SadPanda

We getting griddy! Pushed a minor update to print a nice grid emulating excel sheets in console output. #redteam github.com/OG-Sadpanda/Sh…

What a week at @OutflankNL! > Release: Cobalt Strike Research Labs - research form the CS R&D team straight to OST customers > Release: InfraRed - automated deployment of RT infra > Nifty AI evasion research from @kyleavery added to OST > @fortraofficial acquires @_ZeroPointSec

Congrats @_RastaMouse !

Hey @fia 🙂

Thanks to @Octoberfest73, who spotted a mistake I made in my blog (which led to a never-ending rabbit hole of false assumptions about timer stacks xD), I was able to implement the InsomniacUnwinding technique in a full sleepmask based on Ekko by @C5pider github.com/kapla0011/Inso…

firewall_rule - a BOF to add, remove, or query Windows Firewall rules via the COM API (INetFwPolicy2) In highly monitored environments, just spawning process will create alerts. This tool is useful for helping pivot inside networks without that process creation find it here: github.com/atomiczsec/Adr…

@moonlock_lab @patrickwardle @g0njxa @arinwaichulis @philofishal @shablolForce @txhaflaire @theevilbit @L0Psec @theJoshMeister @DefSecSentinel @bruce_k3tta @birchb0y @AndreGironda @suyog41 @NietzscheLab On the topic of undetected MacOS payloads, we also now support shellcode/reflective in-memory dylibs on darwin/arm64 :-) github.com/sliverarmory/b…

In this joint research project with @AndrewOliveau and @kulinacs we explored integrating LLMs into offensive workflows. The MCP servers and Gemini extensions from the blog can be found on the @ArmadinSecurity public GitHub ⬇️ 🔗 github.com/armadin-public

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

We just released Claude Code channels, which allows you to control your Claude Code session through select MCPs, starting with Telegram and Discord. Use this to message Claude Code directly from your phone.

FrontHunter - a tool for testing large lists of domains to identify candidates for domain fronting github.com/st3rven/fronth…

🛠️ Fritter - a heavily modified fork of Donut shellcode generator ✅ It generates position-independent shellcode for in-memory execution of VBScript, JScript, EXE, DLL, and .NET assemblies, but with a heavy focus on evasion and signature resistance github.com/0xROOTPLS/Frit…

It appears that Microsoft removed the discovery of all domains in a tenant through ACS, a technique that I shared at my BH/DC talks last summer (though probably not many people spotted the reference). I found it out during a live demo of course 🙃

🔥 macOS cmd-obfuscation with ArgFuscator New: over 60 os-native macOS binaries' command lines can now be obfuscated using #ArgFuscator, bypassing command-line based detections, such as this EDR trying to prevent credential dumping. 👉 Check it out: argfuscator.net

@MDSecLabs github.com/Flangvik/RegPw…

New tool: DirectSendIt Python tool to automate large scale delivery of MS Direct Send phishing emails. Accepts HTML emails, attachments, lists of users to send to, etc. Built off of amazing research/work by @rvrsh3ll github.com/Wolfandco/Dire…

Microsoft have finally patched another tenant domain enumeration loophole > ourcloudnetwork.com/microsoft-quie… Since Microsoft Patched the Get-FederationInformation endpoint from enumerating tenant domains, researchers and services like my TenantDomainFinder have been using a legacy ACS endpoint to enumerate all tenant domains. However, it looks like from today, Microsoft have quietly patched this exploit! #Entra #Microsoft #OSINT

@filip_dragovic Exploit code available here - github.com/mdsecactivebre…

Built an evasive CS RL with Crystal Palace that bypasses Elastic EDR. The evasion lives inside the blob. Not in how it got there. Blog: lorenzomeacci.com/bypassing-edr-… Source: github.com/kapla0011/Kapl…

New @TrustedSec tool drop from @freefirex2 there is still gold to be fund in LNK files. github.com/trustedsec/Lnk…

I am releasing a new toolkit I built for IIS-based lateral movement and code execution within IIS worker pool process's memory. Phantom ASPX Loader & PhantomLink -- a two-part toolkit for reflectively loading native DLLs into IIS w3wp.exe worker processes via ASPX. github.com/zux0x3a/Phanto…