_Ray

Introducing Cyllex - Advanced APT Emulation Framework. cyllex.io I've been working on this for a while, pouring real effort and love into it. Not a quick release, I'm going step by step, building something solid. Some of the current features include: ▸ APT database with real-world campaign emulation ▸ Cross-platform agents via binary patching ▸ Agent, Agentless (WinRM/SSH), and Cloud execution ▸ Direct shell access for real-time interaction ▸ Interactive MITRE ATT&CK detection coverage tracking ▸ Calendar-based campaign scheduling ▸ Webhook notifications (Slack, Teams...) ▸ Robust TTPs: On-Premise (Windows/Linux), Cloud, and Containers I'll be sharing updates as the project evolves. Thank you, and happy new year!

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

Releasing one of my research tools: EVENmonitor🖥️ Inspired by LDAPmonitor, I implemented a monitoring tool for the Windows Event log in pure python. You can just attach it via the network and then filter for specific event IDs or keywords. Available at: github.com/NeffIsBack/EVE…

This fine dude is doing work for the last 2 weeks :)

Cyllex v0.4.0: 604 TTPs across 7 platforms. Full Azure & GCP cloud coverage, Kubernetes & Docker container testing, 4 SIEM integrations, and 21 APT group profiles in the new APT Codex. Beta is targeting late March / early April. I track progress publicly, you can see exactly where things stand at any point. One last thing: thank you. Building this solo takes time, and knowing people are actually following along makes it worth it. Every subscription, every piece of feedback, every message asking about the beta reminds me why I started this in the first place. Genuinely appreciate the support. #purpleteam #cyllexframework #aptemulation #mitre #attacksimulation

Started my ADHD meds… holy fuck!!!!

@curi0usJack Me looking for the impostor

Real imposters don't get imposter syndrome. You're fine.

Havoc Professional Finally Released! 🕸️🕷️ Since our last blog post introducing the Havoc Professional framework and the Kaine-Kit, we've been refining the framework behind the scenes. infinitycurve.org/blog/release

@UK_Daniel_Card Certificate injection

WHAT THE FUCK

Today is the day and I'm sorry it's been so long, and also provisionally delayed by nearly a week. lms.zsec.red launches today with my Malwareless Adversarial Emulation (MAE) course. If you signed up for the waitlist, you should have received an email.

Spent the weekend working on Cyllex and added a Splunk integration for log correlation. Also added detection events for each TTP. There's still a lot of work ahead, but it's starting to look great! I'll keep working on more integrations. Thanks to everyone who's been showing interest and supporting the project! :)

A small rant: The State of Art in Red Team is whatever you want to believe x-c3ll.github.io/posts/Rant-Red…

Self shadow cred is back again 🔥🔥🔥🔥🔥🔥🔥🔥🥳

Create local administrators with the SAMR API ✅Implemented in C#, Python, Rust or Crystal github.com/ricardojoserf/…

Anyone know if Microsoft silently patch the Shadow Creds attack recently ? Looks like a computer object cannot write its own attribute anymore :D

@Defte_ I just installed a clean version of Server 2022 (20348.169), setup it up as a DC, and tried to create a keycredential. That worked. Than I installed the latest cumulative update (KB5073457) and now it does not work anymore. So it seems to be a recent change.

🛠️ SharePointDumper: PowerShell SharePoint extraction + auditing tool. ✅Enumerates all SharePoint sites/drives a user can access via Microsoft Graph, recursively downloads files, and logs every Graph + SharePoint HTTP request github.com/zh54321/ShareP…

WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it. Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions. Read more ⤵️ ghst.ly/45fPUma

This is the most brutally honest (and accurate) take on corporate IT I've ever read. The subtlety and nuance is 🤌.

Agentic AI systems are already showing real-world weaknesses. The first OWASP Agentic AI Top 10 highlights where autonomous applications are most exposed. Link: labs.lares.com/owasp-agentic-… ✍️@_RayRT