🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I am excited to announce the first conference dedicated to the offensive use of AI in security! Request an invite at offensiveaicon.com. Co-organized by RemoteThreat, Dreadnode, & DEVSEC. The Call for Papers opens Tuesday, March 25, 2025, and will remain open until Friday,

The CFP for Offensive AI Con is now open! We’d love to hear about how you’re using knowledge assistants, semi/fully autonomous workflows, agents, or specialized models to find and weaponize vulnerabilities, speed up offensive cyber operations, develop capabilities faster, solve

Had a lot of fun digging into COM stuff with bohops recently! We ended up finding a way to laterally move without dropping a file. ibm.com/think/news/fil…

New blog from me should be up in 2 weeks or so. Will cover a rather silly way to go from a standard O365 account to on-prem code execution due to some not uncommon sharing misconfigurations in the affected product.

Please buy my red teaming course so you can learn 7 useless derivatives of indirect syscalls from someone who has never red teamed

Unified Platforms for Adversary Emulation and Red Team Operations to the moon

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS. Hope you enjoy the blog & tool drop 🤟 ibm.com/think/x-force/…

I am thrilled to be presenting new research on attacking ML training infrastructure at TROOPERS Conference this summer. Stay tuned for a blog post and lots of updates to MLOKit closer to the conference!

> look inside > byte patch

Oh cool a hit infosec tweet, is it: A) an existing technique rewritten in a useless language B) a "new" EDR killer C) a "new" byte patch D) engagement farming account reposting old blogs

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

Security is when you tell your users to kick rocks if they want to run a program other than Edge. Also our productivity is way down does anyone have any tips?

I love when people who are trying to sell you courses post stuff like this

This C2 interface has had more real world operational impact than every webapp C2 combined

Being a doctor is easy, just do heart transplants on any ol guy and get praise