Windows installer LPE (@a_denkiewicz), unhooking without direct syscalls (@Kharosx0), dynamic linking injection (@praetorianlabs), suspending AV (@freefirex2), dir2json (@bitsadmin), DPAPISnoop (@lefterispan), and more!
RCE any Samsung phone (@itswillis), Parallels escape (@the_impalabs), AD trust issues (@exploitph), glitching past all ESP32 defenses (@raelizecom), PPL defeated again (@itm4n), and more!
Cobalt Strike 4.8 (@gregdarwin), Timeroasting, Mythic 3.0 (@its_a_feature_), LastPass breach saga continues, CosmosDB XSS to account takeover (@Creastery), 😈 chrome extension (@mattfriz), and more!
FortiNAC RCE, NimPlant (@chvancooten), LPE via GPO (@decoder_it), bypassing Okta MFA (@n00py1), injection with NtQueueApcThreadEx (@LloydLabs), DKOM attacks on ETW providers (@FuzzySec), PCIe on Windows (@4lpine), and more!
Phishing in 2023 (@0xcsandker), SaltStack A-Salt (Alex Hill - @SkylightCyber), LocalPotato (@decoder_it + @elad_shamir), install4j XXE (@frycos), LPE in Avast (@Denis_Skvortcov), learning Semgrep (@jrozner), and more!
Pre-Auth RCE (@infosec_au + @TheGrandPew), IP phone pwnage (Dylan Pindur), GoAnywhere RCE (@frycos), Toyota supplier network hack (@XeEaton), PipeViewer (@g3rzi), reverse socks5 (@aceb0nd), certsync, and more!
HIVE takedown, Yandex leak, modern SEH hijacking (@BillDemirkapi), extending PersistAssist (@Gr1mmie ), Docmosis Tornado horror show (@frycos), RODC to DA (@elad_shamir), rendering Chrome to a terminal, and more!
No Fly List leak (@_nyancrimew), LogSlash (@4A4133), Okta issues (@varonis), ARM bug pwns Pixel (@mmolgtm), golddigger (@ustayready), APCLdr (@NUL0x4C), build your own SANS760 (@Void_Sec), SOCKS4a shellcode, and more!
SCCM relay to takeover (@_Mayyhem), LAPS 101 (@mega_spl0it), Sliver vs Havoc (@Naw), Defender LPE (@pixiepointsec), CircleCI post mortem, ASRmageddon, and more!
Korea's browser-ex problem (@WPalant), Prox-Ez (@b1two_ + @YofBalibump), car hacks (@samwcyo), Azure privesc (@_wald0), tons of direct syscall techniques, and more!