NAT Slipstreaming by @samykamkar, a new AV evasion method by @jxy__s, Kerberoasting in pure VBA by @TheXC3LL, Linux LPE by @scannell_simon, browser extension vulnerabilities from @WPalant, new Maldoc techniques from @Matt_Grandy_, a new autonomous red team tool from @privateducky and team, and more!
LOLBin post from @bohops, new Excel macro tool from @JoeLeonJr, Windows sandbox detection by @LloydLabs, macOS LPE by @0xm1rch, how to use Azure passwords by @kfosaaen, a review of low cost pentests by @_sophron, and more!
Ryzen Driver LPE by @h0mbre_, Discord desktop RCE by @kinugawamasato, Azure Pipeline abuse by @Flangvik, macOS TCC tricks by @_xpn_, AWS enumeration bug by @Frichette_n, new loader from @Cribdragg3r, and more!
DLL Hijacking persistence by @duff22b, Unauth RCE against HP Device Manager from @nickstadb, Linux package manager persistence by @pwnshift, malware unpacking techniques from @Marco_Ramilli, criticals in Apple infra by @samwcyo, DLL hijacking for lateral movement by @domchell, and more!
Sysmon exploit by @0x00dtm, physical smartcard/kerberos attack tools by @_EthicalChaos_, UACMe update (and Defender bypasses) by @hFireF0X, dynamic instrumentation by @rh0main, a new checksec from @mtarral, and more!
Malicious MSI transforms from @_EthicalChaos_, Group Policy caching LPE by @decoder_it, another Cisco AnyConnect LPE by @AntoineGoichot, Phishing your password manager by @CurtBraz, a different ZeroLogon use case by @_dirkjan, and more!
Argument injection makes a comeback by @dozernz, persistence with the Dock in macOS by @_D00mfist, the nuclear option for unhooking by @winternl_t, DCOM lateral movement by @domchell, a better MitM by @HttpToolkit, owning Firefox on Android by @LukasStefanko, and more!
The biggest bug since 2017 - Unauth DC RCE by @djrevmoon and team, OpenSSL hooks in Rust by @alessandrod, libinjection bypasses by @Menin_TheMiddle, DevOps for red team tools by @domchell, updates to Evilginx by @mrgretzky, sneaky persistence by @slaeryan, and more!
Remote SAM dumping in .NET by @G0ldenGunSec, Using Yara offensively by @_batsec_, Custom DLL injection in CobaltStrike by @tomcarver_, a C# Chrome cookie cloner from @buffaloverflow, and more!
Prevent .NET exit in loaded code by @domchell, file delete to SYSTEM PoC by @404death, @Tesla is targeted for insider ransomware recently (failed) and was completely owned in 2017, @djhohnstein shows how to load Go modules in memory, great new features in Octopus 1.2 from @mohammadaskar2, and more!