ESXi heap overflow RCE (@straight_blast), abusing .NET dev features (@bohops), new book (@1njection), LNK for initial access and persistence (@V3ded), Outlook post-ex fun (@checkymander), new C# obfuscation tool (@h4wkst3r), WOW64 injector (@aaaddress1), and more!
CloudFlare IP filtering (@vysecurity), DNSStager (@mohammadaskar2), Cobalt Strike OPSEC (@jmoosdijk), Azure app phishing (@nikhil_mitt), decision making in red teams (@Jackson_T), and more!
Exim RCE (@lockedbyte), Windows kernel exploit writeup (@33y0re), plaintext RDP creds from memory (@jonasLyk, @n00py1), MS Defender ATP bypasses (@Tyl0us), hashcat 6.2.0 (@hashcat), and more!
Full DarkHotel exploit ⛓️ (@_ForrestOrr), DomainBorrowing (@md5_salt), WinPmem to dump LSASS (@TheXC3LL), Twitter Tip Jar fail (@RachelTobac), the reasoning behind DripLoader (@_lpvoid), .NET + NTFS tricks (@G0ldenGunSec), and more!
Policy change (@github), Marauder's map (@Jean_Maes_1994), Null byte injection in GoAhead (@luker983), in-mem DLL loader (@scythe_io), Firebase fronting (@shantanukhande), Source Engine client RCE (@4lpine), and more!
New APIs/syscalls for EDR bypass (@yarden_shafir), UAF browser exploit dev (@33y0re), PowerView replacement [EDD] (@FortyNorthSec), phishing banner defeat (@whynotsecurity), packer teardown (@fumik0_), NANDcromancy (@Atredis), and more!
0 to RCE against a CMS (@ultrayoba), tcpip.sys patch diffing for N-days (@0vercl0k), detecting stagers (@DidierStevens), named pipe PTH (@ShitSecure), URI-based 1-click RCEs (@positive_sec), FDE bypass [Airstrike attack] (@breakfix), and more!
0-click Linux BT RCE (@theflow0), deanonymizing LinkedIn users (@h3xstream), PPL demystified (@itm4n), HTML based remote macros (@micahvandeusen), Chrome 0day-ish (@r4j0x00), wordlist generator (@giteshnxtlvl), and more!
PATH shim (@djhohnstein), C2 profile randomizer (@joevest), website to wordlist tool (@Matt_Grandy_), DLL side-loading fixes (@1ndahous3), a new 🥔 tool (@micahvandeusen), txt files that leak (@PaulosYibelo), and more!
Real APT discovery (@IgorBog61650384), a new heap exploitation technique (@Dooflin5), SAML injection (@NCCGroupInfosec), MemoryLoader IDA plugin (@RRBlackRussian), redacted PEM key recovery (@CryptoHack__), MirrorDump tool (@_EthicalChaos_), and more!