"Always Notify" UAC bypass (@hFireF0X + @axagarampur), NTLM relaying to AD CS (@_dirkjan), 2x AD tools (@_nwodtuhs), from Jira advisory to RCE (@dozernz), BitLocker key from a TPM (@DolosGroup), PetitPotam + ESC8 easy button (@_batsec_ + @Flangvik), eBPF LPE (@chompie1337), and more!
User readable SAM hives (@jonasLyk and @cube0x0), PetitPotam takes off (@topotam77), Smart AD bruteforcing (@_nwodtuhs and @podalirius_), automated advanced maldocs (@33y0re), Windows command line obfuscation (@Wietze), dockerized Android (@sickcodes), and more!
iOS exploit campaign (@amnesty + others), PrintNightmare refuses to die (@gentilkiwi), readable SAM/SYSTEM hives (@jonasLyk), Ubuntu shifts LPE (@vdehors), SharpHound exfil in memory (@william_knows), Windows exploit dev (@33y0re), and more!
Arbitrary exe's as BOFs (@phraaaaaaa), .NET exe's via BOF (@anthemtotheego), enterprise grade RCE (@AdamOfDc949), built-in packet sniffing in Windows (@TheXC3LL), patching EternalBlue for embedded (@CaptMeelo), and more!
PrintNightmare saga (@cube0x0, @gentilkiwi, + others), Gatekeeper bypass (@theevilbit), DLL sideloading finder (@ConsciousHacker), Sudo LPE on vCenter (@saidelike), intro to Windows driver exploits (@gf_256), linux compatible C# merge tool (@_EthicalChaos_), and more!
Ghidra 10, Windows 11, Salesforce audit tool (@exploresecurity), XSS parser defeat (@bishopfox), Mythic C2 update (@its_a_feature_), Apache Tapestry RCE (@BelkahlaAhmed1), compressed CredBandit (@xenosCR), and more!
AD pwnage (@harmj0y, @tifkin_, and @elad_shamir), ImageLoad bypass (@_batsec_), bofnet_executeassembly (@william_knows), reverse port knocking on Windows (@TheXC3LL), LNK generator (@Jean_Maes_1994), payload automation (@BinaryFaultline), and more!
Decrypting Veeam passwords (@checkymander), bypass Windows kASLR (@33y0re), Code > Commands (@TheXC3LL), AWS SSO phishing (@christophetd), forest trust 🧙♂️ (@_dirkjan), syscall detection bypass (@passthehashbrwn), and more!
Bypassing NAC (@theluemmel), Outlook COM tool (@eks_perience), Transacted Hollowing (@hasherezade), SeTrustedCredmanAccess research and tooling (@tiraniddo, @Pullerze), netcat with raw sockets (@Itsuugo), and more!
ESXi heap overflow RCE (@straight_blast), abusing .NET dev features (@bohops), new book (@1njection), LNK for initial access and persistence (@V3ded), Outlook post-ex fun (@checkymander), new C# obfuscation tool (@h4wkst3r), WOW64 injector (@aaaddress1), and more!