🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Great tool for spraying. One that I forgot about!

Had some friends that needed it so SCCMHunter can now use NTLM auth for LDAPS channel binding. Kerberos coming soon. github.com/garrettfoster1…

Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- Dylan Tran and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙‍♂️🪄

Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to Dylan Tran and chompie for all their contributions to Loki C2! IBM IBM Security X-Force securityintelligence.com/x-force/bypass…

I am excited to announce the first conference dedicated to the offensive use of AI in security! Request an invite at offensiveaicon.com. Co-organized by RemoteThreat, Dreadnode, & DEVSEC. The Call for Papers opens Tuesday, March 25, 2025, and will remain open until Friday,

When I first started bug hunting one month ago, I didn’t expect to generate nearly $13K in bounties. But with the help of AX Framework, I did! 🚀 Here’s my journey & why you should give it a shot: medium.com/@EthicalOffsec… #BugBounty

The CFP for Offensive AI Con is now open! We’d love to hear about how you’re using knowledge assistants, semi/fully autonomous workflows, agents, or specialized models to find and weaponize vulnerabilities, speed up offensive cyber operations, develop capabilities faster, solve

Had a lot of fun digging into COM stuff with bohops recently! We ended up finding a way to laterally move without dropping a file. ibm.com/think/news/fil…

As promised... this is Loki Command & Control! Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

I Backdoored Cursor AI 😎 youtu.be/FYok3diZY78 Finally getting a chance to play with Loki C2, the super cool Node JS C2 framework for backdooring Electron applications (think Discord, Slack, too!) -- put together by the incredible Bobby Cooke 🔥We even got to nerd out over DMs to

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…

Had some fun with PDQ deploy/inventory credential decryption and wrote about it here: unsigned-sh0rt.net/posts/pdq_cred… thanks to dru1d for write a BOF out of the POC tl;dr get admin on PDQ box, decrypt privileged creds

I am thrilled to be presenting new research on attacking ML training infrastructure at TROOPERS Conference this summer. Stay tuned for a blog post and lots of updates to MLOKit closer to the conference!

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

The deadline is approaching fast for the first wave of OAIC tickets: May 16. Purchase your ticket by THIS Friday to secure your spot! Check your inbox for details. Next round of invitations coming soon. Request an invite: offensiveaicon.com/#request-invite

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

New research just dropped I'll be presenting at TROOPERS Conference next week - Attacking ML Training Infrastructure 💥 Model poisoning for code execution ⚠️ Abusing ML workflows ⚙️ MLOKit updates and new threat hunting rules ibm.com/think/x-force/…

Last week we added ELEVATE-4 github.com/subat0mik/Misc… to Misconfiguration Manager. tl;dr If SCCM uses AD CS for PKI, client auth certs are "borrowed" by clients during OSD. This will typically be a distribution point but could be the site server in all-in-one deployments...

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…