sh4hin

I have recently developed a tool which consists of 13 different shell code injections to evaluate endpoint detection capabilities. All credits go to @Ne0nd0g @_D00mfist @C__Sto @_batsec_ @spotheplanet for their amazing works that inspired me to do it. github.com/sh4hin/GoPurple

@vxunderground @mrd0x @MalDevAcademy 👍

Giveaway. Thank you @mrd0x for sponsoring this. We've got FIVE @MalDevAcademy vouchers. These vouchers are bundles. This vouchers give you: - Full access to malware source code database - Full access to malware development course Comment below for a chance to win.

@scada_plc 👍 great idea

🔥SCADA is changing fast. When LLMs meet WinCC OA, the system doesn’t just show data — it actually understands it. A pump trips? Instead of digging through trends and alarms, the AI explains the root cause like a senior engineer sitting beside you. Voice commands. Smart diagnostics. Actionable recommendations. All inside the SCADA layer — no PLC changes needed. This is the future of automation. And it has already begun. ⚡🤖 #SCADA #WinCCOA #LLM #ProcessAutomation #OT #IIoT

@0xcc00 Thanks for the great work on this PoC. I’m facing an issue ,the command output isn’t showing in the Gemini console, and it can’t detect live beacons. Not sure if I’m missing something. Happy to continue here or via DM

@s3cdev Hey, what is it ?

I've been playing with MCP, Releasing AdaptixC2_mcp a PoC that exposes Adaptix-C2 APIs to gemini-cli, enabling it to control a beacon and to simulate a threat actor behavior. Code: github.com/0xb11a1/Adapti…

@arcanuminfosec 👍

🌟GIVEAWAY ALERT🌟 We are giving away 4 seats to our training: "Red Blue Purple AI" - July 15 & 17 Comment below and follow us and you will be entered to win a seat in this course valued at $2,000. Winners will be announced Friday! arcanum-sec.com/training/red-b…

@DebugPrivilege Good luck 👍

@djnn1337 Thanks, it was while back and the codes should be rewritten 😁

@djnn1337 Great job

@AliceCliment Great job

Finally done! My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓 I hope you'll enjoy it! alice.climent-pommeret.red/posts/process-…

In nearly all of our on-premises engagements, a threat actor has taken total full control of Active Directory. If you are interested in the kind of things @MicrosoftDART finds, and how we recommend you secure Active Directory, then this blog is for you - techcommunity.microsoft.com/t5/microsoft-s…

@cyb3rops BackgroundHost.exe

How would you name your malware so that the level 1 analyst waves it through? I'll start - eicar.exe - keygen.exe - Bloomberg_Excel_Addon.exe - SAP-custom-helper.exe - \SecurityTraining_Oct22\something.exe - \quarantine\inactive-sample-af232.exe

Reverse Engineering a #CobaltStrike #malware sample and extracting C2's using three different methods. We'll touch on #cyberchef, #x64dbg and Speakeasy from fireeye to perform manual analysis and emulation of #shellcode. A (big) thread ⬇️⬇️ [1/23]

I'm happy to share the results of months of research on code injection, process tampering, and their detection! 🥳 Here you'll find technique categorization, a dive into the underlying OS mechanisms, sample demos, detection suggestions, and much more: huntandhackett.com/blog/concealed…

Check out capa v4 with: 1. support for analyzing .NET executables 2. finer grained capability detection via instruction and operand features 3. many new and updated detection rules Blog: mandiant.com/resources/blog… Binaries: github.com/mandiant/capa/… Source: github.com/mandiant/capa

@zux0x3a Nice 👍

callback injection via * DrawStateA * EnumSystemGeoNames github.com/0xsp-SRD/callb…

@Antonlovesdnb @SumoLogic Good luck

I’m taking a week off to catch my breath and am super excited to be joining the Threat Research team at @SumoLogic - I’m really looking forward to contributing more to the community that has given me so much. 🎉🎉

Last week was my last at Lares. Huge thank you to @indi303 @NotMedic @infosecmafia @J3ssa and the rest of the amazingly talented and wonderful team. Another massive thank you to all the awesome clients that have allowed me to work with them over the years 💙

@runasand @flipper_net @nieldk :)

You can read and replay hotel key cards with the @flipper_net.

Great book, Well done!

NimGetSyscallStub is now public, the first public fully working (didn't find another myself) Nim imlementation + PoC to grab fresh Syscalls from disk on runtime: github.com/S3cur3Th1sSh1t… @chvancooten even with a yara rule (with your template 🤓)

@nas_bench Nice 👍

[Blog📚] A Primer On Event Tracing For Windows (ETW) link.medium.com/007yRRdfKib In this blog i cover the following topics - Introduction to ETW - Provider Manifest Structure - Tools and Techniques to Interact With ETW #infosec #blueteam #windows