Windows LPE 0day (@KLINIX5), Windows 10 URI handler "RCE" (@positive_sec), detect anomalous TLS certs with ML (@NCCGroupInfosec), USB-over-ethernet vuln (@kasifdekel), bitlocker key leak (@theluemmel), Linux TIPC LPE (@bl4sty), Tartarus' Gate (@trickster012), abusing SecLogon (@splinter_code), and more!
AFL++ on Android (@Gr33nh4t), Qualcomm NPU exploits (@mmolgtm), sysWhipser research (@CaptMeelo), TPM sniffing (Julien Oberson), CheckCert and SQLRecon (@sanjivkawa), and more!
The future of NTLM relaying (@_EthicalChaos_), Windows updates for hackers (@bitsadmin), Syscall malware analysis (@m0rv4i), fighting EDRs in the kernel (@cerbersec), Living Off Trusted Sites (LOTS) Project (@mrd0x), and more!
DLL proxying helper BOFs (@the_bit_diddler), Cobalt Strike traffic decryption (@DidierStevens), CES/CEP on Linux (@duff22b), Kerberoasting OPSEC (@DebugPrivilege), certutil LOLbin replacement (@ElliotKillick), and more!
DLL proxying with artifact kit (@joevest), lateral movement 101 (@_RastaMouse), Windows kernel driver hooking (@cerbersec), macOS XAR arbitrary file write (@buffaloverflow), malapi.io launch (@mrd0x), protobuf in sqlmap (@APTortellini), and more!
Windows LPE 0day (@KLINIX5), and lots more!
macOS ESF playground (@jbradley89), Azure privesc via service principles (@_wald0), Java gadget finding (@hugow_vincent), malicious Azure AD OAuth2 (@nyxgeek), and more!
iOS 15 IOMFB exploit (@AmarSaar), new lsass dumper (@thefLinkk), SharpCalendar (@sadpanda_sec), gcpHound (@desi_jarvis + @Richarjb), macOS SBX (@epsilan), and more!
OffensiveRust (@trickster012), persistence via preview panes (@matterpreter + @mutantvillian), decrypting CyberArk (@jelleverg), enumerate uncommon SMB shares (@podalirius_), and more!
PPLDump BOF (@the_bit_diddler), code-signed rootkits (@HackingThings), remote windows password resets (@n00py1), XSS to RCE (@whynotsecurity), FinSpy bootkit (@kaspersky), Azure brute-forceable endpoint (@DrAzureAD?), and no C2 drama!