PrintNightmare saga (@cube0x0, @gentilkiwi, + others), Gatekeeper bypass (@theevilbit), DLL sideloading finder (@ConsciousHacker), Sudo LPE on vCenter (@saidelike), intro to Windows driver exploits (@gf_256), linux compatible C# merge tool (@_EthicalChaos_), and more!
Ghidra 10, Windows 11, Salesforce audit tool (@exploresecurity), XSS parser defeat (@bishopfox), Mythic C2 update (@its_a_feature_), Apache Tapestry RCE (@BelkahlaAhmed1), compressed CredBandit (@xenosCR), and more!
AD pwnage (@harmj0y, @tifkin_, and @elad_shamir), ImageLoad bypass (@_batsec_), bofnet_executeassembly (@william_knows), reverse port knocking on Windows (@TheXC3LL), LNK generator (@Jean_Maes_1994), payload automation (@BinaryFaultline), and more!
Decrypting Veeam passwords (@checkymander), bypass Windows kASLR (@33y0re), Code > Commands (@TheXC3LL), AWS SSO phishing (@christophetd), forest trust 🧙♂️ (@_dirkjan), syscall detection bypass (@passthehashbrwn), and more!
Bypassing NAC (@theluemmel), Outlook COM tool (@eks_perience), Transacted Hollowing (@hasherezade), SeTrustedCredmanAccess research and tooling (@tiraniddo, @Pullerze), netcat with raw sockets (@Itsuugo), and more!
ESXi heap overflow RCE (@straight_blast), abusing .NET dev features (@bohops), new book (@1njection), LNK for initial access and persistence (@V3ded), Outlook post-ex fun (@checkymander), new C# obfuscation tool (@h4wkst3r), WOW64 injector (@aaaddress1), and more!
CloudFlare IP filtering (@vysecurity), DNSStager (@mohammadaskar2), Cobalt Strike OPSEC (@jmoosdijk), Azure app phishing (@nikhil_mitt), decision making in red teams (@Jackson_T), and more!
Exim RCE (@lockedbyte), Windows kernel exploit writeup (@33y0re), plaintext RDP creds from memory (@jonasLyk, @n00py1), MS Defender ATP bypasses (@Tyl0us), hashcat 6.2.0 (@hashcat), and more!
Full DarkHotel exploit ⛓️ (@_ForrestOrr), DomainBorrowing (@md5_salt), WinPmem to dump LSASS (@TheXC3LL), Twitter Tip Jar fail (@RachelTobac), the reasoning behind DripLoader (@_lpvoid), .NET + NTFS tricks (@G0ldenGunSec), and more!
Policy change (@github), Marauder's map (@Jean_Maes_1994), Null byte injection in GoAhead (@luker983), in-mem DLL loader (@scythe_io), Firebase fronting (@shantanukhande), Source Engine client RCE (@4lpine), and more!