obscuresec

Empire v6.5 is live! - 8 new modules across BOF/C#/PS/Python - New C stager + PIC shellcode compiler for stage0 agent injection - Patchless AMSI & ETW bypasses - New Jobs tab on the agent page for managing background jobs - Python 3.14 support github.com/BC-SECURITY/Em…

Why watch or support the NFL at this point?

@hakluke Alva Duckwall's presentation is worth a look if you're up against 802.1x youtu.be/rurYRDlf1Bo?si… There have been follow up talks in more recent confs, and tools on github that broadly automate these attacks now, but this starts at the beginning.

Rootkitting appliances, you say? There's a common refrain that attack is always evolving, but I was compromising Linux-based appliances in network penetration tests in the 2000's. Middleboxes with late 90's vulns that have privileged positions and access are the anti-pattern.

@n00py1 @scriptjunkie1 Absolutely. There is an entire claims industry that shouldn't exist. From the VA IG you can see evidence the VA has of fake medical evidence (fraud) and the steps they take to identify it. I imagine whatever this bizarre rule is that its about service connection and not faking.

@obscuresec @scriptjunkie1 There are entire businesses built around scamming the VA on sleep Apnea diagnosis.

Hey, speaking as a veteran: It's fraud/abuse, like many other categories, for decades. It's well known - as you prepare to separate, veterans just volunteer tips on gaming the system. I bet non-disabled vets would overwhelmingly support slashing it. x.com/fentasyl/statu…

All you need are some lolbins and a prayer #redteamtips

@HackingLZ That isn’t the line though. The line is “next year is our year.”

☠️

@rootsecdev Many of the people I respect the most in this industry had to take the exam multiple times. It does not reflect negatively at all. You got it.

Failed my OSCP exam this morning. Super disappointed in myself since I’ve really poured my soul into everything this time around. Nonetheless I’ll shrug it off and try again.

@JJettas2 #Madden24Sweeps

Happy MADVENT! One lucky fan will receive my favorite Madden play, autographed! Follow below for a chance to win on Twitter or IG: Comment below with #Madden24Sweeps by Dec. 13 at 11:00 am EST to enter for a chance to win! You must be 18+ to enter.

@JoshAllenQB #madden24sweeps

The season of giving is upon us and one lucky fan will receive my favorite Madden play, autographed! Comment below with #Madden24Sweeps by Dec. 4 11:00 am ET to enter for a chance to win! ea.com/madvent-giveaw…

@424f424f 🤔

@techspence Empathy.

What do you think are the most important qualities a pentester or red teamer should have? My top three are... 1. Humility - I know I don't know everything 2. Curiosity - a desire to learn more 3. Resilience - the will to stick with it

@christruncer It’s every game.

@obscuresec You’re still doing better than my team out west. But I hear you

@HackingLZ 😂

Where are those OST threads now?

@simplylurking2 @dyn___ @techspence Trivial Host Offensive Tool

@dyn___ @techspence Trivial Host Access Tool (THAT)

Anyone else feel like we should differentiate RAT with legitimate 3rd party RAT or is that dumb? I feel like one needs a different name. I see RAT and I immediately think malicious implant

@bohops run whoami.exe. yolo

@bohops I still see forms of the same argument cropping up. Basically if a TA hasn't done something than you can't emulate it. Seeing it applied to admin tools that are already in the environment flustered me.

@obscuresec First, that talk is epic 🔥 Second, what was this person talking about? lol

@HackingLZ There is an infosec lesson in this picture.

Useful car repair facts

@HackingDave I can smell this photo.

😂😂😂💨

@HackingLZ smh

I don’t like sports but I love memes. My friends don’t appreciate this meme for some reason 🤷‍♂️