![Print3M_'s tweet photo. Releasing EPIC [Extensible Position Independent Code] โ toolkit for C/C++ shellcode building ๐ฅ
https://t.co/dnUg6PoEBa
- Modularity (!)
- Dead-code & payload size optimization
- Global context
- Minimal PIC-friendly libc & win32 included
- More...
#redteam #malware #security https://t.co/bF9YCZdF2T](https://pbs.twimg.com/media/G5fhOrGWEAAKwEo.jpg)
![Print3M_'s tweet photo. Releasing EPIC [Extensible Position Independent Code] โ toolkit for C/C++ shellcode building ๐ฅ
https://t.co/dnUg6PoEBa
- Modularity (!)
- Dead-code & payload size optimization
- Global context
- Minimal PIC-friendly libc & win32 included
- More...
#redteam #malware #security https://t.co/bF9YCZdF2T](https://pbs.twimg.com/media/G5ffNLjXQAA75LL.jpg)
Olivia
Online
Print3M
@Print3M_
Red Team & security research & programming.
Joined April 2024
91 Following
1.2K Followers
188 Posts
ย Pinned Tweet
@niebezpiecznik Dopiero 12 raz dzisiaj widzฤ posta typu "BREAKING!!!1! Someone just open-sourced". Claude coล dzisiaj zamulaล, pewnie dlatego taki sลaby wynik.
@SEKTOR7net Wow, thank you friends! :)
i don't want TO CREATE A FUCKING MICROSOFT ACCOUNT TO SETUP WINDOWS!!!!!!!!
@ale_sp_brazil @MacmodSec I was using Godap on my engagement! Very nice looking and convenient tool. I like the feeling and detailed info about objects.
Didn't know about FlashIngestor! Thanks :)
@domchell Don't forget to check out the free ebook pdf I prepared for you in the pinned post on my profile. Cheers.
Awesome real-life RedTeam infrastructure overview by @0XDbgMan ๐ฅ๐ฅ๐ฅ Juicy.
https://t.co/CzFTgMNknl
### Top-Line Findings
1. **The C2 ecosystem is far less diverse than it appears.** While there are 30+ "different" frameworks, the underlying technique implementations converge on a small number of canonical code patterns, many traceable to specific open-source authors or blog posts.
2. **Three source projects account for the majority of reused code:**
- **TrustedSec's COFFLoader** โ the ancestor of nearly every open-source BOF loader
- **PowerSploit** (by @harmj0y, @mattifestation, @obscuresec) โ Get-Keystrokes, Invoke-Mimikatz, PowerView, and persistence modules are shipped verbatim by Empire, PoshC2, PowerHub, Amnesiac, and Shad0w
- **Kevin Robertson's Invoke-WMIExec/Invoke-SMBExec** โ the dominant PowerShell implementations for WMI and SMB lateral movement, bundled by Empire, PoshC2, PowerHub, and SilentTrinity
3. **A single detection rule can catch multiple frameworks.** Because many C2s share identical implementation code:
- One detection for the PowerSploit `Get-Keystrokes` GetAsyncKeyState polling loop catches Empire, PoshC2, and any framework that bundles PowerSploit
- One detection for the TrustedSec COFFLoader relocation pattern catches Apollo, Loki, Sliver (extension), and derivatives
- One detection for the .NET `ManagementScope` WMI pattern catches Apollo, Covenant, NimboC2, SilentTrinity, and DeimoC2
4. **Genuinely novel frameworks are rare.** Of the 30 analyzed:
- **4 frameworks** (Sliver, Havoc, Realm, TripleCross) demonstrate significant code originality
- **6 frameworks** show moderate originality (Wyrm, AdaptixC2, Emp3r0r, Merlin, NimPlant, GC2)
- **20 frameworks** rely heavily on shared code from the three source projects above, or implement techniques using the same well-known recipes
5. **HTTP C2 communications show the most behavioral convergence.** Three jitter formula families, shared User-Agent strings (the IE11 UA appears in Empire, Nuages, and Covenant), and common URL path patterns create fingerprinting opportunities.
@mrgretzky I just love to code and I'm tired of this imposed AI-FOMO feeling attacking me from everywhere.
Might be interesting for you: @hasherezade @gynvael @vxunderground @curi0usJack @mrgretzky @mrd0x @C5pider @ShitSecure @mariuszbit @MateuszChrobok @domchell @Octoberfest73 @mrexodia @5mukx
Demo:
Direct link:
https://t.co/Ibiv8c5hSN
Highly recommend this summary. Not only because there's my research included... but mostly;)))))
It's that time again.
Our latest Top 10 includes the tradecraft that mattered most over the past six months; from filejacking, to polyglots, to the latest evolution in ClickFix attacks.
https://t.co/wXRDvs0EV2
@Octoberfest73 I would say malware development is 80% of just a desktop software development and 20% of juicy things. I guess people like to write 80% of the code in a language they consider "more convenient to work with".
@awesomekling Bro, it's going to be outdated from day 1...
Good lord, Signal is down...
Last Seen Users on Sotwe
Hoaichchi78
Seen from Vietnam
Novinho DOT tarado ๐
Seen from Brazil
Anfield Sector 
Seen from Australia
Jayanthi pottachi
Seen from India
ัะพััะตั
Seen from Germany
PESONA_IBU KANDUNG
Seen from Indonesia
hร ng to dรขm
Seen from Vietnam
Albert Myanmar Boy
Battery Sis
Seen from Indonesia
Moc Nhi ( ladyboy )
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers