Malicious MSI transforms from @_EthicalChaos_, Group Policy caching LPE by @decoder_it, another Cisco AnyConnect LPE by @AntoineGoichot, Phishing your password manager by @CurtBraz, a different ZeroLogon use case by @_dirkjan, and more!
Argument injection makes a comeback by @dozernz, persistence with the Dock in macOS by @_D00mfist, the nuclear option for unhooking by @winternl_t, DCOM lateral movement by @domchell, a better MitM by @HttpToolkit, owning Firefox on Android by @LukasStefanko, and more!
The biggest bug since 2017 - Unauth DC RCE by @djrevmoon and team, OpenSSL hooks in Rust by @alessandrod, libinjection bypasses by @Menin_TheMiddle, DevOps for red team tools by @domchell, updates to Evilginx by @mrgretzky, sneaky persistence by @slaeryan, and more!
Remote SAM dumping in .NET by @G0ldenGunSec, Using Yara offensively by @_batsec_, Custom DLL injection in CobaltStrike by @tomcarver_, a C# Chrome cookie cloner from @buffaloverflow, and more!
Prevent .NET exit in loaded code by @domchell, file delete to SYSTEM PoC by @404death, @Tesla is targeted for insider ransomware recently (failed) and was completely owned in 2017, @djhohnstein shows how to load Go modules in memory, great new features in Octopus 1.2 from @mohammadaskar2, and more!
Kerberoasting without SPNs by @_mohemiv, spoof any gmail/gsuite customer with a technique from @ezhes_, SharpBlock in memory loading by @_EthicalChaos_, new COM based lateral movement from @El3ct71k, Windows LPE by @RedVuln, and more!
Azure AD to on-prem lateral movement by @_wald0, a new Windows un-hooking project from @peterwintrsmith, 🔥 Russian Linux malware analysis from @NSACyber, modern AV evasion primer from @_batsec_, dumping LSASS from the kernel by @zerosum0x0, and more!
A new telemetry inspection tool by @Jackson_T, macOS goodies from @_D00mfist and @patrickwardle, subdomain finding enhancement from @TheXC3LL, malleable droppers from @s0lst1c3, true red teaming from @pruby, and more!
A ton of macOS exploits and techniques from @xorrior, @A2nkF_, @mattshockl, and @vladimir_metnew, Zoom meeting bruteforce by @TomAnthonySEO, Windows driver fun by @brsn76945860, a burp technique from @n00py1, and more!
NTLM relaying via Citrix Workspace by @_EthicalChaos_, access the entire AD database via Exchange with a new tool from @_mohemiv, a new Go based C2/Agent from @paragonsec and team, phishing tips from @lorentzenman, and more!