First blog post in a mini series where I look at "disposable tooling". This post shares what I have found to be useful when 1-shot'ing LLM generated Stage-0 agents for Mythic.
My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure.
Want to stop ETW from giving up your loaded .NET assemblies to that pesky EDR, but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call π
Just pushed a new blog post documenting the process of creating an exploit for a Windows 10 kernel vulnerability. Hopefully useful for anyone looking at kernel exploitation blog.xpnsec.com/windows-warbirβ¦
This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range.
volexity.com/blog/2024/11/2β¦
And yet... they got caught doing this!
New blog post looking at how Cobalt Strikeβs βblockdllsβ command works, how to recreate it in our own payloads, and a quick look at Arbitrary Code Guard.
New blog post is up starting a series of looking at just how Mimikatz achieves its magic, beginning with WDigest (and ending with a bit of lsass DLL loading fun).