming-en…

Cobalt Strike 4.10.1 is live--this out of band release addresses issues in 4.10 and provides an update to the Mutator Kit. Get more details in the blog: cobaltstrike.com/blog/out-of-ba…

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely github.com/deepinstinct/D… #redteam