Prashant Mahajan

c0c0n Training Announcement Applied Infrastructure Security Assessment – 3 Day Intensive Workshop Step into the world of real-world enterprise attacks with this hands-on, deep-dive training designed for security professionals who want to go beyond theory and into action. What to Expect: ▪️ End-to-end attack lifecycle: from reconnaissance to full compromise ▪️ Internal pivoting & Active Directory exploitation ▪️ Bypassing layered defenses in hardened environments ▪️ Developing and adapting real-world exploits ▪️ Leveraging AI in modern penetration testing ▪️ Immersive, realistic lab environment Outcome: ▪️ Walk away with practical skills, real attack experience, and the confidence to assess complex enterprise infrastructures. Trainers: ▪️ @gehaxelt – Technical University of Berlin, Germany ▪️ @prashant3535 – Payatu Australia Pty Ltd, Australia Limited seats. High impact. Real skills. For more information, visit - c0c0n.org/applied-infras…

Dependency cool-down enforcement is coming in PMG. npm first. Then pypi. Coupled with sandbox, it should reasonably protect developers (including us) against current day supply chain attacks.

"Why take notes?" Not to collect. To think. Note-taking frees your mind in the moment and gives you building blocks for the future. Capture ideas like LEGO bricks: small, atomic, reusable, composable.

Brief announcement: Launching Unprompted.au later this year in Sydney — a new conference focused on offensive and defensive security research using AI, and on how AI is reshaping the field. Sister conference to Unprompted. Follow @UnpromptedAU for updates.

Releasing KslKatz. Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver. github.com/S1lkys/KslKatz

Thanks @ANZ_AU for reporting a fraudulent transaction and completely freezing all my accounts. The message is clear that you can’t rely on anyone

🔮 What does the future of cybersecurity look like? That's the question at the heart of #NullconGoa2026 CFP. If your work pushes boundaries, challenges the present, and dares to predict what's next, we want your voice on our stage. 👉nullcon.net/goa-2026/cfp #CFP #cybersecurity

Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳

AWSDoor: Persistence on AWS riskinsight-wavestone.com/en/2025/09/aws…

For those of you who couldn't make it in person today, join us online at youtube.com/watch?v=jC1jxb…

Cybersecurity enthusiasts in AU & NZ, prepare to be electrified! OzHack is now an official reseller of @electronicats New Arrivals - Faulty Cat & CatSniffer Best-selling gear is back in stock - Flipper Zero Add-Ons - Modbus, Magspoof & CANBus ozhack.com/collections/el…

My initial take on eBPF for Windows: scorpiosoftware.net/2025/02/22/int…

I've written a short (well, not really short) article about validation vs sanitization vs escaping vs encoding vs filtering when it comes to handling untrusted input. hackarcana.com/article/saniti… There's some confusion around it and it's important to get this right in application sec

Advanced Infrastructure Security Assessment might seem challenging, but don’t worry—we have @prashant3535 at #NullconGoa2025 making it all easier to grasp! 😎 Know More: nullcon.net/goa-2025/train… #infrastructure #security

We're thrilled to announce that we now have O.MG stock available! 🚀 O.MG Adapter, Cable, Malicious Cable Detector, Plug,  Programmer & UnBlocker. ozhack.com/collections/usb #OzHack #GetYourHackOn #OMGTools

Humble Bundle: Hacking 2024 by no starch press humblebundle.com/books/hacking-…

We just released a fun, rapid-fire with @prashant3535 , Director of Payatu Australia & OzHack, where we explored everything from Community friendships to his #wardriving days.. and not to miss, the story behind - 'Corrupt' Catch this lighthearted side of Prashant. Check it out Now! youtu.be/ubwTaIleVnM

So, what does it take to get Domain Admin? 🕹️ I sat down with @prashant3535 , Director at Payatu Australia & OzHack, in the latest episode of #BreakpointSecurity to dive into this. 📺 Watch Full Episode Now! YouTube: youtu.be/IhSM1c3g2WU Apple: apple.co/3Yme9ux Spotify: spoti.fi/3UnW0LR Buzzsprout: bit.ly/3NHRcwX From initial entry points to advanced #evasion and stealth, he shares what it’s like to Get Domain Admin in a real network. 🔒 How "Castle" infrastructure designs can be breached 🔒 Advanced #EDR & #XDR evasion 🔒 The Defender’s Dilemma—top controls 🔒 Cloud infra testing & zero-day risks If you're in #cybersecurity, don’t miss it! If you like the episode, please subscribe and share :)

Our next episode, is an exciting chat with @prashant3535 on IT infrastructure #Hacking . #Exploit techniques and Getting Domain Admin. In short- whatever can go wrong in your network.. #cybersecurity Checkout the teaser Now! youtu.be/uuDpm2qelZo

Imagine 💭 a complex environment with diverse operating systems, servers, and applications; alongside security solutions like firewalls and antivirus software. How do you plan to go ahead and pwn them all? 🤔 Join @prashant3535 at #NullconGoa2025 👉 nullcon.net/goa-2025/train…