E aí, já conferiu o meu livro #OPSEC Inteligência Cibernética na Prática? Não?!
O livro está disponível na Amazon pra Kindle, aqui: https://t.co/NaEBhUXAYf
E quem quiser a versão física, está disponível no site da editora aqui: https://t.co/prCmd6uVxN
Corre lá e aproveita!
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
Making a DNS bruteforcer that @sml555_@hakluke and I worked on privately approx 3 years ago public... Code here, if you want to poke early: https://t.co/FvPmUhAKBg .. Still needs some work - will update further before I cover in a video
Boa tarde pessoal! Pra quem ainda não conferiu, segue a palestra do Rodrigo Dumaresq no canal da BHack Conference no YouTube. https://t.co/7n1brnNYA0
#letshack https://t.co/sG232E1z0i
I wrote down some thoughts on bypassing #EDR with syscalls, and shared my super small patch for #SysWhispers2 to evade Defender detection:
https://t.co/efwAfD9ckO
ProntonMail has had a .onion site since 2017, but today they are rolling out new experiences for Tor users... including the ability to sign up for your Proton account directly on their .onion site! Read about all the improvements for Tor users here ⤵️
https://t.co/LDgoqMZQ7u
I don't know what is a CVE number for my spooler EoP 0-day that i discovered last year. Anyway It was patched by microsoft tuesday patch, So I'm sharing this PoC one of the bug that listed on the screenshot for spooler EoP here: https://t.co/51k1A3SUW7
Check out my new post about coercing NTLM authentication from the local admin accounts used by SCCM servers, how to prevent it, and the release of SharpSCCM, a C# tool that can be used to demonstrate the impact of these techniques: https://t.co/y4ieWKEtXM
[REDTEAM]
"ScheduleRunner - A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation" by @netero_1010 - https://t.co/chct3jrAoR
[ For Students ]
"vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises."
Download: https://t.co/HfQS0eQECy
Writeup: https://t.co/szCcJLX29M