𝐶𝑇-𝐻𝑒𝑙𝑙𝑐𝑎𝑡

Built an evasive CS RL with Crystal Palace that bypasses Elastic EDR. The evasion lives inside the blob. Not in how it got there. Blog: lorenzomeacci.com/bypassing-edr-… Source: github.com/kapla0011/Kapl…

Ever wanted to draw a triangle with OpenGL as a 2kb position-independent shellcode? No? Me neither. But you can do it anyway: github.com/wbenny/scfw

@GigelV41464 Doesn't seem to be anything new

Getting a Nighthawk agent running on increasingly obscurer platforms, Part 1 Enter DroidHawk, the Android open agent. It’s a .so file wrapped in an app that calls it. It was surprisingly easy to repurpose the sample code to run on Android!

@_gcali @_ringzer0 online？

If you like VPN exploits as much as us, you're going to love this course Zeroshi is bringing to @_ringzer0! Marco will walk students into opening up edge devices for research, mapping their attack surface, finding vulns and building full exploit chains. ringzer0.training/countermeasure…

[New @originhq blog+POC] No PPL? No problem! SecurityTrace, an undocumented ETW feature, restricts some AutoLogger traces to PPL only — yet we found this current design still allows non-PPL processes to consume from Threat-Intelligence as admin only! originhq.com/blog/securityt…

@C2IRIS The price of cobaltstrike for one year has reached 5900 USD

At this point, Cobalt Strike is a worthless platform unless your goal is to emulate 13 year old Albanian ransomware gang members who are themselves using a cracked version of CS. In the real world, of high value targets, a firm that is red teaming them with CS is merely conducting a checkbox exercise. Can we just admit this already?

A short weekend read for anyone interested in the ANIMO (Azure Network Intel & Mission Ops) tool I've been working on throughout 2025. It documents a red team scenario with its capabilities and future development plans. If you'd like to send suggestions, phishing links or donations my DMs are open. #redteam dmcxblue.net/2026/01/04/ani…

New fav persistence method which works on Win11 25H2: Set the default key's value of HKCU\Software\Classes\CLSID\{18907f3b-9afb-4f87-b764-f9a4e16a21b8}\InprocServer32 to point to a malicious DLL and get shells from multiple programs even before a user logs in.

Another Pentest, another time the NetExec Veeam module didn't work properly. Sometimes SYSTEM impersonation is needed, sometimes it's flagged by AMSI. You need to know about alternatives. SharpVeeamDecryptor now supports v12 and PostgreSQL Veeam instances 😎 github.com/S3cur3Th1sSh1t…

@elonmuskTN 11

Because the last release of #NoPowerShell was 2 years ago and to celebrate the repo has 999 stars, I just merged DEV ➡️ MASTER and published Release 1.50 containing over 60 offensive cmdlets! 🥳 github.com/bitsadmin/nopo… See examples of some of the cmdlets below 👇

Released my Cobalt Strike BOF for fork & run injection! Features Draugr stack spoofing, PPID spoofing, multiple execution methods, and indirect syscalls for enhanced OpSec. github.com/NtDallas/BOF_S…

ADCSDevilCOM 📍 A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly. By: @AnonArtist8 github.com/7hePr0fess0r/A…

Here's my latest research. I decided to dive in to exploring Polymorphic PIC shellcode and walk the reader through the process of creating their own loader via x64 assembly code and Python. Thanks for your support and feedback as always. Enjoy! g3tsyst3m.com/shellcode/pic/…

I put a BOF loader in a BOF so that you can run BOFs from a BOF. If you've had issues getting a BOF to work with CS's BOF loader in the past, you now have a drop-in way to get a little bit more compatibility. github.com/0xTriboulet/In…

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

@dhavalg2006 How much do you know about GoAnywhere MFT? Can you do automated deployment consultation?

Happy to complete 6 yrs with Goanywhere MFT product from Fortra on file transfer/manage solution. Let me know if you need any support or guidance ☺️🙏 linkedin.com/in/dhaval-gand…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!