Marcus H. | Archiba 🇱🇰/🇸🇪

@HackingDave @faanross @HackingLZ @cantcomputer Anyone serious in cybersecurity has to have a no external API's setup. It is a huge capex that will result in ROI over time. If you havent tried it.. from my blackwell cluster i found Qwen 3.5 to be superior to these models. Can recommend and there are uncensored variants.

@faanross @HackingLZ @cantcomputer Kimi/glm

Pulling the trigger on ordering 8xh100s for TrustedSec. The inconsistencies on frontier models plus how deep we are going with research is a must. Now I’ll have my own dedicated coding system. Excited ! Maybe I’ll share with @HackingLZ and @cantcomputer ..

Made a quick BOF to exploit the currently unpatched BlueHammer vulnerability to dump SAM hashes from a low integrity context. github.com/incursi0n/Blue…

Releasing GodPotatoBOF: Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. OPSEC safe alternative to the .NET version. Based on the original GodPotato PoC by BeichenDream. github.com/incursi0n/GodP…

Releasing KslKatz. Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver. github.com/S1lkys/KslKatz

Huginn Project: Project to generate COFF-format shellcode with API for : - Indirect syscall API - Stack Spoofing - Proxied LoadLibraryA calls Great for UDRLs, stage0 and OPSEC-conscious shellcode. github.com/NtDallas/Huginn

WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it. Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions. Read more ⤵️ ghst.ly/45fPUma

Modular PIC C2 Agents (reprise) rastamouse.me/modular-pic-c2…

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method. github.com/Mr-Un1k0d3r/Do…

Dropped a follow up blog for the talk I did at fwd:cloudsec earlier in the year. Hopefully this makes it easier for people to follow at their own pace about the SharePoint pre-authentication "feature"/issue and orgs can decide to turn it off or not labs.reversec.com/posts/2025/09/…

Best Citrix Breakout ever. You can only download .ica files that provide access to certain local applications but breakout out of these applications is not possible? Just modify the .ica file before starting it and remove The InitialProgram= value -> Full Citrix Session! 🤓

@deadvolvo @Akamai Great recruitment! 💪

Today I join @Akamai as a Senior Security Researcher and I am very excited to keep pushing the boundaries of both offensive and defense research to help make the internet a little harder for the bad guys to break. 🔥🥲😜

Enjoy github.com/Octoberfest7/z…

👇 github.com/ly4k/Certipy/d…

@Octoberfest73 If you provide value, (that you will) - sure why not

What are the attitudes around / is there precedent for presenting a topic/tooling at a convention and then releasing it behind a paywall? I haven't hit a public conference before so not sure if that is something that flies or not.

BOF is out now, enjoy! 🐸 github.com/iilegacyyii/Da…

🔪Open-sourcing 💀StringReaper BOF! I've had great success in engagements carving credentials out of remote process memory with this BOF github.com/boku7/StringRe…

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

Wrote a short blog post on: - ETW Threat Intelligence generated by SetThreadContext (hardware breakpoints) - Kernel debugging and reversing - Setting HWBPs in a more "stealthy" manner (not the same ETW TI events generated - no detections) Check it out praetorian.com/blog/etw-threa…

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00. synacktiv.com/advisories/mic…

Achievement unlocked, my first blog with SoecterOps 🤗 This post looks at ADFS OAuth2 support, Device Registration, Enterprise PRT, and a brain dump of things that I didn’t want to leave sat on Notion. posts.specterops.io/adfs-living-in…