0 to RCE against a CMS (@ultrayoba), tcpip.sys patch diffing for N-days (@0vercl0k), detecting stagers (@DidierStevens), named pipe PTH (@ShitSecure), URI-based 1-click RCEs (@positive_sec), FDE bypass [Airstrike attack] (@breakfix), and more!
0-click Linux BT RCE (@theflow0), deanonymizing LinkedIn users (@h3xstream), PPL demystified (@itm4n), HTML based remote macros (@micahvandeusen), Chrome 0day-ish (@r4j0x00), wordlist generator (@giteshnxtlvl), and more!
PATH shim (@djhohnstein), C2 profile randomizer (@joevest), website to wordlist tool (@Matt_Grandy_), DLL side-loading fixes (@1ndahous3), a new 🥔 tool (@micahvandeusen), txt files that leak (@PaulosYibelo), and more!
Real APT discovery (@IgorBog61650384), a new heap exploitation technique (@Dooflin5), SAML injection (@NCCGroupInfosec), MemoryLoader IDA plugin (@RRBlackRussian), redacted PEM key recovery (@CryptoHack__), MirrorDump tool (@_EthicalChaos_), and more!
The latest/greatest mem dumper BOF (@anthemtotheego), CLR usage logging evasion (@bohops), Windows deception engineering (@ollieatnccgroup), MobileIron enumeration (@OptivSourceZero), common vulns and mis-configs (@ShitSecure), macOS persistence (@theevilbit), and more!
Bloodhound Enterprise (@_wald0), reproducing ProxyLogon (@amlweems), Wireshark 1-click RCE (@positive_sec), free IOC API (@abuse_ch), VM detection trick (@gsuberland), IoT 🐚s via PCI (@_p0ly_), opensource AirTags (@Sn0wfreeze), and more!
Exchange RCE [ProxyLogon] (@orange_8361), Windows DNS RCE [SIGRed] (@chompie1337), C# AV Bypass (@ShitSecure), Google Chrome LPE (@KLINIX5), SaltStack API vulns (@dozernz), SACL honeypots (@jmoosdijk), Universal loader in Go (@symbolcrash1), and more!
JSON interop vulns (@theBumbleSec), PHPWind RCE presentation (@orange_8361), infra automation (@cedowens), AMSI knowledge (@ShitSecure), actual magic (@JustineTunney), modular password spraying (@0xZDH), and more!
Ubuntu LPE (@Gr33nh4t), open source FIDO2 🔑 (@SoloKeysSec), new ways to copy shellcode in VBA (@TheXC3LL), unconventional exploitation (@itm4n), harvesting hashes (@domchell), M1 mac malware (@ForensicITGuy), BOFs outside of CS (@TrustedSec), and more!
Dependency Confusion (@alxbrsn), hooking MiniDump (@Mari0Bartolome, @spotheplanet), SharePoint hacking (@acap4z), stealthy Windows IPC (@LloydLabs), direct syscall detection (@winternl_t), on-the-fly hooking from .NET (@FuzzySec), Windows LPE forever-day (@itm4n), defeat AV in safe mode (@_markmo_), and more!