Leo Loobeek

@TheDistance21 Daytona isn’t that far north 😁

Hitting the road for annual golf trip to Northern Minnesota, where we play two (sometimes 3) of the nicest public courses in the state. Wish me luck. When I come back, I hope to see JJ McCarthy make major strides in his progression as our number 1 QB.

After trying LangChain, then Haystack, Rigging has been the best option so far. Removes all the unnecessary abstractions and allows you to focus on building an LLM powered toolset.

Welcome to my 2023 Irreverant Red Team TTP Wrap Up (Trends, Trolls, Predictions) It's likely some of these will ruffle feathers, but hackers break things right? 😁 🧵👇

@Vikings @KevOC7 @PhilMackey @DustBaker Season over. 24 hours after the most devastating event of his career, OUR quarterback doesn’t sit home feeling sorry for himself. No, he attends the Kids Club Trick-Or-Treat Trail in Egan. That’s our QB. #Vikings

Fun little DLL making a request out to an LLM. Still have some troubleshooting left with sRDI. While it’s ultimately just a we request, LLMs + Ops os fun to think about.

Before NVIDIA, I was lucky enough to work with @ram_ssk and @drhyrum at Microsoft. We got to write tooling, risk assessments, and attacks IRL. MLSec seems new, but their work on this topic is all over the Security community. If you’re looking to orient yourself to the current state of ML Security, this is it. amazon.com/Not-Bug-But-St…

@Jean_Maes_1994 @ConsciousHacker Haha I’m no wizard, I’m just as puzzled with COM as the next poor soul to spend time learning it 🫠

@ConsciousHacker @leoloobeek I knew you were a wizard

I'm convinced COM is a powered by a wizard inside of a hamster wheel and no one can talk to the wizard. Therefore, no one really knows how COM actually works.

@bohops @coffeegist I’m still here. I’m not mad @bohops, I’m just disappointed.

@coffeegist It's really a social experiment to see who is still hanging out on this platform...

Still true

I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. posts.specterops.io/stalking-insid…

In this post, I discuss one key difference in the thinking between sophisticated adversaries and many of the red teams that try to simulate them, as well as what that means for tradecraft and tooling. jackson_t.gitlab.io/it-depends.html

I am sharing the slides from my latest presentation: “0-Day Up Your Sleeve – Attacking macOS Environments” I gave at @nullcon 👉securing.pl/en/presentatio…

An interesting post about Kernel Callback used by EDR. It’s a nice article to read if you want to dive into EDR Kernel Callbacks bypass. Thanks @synzack21 for the blogpost ! :) The part about @fdiskyou evil.sys driver and experiments is really nice ! :) #patching-the-edr-process-notify-callback" target="_blank" rel="nofollow noopener">synzack.github.io/Blinding-EDR-O…

@subTee Thanks Casey! Just standing on the shoulders of all your great work 👊

Packt currently has a few books (including Penetration Testing Azure for Ethical Hackers) on sale on Amazon. Use code “20SECURITY” to get the 20% off discount - packt.link/NEBPw

New post is up on the @trustedsec blog, this time looking at how to use ProcessDeviceMap to load arbitrary DLL's into a process on start. trustedsec.com/blog/object-ov…

Introducing Ivy a unique, stealthy method of executing shellcode using VBA and COM objects without dropping office macro documents to disk. Ivy also allows for the unhooking EDRs from the VBA environment. Check it out: github.com/optiv/Ivy 👀 #netsec #redteam #EDR #evasion

@HackingLZ The smartest hacker I've ever met @SpecialHoang is an anti cheat wizard

Always been a running joke about wanting to improve infosec/malware detection bring over all the anti cheat gaming folks twitter.com/gf_256/status/…

AccChecker is a pretty interesting #lolbin (+ AppLocker Bypass) from the Win SDK. Load a managed DLL with this cmd: AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll More info in this gist: gist.github.com/bohops/2444129…

github.com/jonaslyk/temp/… My webdav based reflective loader/per process devicemap based dll injector POC is by now usable. I would really like to have a OOP wrapper for NT- designing such is surprisingly difficult, but this approach shows potential especially considering simple

[New Tool] RogueAssemblyHunter 🛡️ Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes github.com/bohops/RogueAs… #BlueTeam #ThreatHunting