RT @podalirius_: 🚀 New Tool Release: DescribeNTSecurityDescriptor 🚀 Analyzing Windows NT Security Descriptors can be a headache. I built…

RT @EricaZelic: Something to keep in mind This is also why when you allow your admins to PIM, they should be educated to deactivate their…

RT @0xdf_: MagicGardens from @hackthebox_eu has a ton in it! There's a bank trick and XSS via QRcode. There's a buffer overflow via large I…

RT @sixtyvividtails: Is your EDR a dump? Yes it is! cmd /v/c "set R=reg add HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /f /v&!R! C…

RT @_logangoins: Introducing Stifle! A super simple .NET tool I spun up these past few days for abusing explicit strong certificate mapping…

RT @eversinc33: .@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on…

@mjc91295814 Maybe if the source system is unpatched.

@mjc91295814 Yes, there's a list of suitable CLSIDs somewhere on GitHub.

@Cyb3rC3lt I imagine it's not to complicated in a lab, but I haven't tried.

RT @0xBoku: 🔪Open-sourcing 💀StringReaper BOF! I've had great success in engagements carving credentials out of remote process memory with…

@mjc91295814 Correct. SAM dump on a DC makes no sense either :D In a real scenario it would've been srv01 or something.

RT @Oddvarmoe: Not sure if this is useful but created a script to dump certificate template information to a text file from an ADExplorer d…

RT @_dirkjan: ROADtools update: I just released roadlib v1.0! This version drops the adal dependency, all auth flows are now implemented na…

RT @sarperavci: Just launched CTF Search with 24k+ CTF writeups, covering everything from web exploitation to reverse engineering. Check it…

RT @codex_tf2: Back when I was writing WindowSpy I was messing around with capturing specific minimized PID windows, but never pushed that…

Powered by and

RT @Wietze: 🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate…