William Burgess

Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: labs.withsecure.com/blog/spoofing-… PoC: github.com/countercept/Ca…

[BLOG] Playing in the (Tradecraft) Garden of Beacon: Finding Eden - cobaltstrike.com/blog/playing-i…

Me defending my O(n^3) solution to the coding interviewer.

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion resecurity.com/blog/article/p…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

[New @originhq blog+POC] No PPL? No problem! SecurityTrace, an undocumented ETW feature, restricts some AutoLogger traces to PPL only — yet we found this current design still allows non-PPL processes to consume from Threat-Intelligence as admin only! originhq.com/blog/securityt…

Want to consume Microsoft-Windows-Threat-Intelligence but Antimalware-PPL getting you down? No problem! I will post a blog & POC soon - but this allows you to consume Threat-Intelligence without PPL _and_ w/o any kernel patching/driver loading gymnastics! Only need admin!

Cobalt Strike 4.12 is LIVE, complete with a new look for the GUI! Additionally, we're introducing: - A REST API - User Defined Command and Control (UDC2) - New process injection options - New UAC bypasses - and more! Check out the release blog for details. ow.ly/RSmE50Xx1OS

A looot in this but if (like me) you’re a fan of custom egress channels ala extc2 this will be of particular interest 👀

New Blog: Based on his talk at Black Hat, @0xTriboulet discusses integrating Windows AI/ML APIs into Cobalt Strike’s workflows and presents proof-of-concept implementations for AI-augmented post-exploitation capabilities in Cobalt Strike. ow.ly/8hSO50WWTSW

Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobyt…

@tijme @OrangeCon_nl Very cool, nice work

@DaniLJ94 Probably not slides but I plan on releasing blog + code when i can (unsure if conf is recorded, it was live streamed last year tho)

@joehowwolf Are you planning to release the slides after the con? or any recording? I'd be very interested

I will be presenting at Beacon conf next week on “Linkers and Loaders: Experiments with Crystal Palace”. If you enjoy filthy PIC tradecraft it may be of interest! eventbrite.co.uk/e/beacon-25-ti…

@_RastaMouse 😂 @RWXstoned added support for release pic debugging if that helps slightly (rwxstoned.github.io/2025-07-06-Bet…) but yea the joys of pic development

I have call stack spoofing working inside a udrl-vs project, but it crashes when I build it into PIC. Kill me now @joehowwolf.

I am excited for us to finally share our fully user-mode detection agent research preview! Intel Processor Trace, Last Branch Record, thread scheduler and PMU telemetry all from user-mode, using the latest Windows features!

Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cr…

Chrome Remote Desktop can offer red teamers a subtle way to bypass restrictions—if they know how to use it. In this blog, @Oddvarmoe reveals a practical guide to repurposing Chrome Remote Desktop on red team operations. Read it now! trustedsec.com/blog/abusing-c…

I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files. github.com/MEhrn00/boflink Supporting blog post about it. blog.cybershenanigans.space/posts/boflink-…

[BLOG] Integrating Tradecraft Garden PIC loaders into Cobalt Strike rastamouse.me/harvesting-the…

[BLOG] Dynamically Instrumenting Beacon with BeaconGate - For All Your Call Stack Spoofing Needs! cobaltstrike.com/blog/instrumen…