Mor Davidovich

Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): mansk1es.gitbook.io/AnyDesk_CVE-20…

Elastic Security Labs has discovered a new method for initial access and evasion in the wild, termed #GrimResource, which involves arbitrary execution in mmc.exe through a crafted MSC file. elastic.co/security-labs/… gist.github.com/joe-desimone/2…

@alisaesage I've wanted to get into fuzzers since I started in this field. Good resources are hard to find, so I always put that off. This could really help jump-start my learning process and expand my team's capabilities.

Happy Solstice! Time to celebrate Truth and Justice. I appreciate your support; and I want to let you try one of my value-packed & expensive commercial masterclasses: ☀️ Masterclass: Hacking Fuzzers for Smarter Bughunting (on-demand video) #fuzzing" target="_blank" rel="nofollow noopener">zerodayengineering.com/training/maste… This class will give you a core level grasp of modern evolutionary coverage-guided fuzzing as pro hackers use it. It goes fast from fuzzing essentials to advanced customization & examining how code coverage works on CPU assembly level, 4 hours hands-on video. Free access from 21st to 23rd June (access conditions below)

@theluemmel Congrats buddy, best of luck, I hope you crush it!

Happy to share that I will try to run my own business as a side hustle starting at the beginning of next year. If you are a German follower and are interested or know someone, please feel free to reach out to me. Some info, details etc. can be found here: ds-itconsulting.de/index.html

One Box To Rule Them All Little write up of my way to tackle remote pentesting situations with a dropbox. This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network. luemmelsec.github.io/One-Box-To-Rul…

I usually tend to avoid politics but nowadays it is impossible. To all the Hamas supporters that reading this post, all the people that shout "free Palestine!" take a moment to answer those questions: Who ruled Palestine and in which year was is conquered? (hint: no answer)

Cashing in on browser behaviour to silently download executable files. A blog post by @defte_: sensepost.com/blog/2023/brow…

The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected! posts.specterops.io/sccm-hierarchy…

Our EXE loader is now available to everyone on GitHub: github.com/Maldev-Academy… We'll be uploading more repositories on our GitHub in the future.

Love to see our work inspires stuff like that. Check out @sam_phisher new blog post on Automating MalRDP deployment with Terraform and Ansible. Great Work!

@sam_phisher @ShorSecLtd Oooh this is nice! Great work!

I saw this the other day, and took a look at @ShorSecLtd's article. Brilliant work that I wanted to try to automate somewhat. My blog post about deploying MalRDP to Azure with Terraform and Ansible: skal.red/automating-mal…

@dmcxblue @ShorSecLtd Thanks for sharing :)

Came across an incredible article about phishing with RDP Files besides the technique used previously using a C# Loader this one is just with the RDP File alone, awesome work from @ShorSecLtd 👏👏👏 #redteam

My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure. trustedsec.com/blog/okta-for-…

@d_xedex Myabe try it with the --forest or --legacy flags, those flags should be used according to the zone type you saw during the --print-zones command. It would help to see the command you ran.

@dec0ne I made sure it's the right zone, I also, tried other zones but I keep getting this error 🤔

New blog post of mine and my first in our "The Path to DA" series where I share a cool attack path I exploited in a recent engagement to gain Domain Admin privileges. Hope you like it :) shorsec.io/blog/the-path-…

@d_xedex 😆 lol Achievement Unlocked! Just kidding. Hopefully, it was worth it

@dec0ne Great, now because of your cool article I missed my train stop 😭

@Idov31 Do you ever rest?! Always love reading your posts Amazing work bro🔥🔥🔥

Part 5 of Lord Of The Ring0 is out! idov31.github.io/2023/07/19/lor… On this part, I explained how APC and thread injection made from the kernel to a user mode process, IRP & SSDT hook, why they don't work anymore (and their alternatives) #infosec #CyberSecurity