PinnedInSystem WeaknessbyLsec·Jun 4, 2022Exploiting CVE-2022–26923 by Abusing Active Directory Certificate Services (ADCS)CVE-2022–26923 is dangerous. There is large privilege escalation vector aiming directly at the domain’s administrative account(or machine)…
Lsec·May 4, 2023Weaponizing DLL Hijacking via DLL ProxyingSorry for not writing blogs for a while, but here am I now.
Lsec·Jan 15, 2023Attacking Active Directory: Unconstrained DelegationThe main focus of today’s topic will not be some C2 framework or AV bypass, but one specific AD attack.
Lsec·Dec 4, 2022Weaponizing Discord Shell via SMBIn the previous blog / video (https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd /…
Lsec·Dec 2, 2022Using Discord as Command and Control (C2) with Python and NuitkaHello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…
Lsec·Nov 24, 2022Developing SMB stager in NimHello fellow Red Teamers. I recently started getting in touch with Nim for offensive coding. To be honest I find it difficult and strange…
Lsec·Nov 1, 2022Encrypting Shellcode with XOR | Offensive coding in CHello fellow red teamers. One of the techniques for AV evasion is encryption. While there are many, many encrypting algorightms, XOR is…A response icon1A response icon1
Lsec·Oct 26, 2022Creating Fully Undetectable Payload (FUD) with CWelcome back my red teamers! Today’s blog is exciting because I personally did not expect such high result at evading AV vendors!A response icon2A response icon2
