🎃 Spooky (forthcoming) OpenSSL 3 critical vuln, RC4 fun (@tiraniddo), Autodial DLL techniques (@TheXC3LL), token leak abuse via webshell (@_Kudaes_), Open-Obfuscator (@rh0main), more exchange pwnage from 🍊 (@orange_8361), and more!
Untangling Azure Permissions (@0xcsandker), V8 and JS internals of Chrome (@jack_halon), MS Office Online Server RCE chain (@IndiShell1046), ManageEngine Decryptor (@W9HAX), SharedMemUtils (@x86matthew), and more!
Cobalt Strike RCE (@0x09AL + @FuzzySec), Docker Compose for red teams (@BuckinghamEzra), portable malware (@CaptMeelo), free root servers (@hackerschoice), LastPass tricks (@rbmaslen), practical attacks against NTLMv1 (@n00py1), and more!
Intel Alder Lake src leak (@vxunderground ), PHP payloads in PNGs (@ROLANDQuentin2), Zimbra RCE via email, macOS Gatekeeper bypass (@JamfSoftware), ShadowSpray (@dec0ne), and more!
Kerberos downgrade attack (@tiraniddo), Havoc C2 (@C5pider), ASNmap (@pdiscoveryio), static vs behavioral detection (@ShitSecure), Freeze payload toolkit (@Tyl0us), multiple tools from @D1rkMtr, cheap Yubikeys, Playstation 5 jailbreak, and more!
AttachMe Oracle Cloud vuln (@eladgabay_), JuicyPotatoNG service to SYSTEM privesc (@decoder_it + @splinter_code), personal phishing (@Direct_Defense), AD CS pwnage (@theluemmel), Kerberos FAST protection (@4ndr3w6S), service exploitation via pipes (@x86matthew), and more!
CloudFox (@sethsec + @cvendramini2), MiraclePtr in Chrome, Jetty hacking (@m1ke_n1), ExternalC2 myths (@RET2_pwn), NTLMv1 attacks (@n00py1 + @an0n_r0), Golden Ticket patches soon (@varonis), plaintext Citrix passwords (@gentilkiwi), and more!
Avoiding memory scanners (@kyleavery_), EvilnoVNC critiques (@TheXC3LL), Athena 0.2 (@checkymander), Monkey365 (@tr1ana), reFlutter (@lmpact_l), gTunnel/SOCKS (@greycatsecurity + @hotnops), cobaltstrike-headless (@codex_tf2), and more!
Nmap turns 25 (@nmap), PersistAssist (@Grimmie), SCM attack toolkit (@h4wkst3r), nf_tables privesc (@saidelike), the BloodHound Attack Research Kit (@_wald0), MS Teams Phreaking (@moritz_abrell), blinding Sysmon (@testert01 + @thefLinkk), EvilnoVNC (@JoelGMSec), and more!
AceLdr (@kyleavery_), DLL fun (@Wietze + @ConsciousHacker), CI/CD pwnage (@smarticu5), Kerberos LPE (@monoxgas + @tiraniddo), Burp ➡️ C2 profile (@codex_tf2), AD CS + PIV (@_EthicalChaos_), and more!