Sabitlenmiş Tweet
S3cur3Th1sSh1t
3K posts

S3cur3Th1sSh1t
@ShitSecure
Pentesting, scripting, pwning!
127.0.0.1 Katılım Ocak 2019
339 Takip Edilen28.5K Takipçiler
S3cur3Th1sSh1t retweetledi

And.... its live. git.projectnightcrawler.dev/NightmareEclip…
English
S3cur3Th1sSh1t retweetledi

Backdooring existing executables or DLLs for stealthy payload execution? With version 1.7.0 of RustPack, this can be easily done in a few seconds.
We live-debug/trace the execution flow in the target executable to find a suitable backdoor position at runtime, instead of patching the entry point. 🤠
Even Frontier LLM models analysing the output executable with reversing tools at hand and one task - determining whether the target is benign or malicious - will tell you this is benign. 🔥
We work hard, you get the best possible evasion!
#redteam #ost #pentest #maldev #evasion
English

@ShitSecure The code that your 'friend' Claude provided is fundamentally flawed and also completely misimplements the concept of nested dynamic code. No need to use AI. Just read the slides.
English

I could not find source code so I asked my friend Claude to create some code for this to better understand it.
github.com/S3cur3Th1sSh1t…
🫡
thefLink@thefLinkk
We are releasing Tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory using only lowlevel runtime telemetry. No signatures, no scanning. Only pagefaults. github.com/threathunters-…
English

@CDC_FI No not because of legal stuff. Because its not an enhancement ;-)
English

@ShitSecure Ah ok... probably due to legal stuff with closed software. Too bad
English

🔥 Introducing lacuna-rs — Ghost-frame call-stack spoofing + runtime indirect syscalls for Windows x64, ported to Rust.
A reusable crate you can drop into any Rust offensive-security project
🔗github.com/Karkas66/lacun…
#Rust #OffensiveSecurity #Windows #RedTeam #MalwareDev
English

@thefLinkk Better flawed code that can be improved than no code at all 🤷♂️ thanks for the hint.
English

@CDC_FI Nope that won’t improve RustPack 🤔have my own implementation for everything in that repo
English

Would love to hear if it can improve the RustPack Loader maintained by @ShitSecure
English
S3cur3Th1sSh1t retweetledi

New blog post is up looking at how LLMs are making local EDR rulesets, YARA rules, and behavioral detections trivial to extract. This post focuses on how simple the harness can be. Buckle up h4xx0rs, the next few months are gonna get interesting! specterops.io/blog/2026/06/2…
English

In september @MCTTP_Con - we will reveal our latest research about USB Co-Installer and Driver vulnerability exploitation for Privilege Escalation. 🔥🔥Super happy to work together with @KlezVirus on that research! 🫡

English
S3cur3Th1sSh1t retweetledi

Wrote a new blog about caveats with tools detecting(or mis detecting) relay exploit primitives against http(ESC8) and MSSQL endpoints. Kept noticing issues in tools reporting the absence or presence of vulns that I thought others may have noticed too abdulmhsblog.com/posts/pitfalls…
English

@NinjaParanoid I saw many people by now already and posts being deleted. Super weird.
English
S3cur3Th1sSh1t retweetledi

The 429 Microsoft Graph Mystery - @ShitSecure
Using Invoke-GraphRecon can provide some common risky default configurations of the target tenant already, but get's blocked from Microsoft with an (429) Too Many Requests error message.
r-tec.net/r-tec-blog-the…
English
S3cur3Th1sSh1t retweetledi

First blog post in a mini series where I look at "disposable tooling". This post shares what I have found to be useful when 1-shot'ing LLM generated Stage-0 agents for Mythic. specterops.io/blog/2026/06/2…
English

@Flangvik Five years ahead? That’s relevant right now and used by a lot of groups for sure already. Even a fully fledged framework can be created and tested like that pretty fast.
English

Adam dropping TTPs 5 years ahead as usual, can’t wait until 2031 when I’m gonna read this and be like that’s super relevant now! Nice work👏
Adam Chester 🏴☠️@_xpn_
First blog post in a mini series where I look at "disposable tooling". This post shares what I have found to be useful when 1-shot'ing LLM generated Stage-0 agents for Mythic. specterops.io/blog/2026/06/2…
English
S3cur3Th1sSh1t retweetledi

Alternatively, you can find a Python script for scanning these values, as well as the exploit here: github.com/rub-softsec/on…
A module for scanning with NetExec has also been added🧵
English
S3cur3Th1sSh1t retweetledi

Already published the first two parts of the GSA –Tunnel Vision Series, hope you guys enjoy it and find it useful. The third part covers the rogue client and I'm hoping to finish it by end of the week.
ar0x.com/posts/what-is-…
English


