CodeX

962 posts

CodeX banner
CodeX

CodeX

@codex_tf2

advanced persistent clown 🤡 📕 redteam blog: https://t.co/ihAv2kFvUj 🛠️ github: https://t.co/VhmOUAVF3R opinions are my own

explorer.exe Beigetreten Şubat 2022
216 Folgt2K Follower
CodeX
CodeX@codex_tf2·
that one guy actually named Joe McCybersecurity: 🥲
vx-underground@vxunderground

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

English
0
0
1
193
Octoberfest7
Octoberfest7@Octoberfest73·
@vxunderground But here is a VirtualProtect call that was made via timer call / fiber switch shown in both x64dbg and and process hacker. After the call completes this all unwinds through gadgets to ultimately switch fiber back to the original timer fiber which will unwind + pick up next task
Octoberfest7 tweet media
English
2
0
23
2K
Octoberfest7
Octoberfest7@Octoberfest73·
I am now the proud owner of a version of Ekko that: - Uses threadpool timers - Conceals use of timers from the call stack - Does not use NtContinue/Ex I've learned that if you believe hard enough and use a shitload of ROP anything is possible.
Octoberfest7@Octoberfest73

@jamieantisocial This is finally motivating me to take a look at fibers again. I could be wrong, haven’t explored fully yet, but I’m pretty sure I see a path forward to use fibers with Ekko and eliminate its use of NtContinue

English
4
6
94
9.4K
CodeX
CodeX@codex_tf2·
@harold9850 i respect the ragebait grind
English
0
0
1
99
tom square
tom square@harold9850·
@codex_tf2 cobalt strike is useless in 2026. stop using it.
English
1
0
4
282
CodeX
CodeX@codex_tf2·
Open source port/reimplementation of the Cobalt Strike BOF Loader as is. This includes issues not present in other open source COFF loaders. The goal of this project is to make an analog of the specific implementation in Cobalt Strike for debugging github.com/CodeXTF2/Cobal…
English
1
28
79
4.3K
CodeX retweetet
HackerRalf
HackerRalf@hacker_ralf·
AdaptixC2 v1.1 is out! * New DNS/DoH beacon listener * New extenders type - service * New BOFs in Extension-Kit * Added Events/Hooks manager Full update info: #login-subscriptions" target="_blank" rel="nofollow noopener">adaptix-framework.gitbook.io/adaptix-framew…
HackerRalf tweet media
English
1
43
237
11K
CodeX
CodeX@codex_tf2·
apparently the windows exe stats page echotrail.io now points to some coworking space service using the same logo as the original - wtf?
English
0
0
1
260
CodeX
CodeX@codex_tf2·
@grit8086 lose a few braincells and u might become like me 🤡
English
1
0
1
83
grit
grit@grit8086·
@codex_tf2 how to be gud like u
English
1
0
0
101
CodeX
CodeX@codex_tf2·
Made an open source library to implement Malleable C2 profile support for HTTP based C2s. Its not perfect code 😭 but hopefully more C2s start supporting more HTTP traffic customization depth. All malleable transforms in http block supported :D github.com/CodeXTF2/OpenM…
English
1
21
69
3.2K
CodeX retweetet
TrustedSec
TrustedSec@TrustedSec·
Because “stare at Burp responses until something looks weird” isn’t a strategy 👀 @hoodoer introduces Colonel Clustered, a new Burp Suite extension that automatically groups responses by content to surface subtle outliers during web app testing. Read now! hubs.la/Q03_v-r30
English
0
18
47
4.9K
CodeX retweetet
S3cur3Th1sSh1t
S3cur3Th1sSh1t@ShitSecure·
Weakpass version 4 was released sometime the last months, best for your password cracking needs: weakpass.com 🔥
English
2
18
93
7.3K
CodeX retweetet
SpecterOps
SpecterOps@SpecterOps·
New MSSQLHound updates from @_Mayyhem 🔥 Now includes EPA-based NTLM relay scanning, CVE-2025-49758 patch detection, and BloodHound Cypher queries to map + remediate MSSQL attack paths. Check it out! ghst.ly/4pKTgVI
English
1
31
83
8.2K
CodeX retweetet
Connor McGarr
Connor McGarr@33y0re·
[New @originhq blog+POC] No PPL? No problem! SecurityTrace, an undocumented ETW feature, restricts some AutoLogger traces to PPL only — yet we found this current design still allows non-PPL processes to consume from Threat-Intelligence as admin only! originhq.com/blog/securityt…
English
4
82
175
21.2K
CodeX retweetet
bfho
bfho@0xbfho·
boh starred blader/humanizer on Github ift.tt/5DRuoIE
English
0
1
0
138
CodeX retweetet
vx-underground
vx-underground@vxunderground·
I've been receiving messages from both Lockbit ransomware group and ALPHV ransomware group for months. I've been so preoccupied with my newborn son I thought it was an imposter. They've been trying to tell me stuff, and I just kept sending cat pictures. They eventually gave up and started replying with pictures of cats too. ¯\_(ツ)_/¯
vx-underground tweet media
English
25
58
1.8K
63.5K
Thinkst Canary
Thinkst Canary@ThinkstCanary·
Last week we acquired UK-based DeceptIQ. DeceptIQ (@deceptiq_) is built by red-teamers with a deep desire to turn the tables on attackers. In our ten years of doing Canary, we’ve never seen such a strong natural alignment. We are super excited to help defenders win, together.
GIF
English
16
14
114
12.6K
CodeX
CodeX@codex_tf2·
updated my reimplemented (via hook) cobaltstrike 4.9 bofloader to have a dynamically grown function table, removing the 128 winapi limit technically a waste of time since CS4.12 already does this but i like having control of the source code, makes evasion a lot easier :D
CodeX tweet media
English
3
5
85
3.8K
CodeX retweetet
Dominic Chell 👻
Dominic Chell 👻@domchell·
Signed up for a trial with Elastic a little while ago, seems like they must be selling the data because I'm now getting recruiter spam on that alias.... must be tough times in the $EDR market
Dominic Chell 👻 tweet media
English
15
25
226
38.6K
CodeX retweetet
5pider
5pider@C5pider·
there is also this list i have saved a while ago where the diff between wininet and winhttp is explained: wininet + proxy -> needs a valid domain user’s token. wininet + SYSTEM -> Bad wininet + service -> bad wininet -> harder to implement verification wininet -> socks4 winhttp + service -> good winhttp + system -> good winhttp + proxy -> HTTP/1.0 proxy issues winhttp -> impersonation support winhttp -> supports kerberos ? Sources: - learn.microsoft.com/en-us/windows/… - cobaltstrike.com/blog/talk-to-y… - docs.metasploit.com/docs/using-met… - learn.microsoft.com/en-us/windows/… - learn.microsoft.com/en-us/windows/…
English
4
29
181
33.1K

Entdecken

@Octoberfest73 @vxunderground @harold9850 @grit8086 @hoodoer @wojeblaze @_Mayyhem @originhq