Word RCE, Advanced Nim tradecraft (@snovvcrash), TCC bypass (@_r3ggi), encrypted heap allocations (@waldoirc), vuln hunting with binary ninja (@renorobertr), token priv manipulation BOF (@the_bit_diddler + @hackersoup), Outlook for C2 (@0xBoku), automated DLL hijacking (@knight0x07), and more!
Mental models for offsec dev (@Jackson_T), lockscreen bypass (@KLINIX5), DLL hijacking/cloning (@Jean_Maes_1994), AV evasion framework (@bb_hacks), jailbreak detection defeat (@_Kc57), Kernel drivers against EDR (@synzack21), Golden SAML (@inversecos), and more!
iOS CSAM fallout, JS surveillance framework (@imp0rtp3 + @felixaime), 1Password dumper (@djhohnstein), Windows user behavior (@Oddvarmoe), BOF dev walkthrough (@0xBoku), support opensource (@porchetta_ind), and more!
ProFTPd UAF (@lockedbyte), API hacking (@hakluke and @Farah_Hawaa), file ext tricks (@mrd0x), built-in AD searching w/ADSI (@Gr1mmie), DCE/RPC fingerprints (@hdmoore), SAML issues (@joonas_fi), and more!
Cobalt Strike Updates (@joevest, @adamsvoboda), ProxyShell [another exchange RCE] (@orange_8361). DeployPrinterNightmare (@Flangvik), Pulse Connect patch bypass (@buffaloverflow), Snapcraft App exploitation (@itszn13), and more!
"Always Notify" UAC bypass (@hFireF0X + @axagarampur), NTLM relaying to AD CS (@_dirkjan), 2x AD tools (@_nwodtuhs), from Jira advisory to RCE (@dozernz), BitLocker key from a TPM (@DolosGroup), PetitPotam + ESC8 easy button (@_batsec_ + @Flangvik), eBPF LPE (@chompie1337), and more!
User readable SAM hives (@jonasLyk and @cube0x0), PetitPotam takes off (@topotam77), Smart AD bruteforcing (@_nwodtuhs and @podalirius_), automated advanced maldocs (@33y0re), Windows command line obfuscation (@Wietze), dockerized Android (@sickcodes), and more!
iOS exploit campaign (@amnesty + others), PrintNightmare refuses to die (@gentilkiwi), readable SAM/SYSTEM hives (@jonasLyk), Ubuntu shifts LPE (@vdehors), SharpHound exfil in memory (@william_knows), Windows exploit dev (@33y0re), and more!
Arbitrary exe's as BOFs (@phraaaaaaa), .NET exe's via BOF (@anthemtotheego), enterprise grade RCE (@AdamOfDc949), built-in packet sniffing in Windows (@TheXC3LL), patching EternalBlue for embedded (@CaptMeelo), and more!
PrintNightmare saga (@cube0x0, @gentilkiwi, + others), Gatekeeper bypass (@theevilbit), DLL sideloading finder (@ConsciousHacker), Sudo LPE on vCenter (@saidelike), intro to Windows driver exploits (@gf_256), linux compatible C# merge tool (@_EthicalChaos_), and more!