fin3ss3g0d

Fun fact: StoneKeeper C2 contains a text file with URLs to Nighthawk samples here github.com/fin3ss3g0d/Sto… 1/4 has been verified and contains the original logic for the Ekko sleep obfuscation technique

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

@LawrenceHart_ LIVING WITHOUT U 🌊

This is absolutely wild... aikido.dev/blog/npm-debug…

@MrUn1k0d3r Oh man I remember seeing this idea in SharpHellsGate #L174" target="_blank" rel="nofollow noopener">github.com/am0nsec/SharpH… a while back and it blew my mind cause I couldnt find any talk on it. Glad to see the thing still being talked about You could also do a deterministic alloc w/ dynamic assemblies gist.github.com/susMdT/2d13330…

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method. github.com/Mr-Un1k0d3r/Do…

@evilsocket @dodo_sec Ban this dude from github and defcon

@evilsocket @dodo_sec This is sooooooo embarrassing

How did this AI slop get a talk at the main track @ DEFCON????????? github.com/poppopjmp/VMDr…

@HackingLZ I need X pro so I can add more context to my posts smh 😭😂

@fin3ss3g0d That’s fair as well I think the recent drama about the two defcon talks might impact all this 🤣

@HackingLZ I use it all the time and it’s great I agree. I think some people are going a little overboard with it was the point of my post. Self acclaimed “expert” titles in bios after posting 100% AI written tooling with no coding history before this. I couldn’t show my face at a talk lol

You're also talking about a space where an increasingly larger group of people get up in arms if you want to argue that people should know how tools actually work before using them. The AI stuff has been a huge force multiplier for everyone I know who uses it, where they might build a single tool during an engagement, they now build several or add functionality quicker to existing stuff

@SpecterOps @ShitSecure Whoa 😂

Cookie theft has evolved. 🍪 Over the last year, stealing cookies on Windows devices has changed significantly for Chromium browsers like Chrome and Edge. Andrew Gomez dives into these changes, how threat actors adapt, & new detection opportunities. ghst.ly/45S1ZgW

Do you want to trigger shellcode only when: - Certain DNS resolution happens? - Certain servers are reached out to? - When you get a 112 byte long response? ...etc Meet InternetSetStatusCallback() for fine tuning execution (or if you are just bored): gist.github.com/whokilleddb/59…

@SpecterOps found out that the EFS service (PetitPotam) can simply be activated by asking the endpoint mapper. Great research!🎓 Now our efsr_spray NetExec module is obsolete, but we're on it: This PR activates the service by default with coerce_plus 🚀 github.com/Pennyw0rth/Net…