1. X
  2. S3cur3Th1sSh1t
Log inSign up
S3cur3Th1sSh1t
3,025 posts
user avatar
S3cur3Th1sSh1t
@ShitSecure
Pentesting, scripting, pwning!
127.0.0.1
Joined January 2019
339
Following
28.4K
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

TermsยทPrivacyยทCookiesยทAccessibilityยทAds Infoยทยฉ 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Jul 31, 2024
    This year it happened. What started as a spare time hobby and fun project became a commercial product for the Offensive Security community. I founded a company, @MSecOps . And this company will sell a Packer to Red Teams or Pentesters. (1/x) ๐Ÿ”ฅ
    This post is unavailable.
    57K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Oct 21, 2021
    OffensiveVBA is published. Take a look. PR's are very welcome as I'm 100% sure it's missing many things.๐Ÿป
    Image
    GitHub - S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods...
    From github.com
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Feb 28, 2025
    Bypass AMSI in 2025, my newest blog post is published ๐Ÿฅณ! A review on what changed over the last years and what's still efficient today. en.r-tec.net/r-tec-blog-bypโ€ฆ
    Image
    36K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Jul 8, 2023
    This looks promising:
    Image
    GitHub - lem0nSec/ShellGhost: A memory-based evasion technique which makes shellcode invisible from...
    From github.com
    54K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Jul 15, 2025
    This is so much! ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ˜Ž Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate.
    Image
    GitHub - warpnet/MS-RPC-Fuzzer: Gain insights into MS-RPC implementations that may be vulnerable...
    From github.com
    25K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Sep 3, 2022
    Searching for DLL Sideloading binaries? A short Powershell Script in combination with Siofra will give you thousands of possible combinations. github.com/Cybereason/sioโ€ฆ Either try to replace any Windows DLL Import with your payload DLL or search for Phantom DLLs.
    Image
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Jan 31, 2021
    A tale of EDR bypass methods - s3cur3th1ssh1t.github.io/A-tale-of-EDR-โ€ฆ Special thanks to @_EthicalChaos_ and @_RastaMouse for answering all my questions! ๐Ÿป
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    May 19, 2023
    My team mate @m_fielenbach recently created a python script to automate the process of discovering and exploiting ESC1 & ESC8 ADCS vulnerabilities: ๐Ÿ™Œ github.com/grimlockx/ADCSโ€ฆ So if you want to save some minutes of time in your next projects feel free to test it out. ๐Ÿ”ฅ
    Image
    63K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Nov 20, 2021
    Little Potato tool release - credit to @splinter_code for helping me out: github.com/S3cur3Th1sSh1tโ€ฆ
    Image
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Jan 11, 2021
    Encrypting .NET assemblies and decrypting them at runtime patching AMSI and blocking ETW before execution via Nim works like a charm! ๐Ÿ™‚
    Image
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Nov 10, 2022
    I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS ๐Ÿง๐Ÿคฉ
    Image
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Sep 27, 2025
    You got access to vsphere and want to compromise the Windows hosts running on that ESX? ๐Ÿ’ก 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)
    Image
    38K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Nov 26, 2024
    Didnt update WinPwn for a long time, but this inspired me for a small push ๐Ÿ™‚ All credit to @yudasm_ !
    Image
    user avatar
    Yehuda Smirnov
    @yudasm_
    Nov 25, 2024
    Replying to @yudasm_
    Blog post: blog.fndsec.net/2024/11/25/shaโ€ฆ
    53K
  • user avatar
    S3cur3Th1sSh1t
    @ShitSecure
    Nov 20, 2023
    My latest blog post about avoiding kernel triggered EDR memory scans via Caro-Kann PoC is now released: ๐Ÿ”ฅ
    Image
    Blog Process Injection
    From r-tec.net
    46K
Advertisement
Advertisement