ESC13 (@Jonas_B_K), Sandboxing syscalls (@h0mbre_), Cross Window Forgery (@PaulosYibelo), new Windows callback method (@daaximus), dangerous EntraID role (@_wald0), github-secrets (Tobias Madl of @Neodyme), and more!
LDAP tradecraft (@domchell), CreateRemoteThread saftey (@m417z), Lab automation (@W9HAX), LoFP (@br0k3ns0und), and more!
All the Ivanti 0days, FTX SIM swap (@briankrebs), Unmanaged CLR patching (@kyleavery_), Midnight Blizzard fallout (@_wald0), Arachne mythic webshell (@its_a_feature_ ), and more!
Fastly to block domain fronting 🔜, EDR bypass via VEH (@VirtualAllocEx), BOFHound enhancements (@Tw1sm), Frameless BITB (@waelmas01), Asus ndays (@suidpit + @Th3Zer0), and more!
Microsoft hacked, GraphStrike (@Octoberfest73), GPO based LPEs (@decoder_it), AwaitFuscator (@washi_dev), ProxyHelper2 (@hoodoer), and more!
SSPI in Python (@snovvcrash), executing shellcode from VBA (@TheXC3LL), Mirth Connect pre-auth RCE (@Horizon3Attack), Visual Studio LPE (@filip_dragovic), DLL injection LPE (@m417z), Android ARM64 reversing (@Dauntless), and more!
QR phishing (@pfiatde), SOCKS as C2 via SSH on Windows (@n00py1), Google Account takeover with persistence (@e11i0t_), Bitwarden access without password (@RedTeamPT), and more!
Ghidriff (@clearbluejar), Linux exploitation (@kevin_backhouse), win32 keylogger (@_ixty_), BLUFFS bluetooth exploit (@francozappa), sleep lexer and parser (@mcbroom_evan), ring0 from VBA (@0xDISREL), and more!
O365 Phishing infra (@pfiatde), EvilSlackbot (@infosec_drewze), Sonos jailbreak (@alexjplaskett), DNS attacks (@timolongin), DNS rebinding attack (@_danielthatcher), and more!
2x macOS TCC bypasses (@gergely_kalman), Okta 🥷 (@nickvangilder), pcap analysis helper (@bartavelle), Mythic and Merlin C2 updates (@its_a_feature_ + @Ne0nd0g) and more!