Bilal

Alhamdulillah! Successfully conducted training class for the @FIRSTdotOrg conference in #Tashkent, #Uzbekistan 🇺🇿! Happy to meet my friends and colleagues in person You are true professionals! #hacking #conference #research #malware #purpleteam #threatintel #maldev #programming

A small rant: The State of Art in Red Team is whatever you want to believe x-c3ll.github.io/posts/Rant-Red…

[Defeating Jiagu Android packer the wrong way] While testing an APK, i found that it was packed using Jiagu. This article serves as a quick documentation on how i unpack it the wrong way Article: @0xcc00/defeating-jiagu-android-packer-the-wrong-way-a288bf316441" target="_blank" rel="nofollow noopener">medium.com/@0xcc00/defeat…

AdaptixC2 v1.0 is out! Full update post: adaptix-framework.gitbook.io/adaptix-framew…

She was in international waters and then kidnapped by Israel. Where are those "don't tread on me" guys at?

Many are asking if they can move their Next.js projects from Vercel to Replit? Yes! - Go to Import then GitHub - enter repo URL - Agent will take care of the rest It will set up the dev and deployment environments! For companies moving lots of work, happy to help + discount.

AdaptixC2 v0.9 is out! github.com/Adaptix-Framew… * New dock-based client * Public Web-API * New BOFs in Extension-Kit Full changelog: adaptix-framework.gitbook.io/adaptix-framew…

@hacker_ralf @Gn0miez Yea that will be super appreciated

@0xcc00 @Gn0miez I can publish the API in the docs

@0xcc00 hi, when writing the adaptixc2_mcp server. Why do you encode the BOF’s directly. I’m trying to implement something similar and kinda confused on why that vs trying to execute bof with the path?

@Gn0miez You can also connect the client through burp, which what i did during the MCP development in order to extract the APIs rather than digging into the code

@Gn0miez Hey, this is how they implemented the teamserver api, the code is mimicking the client, when the client send a custom bof it sends the binary also. As everything is stored and precompiled in the client side.

Israel murders five journalists in targeted airstrike in Gaza. Al Jazeera journalists Anas al-Sharif and Mohammed Qreiqea, and camera operators Ibrahim Zaher, Mohammed Noufal, and Moamen Aliwa have been killed in a targeted Israeli airstrike. Two weeks ago, UN Special Rapporteur Irene Khan warned that Israeli threats and smear campaigns were “a blatant attempt to endanger [Al-Sharif’s] life and silence his reporting on the genocide in Gaza.” In July, the Committee to Protect Journalists said it was gravely concerned for his safety, warning he was being “targeted by an Israeli military smear campaign.” Shortly before the strike, al-Sharif posted to X: “Non-stop bombing...For two hours now, the Israeli aggression has been intensifying on Gaza City.” Well over 200 journalists and media workers have been killed in Gaza since October 2023.

@delete_exploits Its because you are accessing the front-end directly, what you need to do is accessing it via the reverse proxy (caddy) via https on port 443 In your case its https://localhost/internal

@0xcc00 Oh…thanks a lot… I’m actually testing locally…and I get this prompt…am I still doing something wrong

Inducing PhishyFish ><(((º>....... A quick 2FA phishing framework github.com/0xb11a1/phishy…

@delete_exploits Hey, its expected as you are browsing the “blocked page” any page you view is by default blocked unless you browse to the correct path, with you specified by -S option. For example: -S internal -> domain.com/internal

@0xcc00 Hello Bilal…I was trying phishyfish and after installing when i try to access the user_frontend I get this indefinite loading screen…any advice??

@hardc1dr @al3x_n3ff @0xcc00 As Alex stated, it doesn't actually "read" the file in that way, but I do think this should be easy enough for vendors to build detections for based on raw disk reading alone. I tested this with a top 5 EDR and it did not alert, even with dumping the extracted files to disk..

You can now even dump LSA/SAM hashes from normal Windows machines using -o TARGET flag.

My module “ntds_dump_raw” is now out in NetExec🔥 Can’t wait for your feedback.

@sekurlsa_pw @al3x_n3ff Coffee >

@al3x_n3ff @0xcc00 It says coffee instead of Red Bull 😺

Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by @0xcc00 parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀

“I want to eat because I haven’t eaten for five days” Don’t ignore her voice. she’s still hungry!

@s3cdev Lets move it into DM

@0xcc00 Thanks for the great work on this PoC. I’m facing an issue ,the command output isn’t showing in the Gemini console, and it can’t detect live beacons. Not sure if I’m missing something. Happy to continue here or via DM

I've been playing with MCP, Releasing AdaptixC2_mcp a PoC that exposes Adaptix-C2 APIs to gemini-cli, enabling it to control a beacon and to simulate a threat actor behavior. Code: github.com/0xb11a1/Adapti…

@s3cdev Hey, what is it ?

@0xcc00 Hey @0xcc00 got a question around it but cannot dm you