Sunggwan Choi
@_choisec
Followers
431
Following
3K
Statuses
187
Red team operator | Struggling to catch up, enjoying the struggle along the way. 특 해장국에 선지빼고 후루룩 하려고 노력하는 중
Joined April 2020
RT @Cyb3rC3lt: A little blog post I put together based around a talk I gave @BSidesLondon this year. We have had some easy access into clie…
0
29
0
@Cyb3rC3lt @BSidesLondon The cloudflare tunnel + access + egress to 443 blew my mind. Great job diving into the source code and finding hidden flags. Ever since your cloudflare worker redirector + tunnel post I'm having way too much fun exploring offensive cloudflare(?)
1
1
3
RT @passthehashbrwn: New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a nove…
0
142
0
This is some quality CTI info regarding Korean speaking APTs. Knowledge that only comes from experience and actually speaking the language, in the country. 🔥
🇰🇵Catching DPRK with Korean Linguistic Traits🇰🇵 Recently I have been approached by a few people on how to identify and attribute malware to DPRK. Everyone of us in the CTI field knows how difficult attribution is, and while I cant provide you with something like: "Because the bad guys used this Korean word they must be from the North!!11" I want to highlight some Opsec mistakes DPRK hackers often make when it comes to the Korean language. This is by no means a complete list, but I hope it helps some non-Korean researchers. Buckle up for your not-so-normal-Korean-CTI-Excursion 🧵 #CTI #Malware #DPRK
0
0
4
RT @Synacktiv: You can now relay any protocol to SMB over Kerberos with and the latest PRs from @hugow_vincent. Tha…
0
204
0
RT @eliran_nissan: I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to up…
0
243
0
RT @TrustedSec: From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, and CS-Remote-OPs-BOF, we are excited to release…
0
37
0
@DavidJBianco The attacker only need to get it right once - for initial access. Once they are in, the defenders only need to get it right once and find the attacker's mistake. The situation turns around.
0
0
0
RT @al3x_n3ff: 🔥We have big news for you, NetExec now has a new protocol: NFS🔥 Main features: - Detecting NFS servers - List exported share…
0
173
0
RT @magicswordio: 🚨🔥 LOLRMM IS LIVE! 🔥🚨 The wait is over, folks! 🥳🎉 We’re thrilled to announce the official release of LOLRMM — your new…
0
115
0
RT @tijme: My @OrangeCon_nl talk is live! Elevate your knowledge: From COM Object Fundamentals To UAC Bypasses. A 25-minute crash course…
0
124
0
RT @passthehashbrwn: New blog from me on manually manipulating Vectored Exception Handlers to evade some EDRs and perform threadless proces…
0
111
0
RT @subat0mik: I wrote a blog post about some of the intangible benefits of working as a red team operator and adversary simulation consult…
0
46
0
RT @fabian_bader: Microsoft Defender for Identity added new detections ◽Possible NetSync attack ◽Possible takeover of a Microsoft Entra SSS…
0
95
0
RT @shellph1sh: I wrote a fun write-up on ADCS exploitation, including explanations and custom built examples of practical exploitation for…
0
252
0