🚨 BREAKING: History written with just 9 lines of code!
We've discovered #PyLoose, the FIRST documented Python-based fileless attack targeting cloud workloads.
See the power of 9 lines of Python code below 👇🏽
Elevate your cmd.exe to LOCAL_SYSTEM?
\\https://t.co/nfsz2BNI7z\tools\PsExec.exe -s -c cmd.exe
Have you ever seen this being used by an adversary? I haven't but I like it.
A phishing campaign tries to evade detection by dividing its attachment into code segments and encoding them using various mechanisms. It’s like a jigsaw puzzle that only reveals its malicious intent once all pieces are combined and decoded. Details: https://t.co/2vasaZFCEM
ever wanted to fake sign a binary, but didn't want to install additional dependencies?
well now you can using my super 1337 automation
https://t.co/hKN6YXT8Eo
this tool was very hard to create, I swear!
I may or may not have been inspired by Conti.
1995: Mudge published "How to Write Buffer Overflows", one of the first papers about buffer overflow exploitation. Then @dotMudge sent a copy to @aleph_one, who wrote "Smashing the Stack For Fun and Profit" in 1996. Seminal paper to seminal paper. Mudge's: https://t.co/hNL6ThYVgo
Magic #2:
How the hacker can shutdown your 🪄🪄 next gen/IA Active Directory monitoring when your AD has been compromised in one command ?
Just by putting the IP of the platform in lDAPIPDenyList for an immediate shutdown.
Fun part: it replicates 🤣