COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (Sylvain Heiniger) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM blog.compass-security.com/2024/10/com-cr…

#flareon11 challenge 9 - serpentine was one of the best challenges I've ever seen. Up there with break, evil, anode, wizardcult, help, missing, golf, Suspicious Floppy Disk, FLAVA, and you_are_very_good_at_this.

Working on some NetExec modules I realized that on Windows you can get a list of recently modified files looking at the %appdata%\Roaming\Microsoft\Windows\Recent folder. New NXC module coming soon 👀

COMThanasia: analyzing common vulnerabilities in COM meterpreter.org/comthanasia-an…

Thank you for challenges! 💕#flareon11

It seems amazing to me that MS have spent years talking about this feature and have not fixed well known public bypasses. My similar Kerberos trick probably works tiraniddo.dev/2022/03/bypass… as does googleprojectzero.blogspot.com/2019/12/callin… if you accept a prompt :)

New blog! I hate you COM – Pitfalls of COM object activation! Addressing few issues in .NET unmanaged apis when used in offensive coding sabotagesec.com/i-hate-you-com…

Outrageous technique: barely legal use of x86 CPU instruction enables you to catch and 𝗰𝗮𝗻𝗰𝗲𝗹 impeding pagefault before it actually happens. ③: catch PAGE_GUARD or invalid access ⓪: do previously illegal reads at high IRQL, safely #vpgatherqq #vpscatterqq scatter/gather

Here is my light session presentation about MS OneDrive EoP vulnerability that we found and successfully exploited with my friend and colleague Denis (Cr0Eax)! docswell.com/s/ierae/KQRMJE…

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

I wrote an article about known attacks on Elliptic Curve Cryptography, check it out! github.com/elikaski/ECC_A…

flare-on 11 write up is out on my company's blog: gmo-cybersecurity.com/blog/flare-on-…

#flareon11 For task 9, massive thanks to the hero who wrote Python bindings for the Time-Travel Debugger (github.com/commial/ttd-bi…). Being able to record a process execution once and then arbitrarily navigating it (reading regs/memory along the way) really feels like a superpower.

[Research] COM Object - Part 1 Confirm the concept of COM objects through practice and Check how to find a vulnerable COM object. hackyboiz.github.io/2024/11/24/ogu…

RedEDR: Collect Windows telemetry for Malware Development github.com/dobin/RedEdr #redteam

🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research! 🔍 Blog: mohamed-fakroud.gitbook.io/red-teamings-d… 💻 Code: github.com/T3nb3w/ComDotN…

Wow, we can't believe you remembered the 2-weekiversary of the 4.11 release! Let's cut the cake and celebrate the novel Sleepmask, a novel process injection technique, new prepend reflective loader with new evasive options, asynchronous BOFs, and more! cobaltstrike.com/blog/cobalt-st…

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…