Kurosh Dabbagh

Can LNK files ever be trusted? ⚡ My latest blog post demonstrates several new LNK abuse methods, allowing you to fully spoof the target shown in Explorer. It also introduces tools to create your own LNKs, and detected spoofed ones yourself. 🐬 wietzebeukema.nl/blog/trust-me-…

@Bad_Jubies 😂😂😂

Any good reading material on Windows Cache Manager, Memory Manager or I/O handling in general from the kernel's perspective?

@TheXC3LL Agree x10000

A small rant: The State of Art in Red Team is whatever you want to believe x-c3ll.github.io/posts/Rant-Red…

Available now at: github.com/sensepost/pipe…

Hi! I just published a technical deep dive into a complex and fun N-day vulnerability that allows to get RCE in a very popular e-commerce platform. Check it out! hiddeninslack.github.io/posts/from-sst…

Tangled is a social engineering platform that weaponizes calendar event processing in Outlook and Gmail to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction. github.com/ineesdv/Tangled Technical breakdown: tarlogic.com/blog/abusing-c…

Meetings You Didn’t Plan, But We Did In this post, @ineesdv breaks down how calendar event processing in Outlook and Gmail can be abused to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction ➡️Read more: tarlogic.com/blog/abusing-c…

[RELEASE] As promised, I’m releasing the first blog post in a series. It covers the gaps still present in current stack-based telemetry and how Moonwalking can be extended to evade detection logic and reach “on-exec” memory encryption. Enjoy ;) klezvirus.github.io/posts/Moonwalk…

This Thursday, our colleague @_Kudaes_ will be at @NavajaNegra_AB presenting Activation Context Hijack: a new code execution technique for Windows environments. ➡️ More info: navajanegra.com/2025/speaker/k…

@Samywithme Yes, admin privileges are required to open a handle to the disk

@_Kudaes_ do i need admin priv to retrieve SAM ?

I just released MFTool, an NTFS parser that builds an in-memory map of a volume, allowing you to: - Read any file without opening a handle - Get the contents of locked/deleted files (registry hives, pagefile.sys, etc) - Perform fast, in-memory searches across the entire disk 🔗👇

@shotgunner101 🫡!

@_Kudaes_ Gonna add this to my list of purple team testing for trying to access the sam hive, etc and see if the EDR blocks me 🫡

@C5pider Thank you, man. I really appreciate it!

@_Kudaes_ Marvelous work!

@TheXC3LL Thanks man! This one wasn't easy to pull it off 😅

@_Kudaes_ Great job as usual mate!

Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobyt…

Four months of development and maintenance have yielded considerable results. With the new changes introduced, the old demo was somewhat obsolete, so I decided to upload a new one where you can better see the current improvements to Neo4LDAP. youtube.com/watch?v=f2vkcr…

AvePoint has fixed a vulnerability in DocAve, Perimeter and Compliance Guardian discovered by our researchers @m1ntko and @Calvaruga. This vulnerability can be used to achieve Remote Code Execution (RCE) in affected systems. ➡️ Advisory: avepoint.com/company/docave…