Ryzen Driver LPE by @h0mbre_, Discord desktop RCE by @kinugawamasato, Azure Pipeline abuse by @Flangvik, macOS TCC tricks by @_xpn_, AWS enumeration bug by @Frichette_n, new loader from @Cribdragg3r, and more!
DLL Hijacking persistence by @duff22b, Unauth RCE against HP Device Manager from @nickstadb, Linux package manager persistence by @pwnshift, malware unpacking techniques from @Marco_Ramilli, criticals in Apple infra by @samwcyo, DLL hijacking for lateral movement by @domchell, and more!
Sysmon exploit by @0x00dtm, physical smartcard/kerberos attack tools by @_EthicalChaos_, UACMe update (and Defender bypasses) by @hFireF0X, dynamic instrumentation by @rh0main, a new checksec from @mtarral, and more!
Malicious MSI transforms from @_EthicalChaos_, Group Policy caching LPE by @decoder_it, another Cisco AnyConnect LPE by @AntoineGoichot, Phishing your password manager by @CurtBraz, a different ZeroLogon use case by @_dirkjan, and more!
Argument injection makes a comeback by @dozernz, persistence with the Dock in macOS by @_D00mfist, the nuclear option for unhooking by @winternl_t, DCOM lateral movement by @domchell, a better MitM by @HttpToolkit, owning Firefox on Android by @LukasStefanko, and more!
The biggest bug since 2017 - Unauth DC RCE by @djrevmoon and team, OpenSSL hooks in Rust by @alessandrod, libinjection bypasses by @Menin_TheMiddle, DevOps for red team tools by @domchell, updates to Evilginx by @mrgretzky, sneaky persistence by @slaeryan, and more!
Remote SAM dumping in .NET by @G0ldenGunSec, Using Yara offensively by @_batsec_, Custom DLL injection in CobaltStrike by @tomcarver_, a C# Chrome cookie cloner from @buffaloverflow, and more!
Prevent .NET exit in loaded code by @domchell, file delete to SYSTEM PoC by @404death, @Tesla is targeted for insider ransomware recently (failed) and was completely owned in 2017, @djhohnstein shows how to load Go modules in memory, great new features in Octopus 1.2 from @mohammadaskar2, and more!
Kerberoasting without SPNs by @_mohemiv, spoof any gmail/gsuite customer with a technique from @ezhes_, SharpBlock in memory loading by @_EthicalChaos_, new COM based lateral movement from @El3ct71k, Windows LPE by @RedVuln, and more!
Azure AD to on-prem lateral movement by @_wald0, a new Windows un-hooking project from @peterwintrsmith, 🔥 Russian Linux malware analysis from @NSACyber, modern AV evasion primer from @_batsec_, dumping LSASS from the kernel by @zerosum0x0, and more!