BlackArrow

Meetings You Didn’t Plan, But We Did In this post, @ineesdv breaks down how calendar event processing in Outlook and Gmail can be abused to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction ➡️Read more: tarlogic.com/blog/abusing-c…

On our way to Switzerland 🇨🇭, where tomorrow @ineesdv will present our research at @1ns0mn1h4ck on abusing calendar invite processing in modern email clients. ➡️ Read more: insomnihack.ch/talks/meetings…

Phishing now happens in meetings as well? @ineesdv say yes! Understand how attackers exploit collaboration tools with this new #Insomnihack talk. Buy your ticket now: ow.ly/yBis50Ya55M #InsomniHack #Cybersecurity #INSO26

Just over 24 hours until @_kripteria takes the stage at @h_c0n to revisit the design and methodology of attack graphs in Active Directory, showcasing new approaches with Neo4LDAP.

Kudos to our colleague @_Kudaes_ , who yesterday delighted us at @NavajaNegra_AB with his talk 'Activation Context Hijack,' which can be rewatched here: twitch.tv/videos/2581089…

This Thursday, our colleague @_Kudaes_ will be at @NavajaNegra_AB presenting Activation Context Hijack: a new code execution technique for Windows environments. ➡️ More info: navajanegra.com/2025/speaker/k…

Are you aware that even with App-Bound Encryption, attackers can still attempt to steal browser cookies? Our #ThreatHunting team explains how the technique works and how to detect it. ➡️ github.com/blackarrowsec/…

AvePoint has fixed a vulnerability in DocAve, Perimeter and Compliance Guardian discovered by our researchers @m1ntko and @Calvaruga. This vulnerability can be used to achieve Remote Code Execution (RCE) in affected systems. ➡️ Advisory: avepoint.com/company/docave…

Are you aware that WebDAV and search-ms can trick users into executing remote files as if they were local? Our #ThreatHunting team breaks down how the technique works and how to detect it. ➡️ github.com/blackarrowsec/…

¡No parpadees si no te lo quieres perder! Kurosh Dabbagh nos habla de "Call Stack Spoofing para ocultar la ejecución de implantes desde memoria" #WindowsInternals #Malware #EDR @_Kudaes_

In a few hours, our colleague @_Kudaes_ will talk at @EuskalHack about call stack spoofing to hide the execution of implants from memory. #ESCVII ➡️ Read more: #ponente7" target="_blank" rel="nofollow noopener">securitycongress.euskalhack.org/ponentes_es.ht…

Are you aware of this technique for achieving fileless persistence? Find out how it works and how to detect it. ➡️ github.com/blackarrowsec/…

Although it's nothing new, @ineesdv and I are pleased to publish our own ROP-based implementation of the code fluctuation technique. We've tried to keep it simple and functional, avoiding to use common features like Timers, HWBP or APCs. github.com/Kudaes/Shelter

Our colleagues @_Kudaes_ & @ineesdv will be at #HackOn2024 presenting an alternative approach to ROP-based sleep obfuscation technique to evade memory scanners. ➡️ Read more: hackon.es/charlas/In%C3%…

Enhanced version of secretsdump from #Impacket to dump credentials without touching disk. This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives. github.com/fortra/impacke…

🚨 Confirmamos primera charla 🚨 Ines (@ineesdv) y Kurosh (@_Kudaes_ ), operadores de Red Team en la unidad de seguridad ofensiva de Tarlogic, son la primera charla confirmada de la #HackOn2024. 👨‍💻 Muchas gracias por venir, estamos encantados de recibiros.

Our colleague @IagoAbad has weaponized the leaked token handles technique for MSSQL. Now open token handles in MSSQL's process (sqlservr.exe) can be abused to change security context and escalate privileges both locally and in the domain. github.com/blackarrowsec/…