🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Wrote a short blog post on: - ETW Threat Intelligence generated by SetThreadContext (hardware breakpoints) - Kernel debugging and reversing - Setting HWBPs in a more "stealthy" manner (not the same ETW TI events generated - no detections) Check it out praetorian.com/blog/etw-threa…

This is cool. Wish I had more time for RE: blog.thalium.re/posts/llvm-pow…

Wonder how many red teamers are going to leak private in-house evasion tech if these kind of bounties grow. 🫡

Stumbled across this. Really nicely organized anti-debugging techniques for malware dev or otherwise. anti-debug.checkpoint.com

Assuming this is true I certainly didn't have PHP coming to iOS on my 2025 bingo card.

Many in the Mythic Community have asked for a way to standardize BOF/.NET execution within Mythic Agents. Today I'm releasing Forge, a new Mythic container to do just that: posts.specterops.io/forging-a-bett… We're starting off with default support for Apollo and Athena. Check it out! :)

Ah so that's where that spike in Chinese traffic came from. Along with an increase of vuln scanners slamming my website. My site is static, you guys can stop now... - freebuf.com/sectool/419846… - blog.csdn.net/FreeBuf_/artic…

github.com/praetorian-inc… Harald is an in-memory tiny high-level CPU, able to process a set of instructions to generate application-layer protocols to be used over a given network protocol (TCP/UDP). Harald will consume a stream of OPCODES and apply different transformations to

Bobby Cooke Here you go: gist.github.com/eversinc33/86b…

I found this blog post to be useful as I'm also just now starting to look at implementing RAG for a project. Nice to see how someone else is using it in a security context: trustedsec.com/blog/from-rags…

Just came across this AutoIT malware framework. Haven't tested it but looks interesting. Boy I haven't used AutoIT in over a decade. github.com/CroodSolutions…

Another shellcode template. Added to PIC-Library: github.com/rbmm/SC_DEMO

If your org has MS 365 don't overlook PowerApps and Power Automate. I'm finding it to be quite useful for both nefarious and process purposes. Easier to deploy tooling in an already approved platform vs a custom webapp.

Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C. Notable features include: 📁 Modular command/code inclusion 🦠 Malleable C2 Profile support 🪨 Compatible with Cobalt Strike BOFs github.com/MythicAgents/X… Blog series - c0rnbread.com/creating-mythi…

As promised... this is Loki Command & Control! 🧙‍♂️🔮🪄 Thanks to Dylan Tran for his work done on the project and everyone else on the team for making this release happen! github.com/boku7/Loki

This has been a LONG time coming! This is just the beginning though :) I'll be recording more for updates, features, workflow updates, and yes - a developer series too! Be sure to let me know what you do/don't like about this format and what kinds of things you'd like to see!

Ooh someone's taking notes. SentinelOne If ya'll got any questions feel free to hit me up. Referrers hitting the Hannibal agent repo:

This continues to be a great tool. I'm using it to make stripped down throwaway VMs for when we do ops. Otherwise win11 is such a hog: github.com/ntdevlabs/tiny…

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

Are you thinking of writing a C2? Do you want to modify an existing C2? Have you ever thought "why on earth did they do it that way"? Join me as I show what I've learned from 7 years of open source C2 and agent development so you can start off with success :) I can't wait!