Full DarkHotel exploit ⛓️ (@_ForrestOrr), DomainBorrowing (@md5_salt), WinPmem to dump LSASS (@TheXC3LL), Twitter Tip Jar fail (@RachelTobac), the reasoning behind DripLoader (@_lpvoid), .NET + NTFS tricks (@G0ldenGunSec), and more!
Policy change (@github), Marauder's map (@Jean_Maes_1994), Null byte injection in GoAhead (@luker983), in-mem DLL loader (@scythe_io), Firebase fronting (@shantanukhande), Source Engine client RCE (@4lpine), and more!
New APIs/syscalls for EDR bypass (@yarden_shafir), UAF browser exploit dev (@33y0re), PowerView replacement [EDD] (@FortyNorthSec), phishing banner defeat (@whynotsecurity), packer teardown (@fumik0_), NANDcromancy (@Atredis), and more!
0 to RCE against a CMS (@ultrayoba), tcpip.sys patch diffing for N-days (@0vercl0k), detecting stagers (@DidierStevens), named pipe PTH (@ShitSecure), URI-based 1-click RCEs (@positive_sec), FDE bypass [Airstrike attack] (@breakfix), and more!
0-click Linux BT RCE (@theflow0), deanonymizing LinkedIn users (@h3xstream), PPL demystified (@itm4n), HTML based remote macros (@micahvandeusen), Chrome 0day-ish (@r4j0x00), wordlist generator (@giteshnxtlvl), and more!
PATH shim (@djhohnstein), C2 profile randomizer (@joevest), website to wordlist tool (@Matt_Grandy_), DLL side-loading fixes (@1ndahous3), a new 🥔 tool (@micahvandeusen), txt files that leak (@PaulosYibelo), and more!
Real APT discovery (@IgorBog61650384), a new heap exploitation technique (@Dooflin5), SAML injection (@NCCGroupInfosec), MemoryLoader IDA plugin (@RRBlackRussian), redacted PEM key recovery (@CryptoHack__), MirrorDump tool (@_EthicalChaos_), and more!
The latest/greatest mem dumper BOF (@anthemtotheego), CLR usage logging evasion (@bohops), Windows deception engineering (@ollieatnccgroup), MobileIron enumeration (@OptivSourceZero), common vulns and mis-configs (@ShitSecure), macOS persistence (@theevilbit), and more!
Bloodhound Enterprise (@_wald0), reproducing ProxyLogon (@amlweems), Wireshark 1-click RCE (@positive_sec), free IOC API (@abuse_ch), VM detection trick (@gsuberland), IoT 🐚s via PCI (@_p0ly_), opensource AirTags (@Sn0wfreeze), and more!
Exchange RCE [ProxyLogon] (@orange_8361), Windows DNS RCE [SIGRed] (@chompie1337), C# AV Bypass (@ShitSecure), Google Chrome LPE (@KLINIX5), SaltStack API vulns (@dozernz), SACL honeypots (@jmoosdijk), Universal loader in Go (@symbolcrash1), and more!