We think of WASM as a mechanism to run compiled code in your browser, but what if we shimmed in all the host APIs necessary to run full implants with ALL logic entirely in the WASM VM? This post walks through what that looks like.
https://t.co/xGVpPe2zyC
#wasm#malware#sliver
WASM was built to sandbox browser code. We used it to run a Sliver implant on Windows and macOS that EDR can't read. 🧬
WasmForge compiles Go offensive tools to WASM. Zero source changes.
Blog: https://t.co/6QaZAMGbMY
Demo: https://t.co/iaZFQLbcBH
#OffensiveSecurity
Excited to present at DEF CON Singapore next week on Brutus — our open-source credential testing tool for modern offensive workflows. Single binary, zero deps, JSON-native, compiled-in bad SSH keys, and experimental AI-powered credential discovery. 🗡️
https://t.co/15pITzK6Zu
🔓 CVE-2025-33073: Any domain user → SYSTEM → DC TGT → domain compromise. No admin needed.
SMB signing on DCs won’t save you.
https://t.co/9DLn8dBs66
#theguardplatform#offensivesecurity
Early last year @rad9800 shared an idea he'd discussed with @jonasLyk about how to stealthily write to the registry without using the traditional registry APIs EDR watches. The time has come to open source the tool. Hope this helps someone hit their goal!
https://t.co/LplZgvEa6p
This PR is likely the root cause of how @PostHog eventually got infected with #Sha1-Hulud
https://t.co/vOZLrufERb
Vulnerability introduced Sept 10th.
#githubactions
Developers can be targeted.
Build systems can be breached.
Malicious packages can be signed.
None of this is new. We just keep falling into the same trap: blind trust.
Ant is an exceptional RT operator/director, one of the best I've worked with.
We ran some sweet ops together, and I learnt a great deal from working alongside him.
Not often do folk of his nature appear on the market.
😈 ChromeAlone - Transform Chromium browsers into a C2 Implant.
A la Cobalt Strike or Meterpreter.
@defcon talk and tool release by @praetorianlabs' Michael Weber.
ChromeAlone contains a number of out of the box components, including:
- A malicious Chrome extension that can perform credential capture, session hijacking, shelling out, and reading the file system
- A management server
- An Isolated Web Application to maintain persistence
- and more.
Tool: https://t.co/OXOF16CxiJ
Talk recording:https://t.co/rMgZztHesD
#cybersecurity #redteam
You can now restrict which repos can register self-hosted runners AND configure fork PR approvals via the API.
Huge for centrally addressing self-hosted runner shadow IT!
We've spent years researching and building tools for CICD security.
Now, we're ready to knowledge dump at a 2-day hands-on training at Black Hat (Aug 2-3, 4-5):
Learn more: https://t.co/d4hdthiZaU
One of the fun things we did for the Nemesis 2.0 release was heavily optimizing our usage of @praetorianlabs' Nosey Parker. Specifically, instead of calling the binary to scan + recalling to retrieve structured data all wrapped in a Python API as before, we now 1/3
I'm thrilled to announce that my talk Ghost Calls: Abusing Web Conferencing for Covert Command & Control was accepted to #BHUSA 2025 (CC: @BlackHatEvents)
https://t.co/hRUncJq3YY
Our owl Mario just published a small VM to generate application-layer protocols. Define your protocol from scratch with opcodes!
https://t.co/qqr52RKmWe