hyd3sec

@johnjhacking Thanks bro! Credit also goes to @0xBoku who helped write the original piece!

@johnjhacking Love this

@johnjhacking But this has a business justification 😆😆

Stay tuned for a blogpost ;)

@johnjhacking @0xBoku

I've been developing my own C2 recently and incorporating all the BOFs i've created. Right now its an agent in C/ASM, a python3 Flask REST API (yup, like shad0w😉), and operator commands via curl 😅 Big shoutout to @C5pider @NinjaParanoid @_batsec_!

Created my first GUI program thanks to @C5pider! Its pretty terrible right now, but I have big hopes for the future lol

@johnjhacking @0xBoku Bro what on earth are u talking about! You and @0xBoku are on another level lol

Beginners Guide to 0day/CVE AppSec Research blog is up! Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB / MITRE CVE Shoutout: @hyd3sec @johnjhacking 0xboku.com/2021/09/14/0da…

Azure Outlook Command & Control. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP = Abuse Microsoft Graph API for C2 Operations. Control a compromised Windows Device from your Outlook mailbox. github.com/boku7/azureOut… ShoutOuts too: \1

Best thing I've heard in my entire offsec career... "Just need a clean result for PCI Audit" is the pentesting equivalent of "Hey man I just need clean pee for this drug screen pls" - @johnjhacking

@NinjaParanoid For what it's worth, do it for yourself to learn and improve your skills the reward is much more valuable. It does not matter if there is 100 tools that does it better or already exists. Gaining the knowledge along the way is the true value. ❤

Zero to Hero guide for Azure Device Code Phishing for Red Team engagements! Covers everything from creating a malicious Azure phishing infrastructure to achieving Azure Account Take-Over! Secrets to open OWA via Substrate! Credits: @424f424f @DrAzureAD 0xboku.com/2021/07/12/Art…

Just paid my car off and my credit score dropped 9 points. The logic behind credit scores is hilariously stupid

A nice tall coffee and a full night of hacking ahead #offsec #bathacks

New Cobalt Strike BOF that dumps the Process Environment strings from walking PEB using inline Assembly code! @TrustedSec did it first ;) , but this one doesn't touch Kernel32.dll or any DLL's :) github.com/boku7/whereami

If you like chocolate milk you'll love this beer

Them: We don't trust the internet so we can only accept the documents via fax or regular mail. Me: You do realize I'm going to just use an internet service to send you the fax, right? Nobody has fax machines anymore...

@SecurityTube @nikhil_mitt Thank you to YOU ALL for the awesome content you provide... and at really fair costs.

Congratulations to @hyd3sec for clearing our Certified Az Red Team Professional exam! #AzADLab #CARTP #PentesterAcademy cc @nikhil_mitt bit.ly/3tT4M4v