B088Y

Custom DLL injection with Cobalt Strike Beacon Object Files reddit.com/r/redteamsec/c… #redteamsec

Red Team Tip: 'explorer.exe /root' can be run from the command line - similar to 'cmd.exe /c', only it breaks the process tree and makes its parent a new instance of explorer For blue team: keep an eye on multiple instances of explorer. explorer.exe /root,"D:\CyberRaiju.exe"

First blog post on how to automatically rewrite 700'000 lines of code to bypass most AV/EDR (features string+API call obfuscation for Meterpreter): blog.scrt.ch/2020/06/19/eng…

Very cool! hackingiscool.pl/cmdhijack-comm…

Impressive work! Part 2: Faxing Your Way to SYSTEM #redteam #hacking #infosec windows-internals.com/faxing-your-wa…

Brilliantly done! Part 1: PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth #redteam #hacking #infosec windows-internals.com/printdemon-cve…

A #POC for #CVE-2020-0601; #Codesigning PE files using a Certificate Authority validated by ECC #crypt32 #cryptoapi github.com/ollypwn/cve-20…

New #Iranian data wiping #malware, #zerocleare #xHunt #APT34 #OilRig zdnet.com/google-amp/art…

#NorthKorea #Lazarus using in memory #Mac #malware: arstechnica.com/information-te…

#Hacking via #ESET #antivirus we console: pentestmag.com/how-i-hacked-i…

A very nice #uacbypass for #Windows10 heynowyouseeme.blogspot.com/2019/08/window…

Please use @signalapp

Abusing Microsoft Word Features for Phishing: “subDoc” #infosec #pentest #redteam rhinosecuritylabs.com/research/abusi…

EV #CodeSigning for only $30! #signedbinaries #avevasion #Hacking onlinecodesign.com

A #cheatsheet with commands that can be used to perform #kerberos attacks gist.github.com/TarlogicSecuri…

For everyone wondering how spam events got added to your Google Calendars without having a source in your inbox @ustayready and myself talked and wrote about how the Google Calendar API can be used to do this two years ago when we reported it to Google. blackhillsinfosec.com/google-calenda…

North Korean hackers from Kimchaek University of Technology, who was dispatched to India and engaged in hacking activities, are believed to have recently moved to Cambodia.

#redteam tip, ifu plan to persist via scheduled task, give a try to hijack this MS Office related task (got created and deleted automatically by office integrator.exe), task xml file can be edited if u have local admin (same folder host other tasks), otherwise try to mimic same

@Jaroneko @lllarppa @defcon @jaysonstreet Quartz Crystal hackaday.com/2019/08/09/def…

@lllarppa Wait... Which crystal were the #DEFCON27 badges adorned with again? Did anyone get a professional, like the author of this book, to ascertain all of their affects? @defcon @jaysonstreet