Choose your postex fighter (навеяно недавним твитосрачем):
Anonymous Poll
18%
BOFs
8%
rDLLs / Fork&Run
8%
Managed Assemblies
46%
Reverse SOCKS + ProxyChains
19%
Кхм пук, я пентестер, прошу отключать СЗИ
🔥2
Forwarded from PT SWARM
👑 Our researcher has discovered LPE in VMWare Tools (CVE-2025-22230 & CVE-2025-22247) via VGAuth!
Write-up by the one who broke it: Sergey Bliznyuk
https://swarm.ptsecurity.com/the-guest-who-could-exploiting-lpe-in-vmware-tools/
Write-up by the one who broke it: Sergey Bliznyuk
https://swarm.ptsecurity.com/the-guest-who-could-exploiting-lpe-in-vmware-tools/
👍16🔥3🥱1
😈 [ klez @KlezVirus ]
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy!
🔗 https://github.com/klezVirus/RAIWhateverTrigger
🐥 [ tweet ]
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy!
🔗 https://github.com/klezVirus/RAIWhateverTrigger
🐥 [ tweet ]
👍4🔥1
Forwarded from PT SWARM
🚨 We've launched dbugs.ptsecurity.com, a new home for vulnerabilities. More than CVEs. More than MITRE.
✅ Trends & Insights
✅ AI-generated, multi-source vulnerability descriptions
✅ Researcher credits
Explore now: https://dbugs.ptsecurity.com
✅ Trends & Insights
✅ AI-generated, multi-source vulnerability descriptions
✅ Researcher credits
Explore now: https://dbugs.ptsecurity.com
🥱15🔥12👍8😁1
😈 [ Orange Cyberdefense's SensePost Team @sensepost ]
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient[.]py. Storytime from Aurelien (@Defte_), including instructions for reproducing the test environment yourself.
🔗 https://sensepost.com/blog/2025/a-journey-implementing-channel-binding-on-mssqlclient.py/
🐥 [ tweet ]
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient[.]py. Storytime from Aurelien (@Defte_), including instructions for reproducing the test environment yourself.
🔗 https://sensepost.com/blog/2025/a-journey-implementing-channel-binding-on-mssqlclient.py/
🐥 [ tweet ]
🔥10👍1🤔1
Наконец-то дошли руки в очередной раз починить бота (верстку в твиттере стали менять слишком часто). Также планирую снести чат, потому что кроме шлюхоботов и скамобирж туда ничего не летит, вотчдог бот устал их удалять. Да и в целом выяснилось, что каналу этого формата чатик ни к чему 🤷🏻♂️
👍36🔥3
😈 [ gmh5225.eth @gmhzxy ]
Yet another DMCA project 😃
🔗 https://github.com/kyxiaxiang/CobaltStrikeBeaconCppSource
🐥 [ tweet ]
Yet another DMCA project 😃
🔗 https://github.com/kyxiaxiang/CobaltStrikeBeaconCppSource
🐥 [ tweet ]
🔥9🤔3
😈 [ db @whokilleddb ]
Just checking in: Has anyone talked about using LdrCallEnclave() to run shellcode before?
Technically you can also use CallEnclave() from Vertdll.dll or LdrpIssueEnclaveCall() from Ntdll.dll if you are about that unexported-function life.
PoC:
🔗 https://gist.github.com/whokilleddb/ef1f8c33947f6ceb90664ce38d3dcf04
🐥 [ tweet ]
Just checking in: Has anyone talked about using LdrCallEnclave() to run shellcode before?
Technically you can also use CallEnclave() from Vertdll.dll or LdrpIssueEnclaveCall() from Ntdll.dll if you are about that unexported-function life.
PoC:
🔗 https://gist.github.com/whokilleddb/ef1f8c33947f6ceb90664ce38d3dcf04
🐥 [ tweet ]
🔥4🤔3
😈 [ Olaf Hartong @olafhartong ]
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
🔗 https://github.com/olafhartong/BamboozlEDR
Slides available here:
🔗 https://github.com/olafhartong/Presentations/blob/master/BHUS25-Olaf_Hartong_-_Im_in_your_logs_now.pdf
🐥 [ tweet ]
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
🔗 https://github.com/olafhartong/BamboozlEDR
Slides available here:
🔗 https://github.com/olafhartong/Presentations/blob/master/BHUS25-Olaf_Hartong_-_Im_in_your_logs_now.pdf
🐥 [ tweet ]
🔥13👍3
😈 [ Gray Hats @the_yellow_fall ]
Kaspersky exposes a new AV killer leveraging the legitimate ThrottleStop.sys driver to disable antivirus software and deploy MedusaLocker ransomware in a BYOVD attack.
🔗 https://securityonline.info/byovd-attack-a-new-av-killer-exploits-a-legitimate-driver-to-neutralize-defenses-for-medusalocker-ransomware/
🐥 [ tweet ]
Kaspersky exposes a new AV killer leveraging the legitimate ThrottleStop.sys driver to disable antivirus software and deploy MedusaLocker ransomware in a BYOVD attack.
🔗 https://securityonline.info/byovd-attack-a-new-av-killer-exploits-a-legitimate-driver-to-neutralize-defenses-for-medusalocker-ransomware/
🐥 [ tweet ]
🔥5🤔5👍1
😈 [ Michael Weber @BouncyHat ]
Thanks to everyone who came out to see my talk! All of my code and the slides for my ChromeAlone presentation are available. If you're interested in developing malicious browser extensions give the code a look!
🔗 https://github.com/praetorian-inc/chromealone
🐥 [ tweet ]
Thanks to everyone who came out to see my talk! All of my code and the slides for my ChromeAlone presentation are available. If you're interested in developing malicious browser extensions give the code a look!
🔗 https://github.com/praetorian-inc/chromealone
🐥 [ tweet ]
🔥7😁1
😈 [ SpecterOps @SpecterOps ]
The AD CS security landscape keeps evolving, and so does our tooling. 🛠️
@bytewreck drops info on Certify 2.0, including a suite of new capabilities and refined usability improvements.
🔗 https://specterops.io/blog/2025/08/11/certify-2-0/
🐥 [ tweet ]
The AD CS security landscape keeps evolving, and so does our tooling. 🛠️
@bytewreck drops info on Certify 2.0, including a suite of new capabilities and refined usability improvements.
🔗 https://specterops.io/blog/2025/08/11/certify-2-0/
🐥 [ tweet ]
🔥3
😈 [ Ilan Kalendarov @IKalendarov ]
My team has found another CVE!
This time on windows, it’s a NTLM credential leakage vulnerability that bypasses Microsoft’s patch for CVE-2025-24054
🔗 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
🐥 [ tweet ]
My team has found another CVE!
This time on windows, it’s a NTLM credential leakage vulnerability that bypasses Microsoft’s patch for CVE-2025-24054
🔗 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
🐥 [ tweet ]
👍1
😈 [ eversinc33 🤍🔪⋆。˚ ⋆ @eversinc33 ]
As a little follow up, I wrote a small blog post/tutorial on how to reverse engineer windows drivers with IDA - this is aimed at people that newer touched drivers before and covers IOCTL codes, IRPs and some IDA shenanigans with unions.
Enjoy :3
🔗 https://eversinc33.com/posts/driver-reversing.html
🐥 [ tweet ]
As a little follow up, I wrote a small blog post/tutorial on how to reverse engineer windows drivers with IDA - this is aimed at people that newer touched drivers before and covers IOCTL codes, IRPs and some IDA shenanigans with unions.
Enjoy :3
🔗 https://eversinc33.com/posts/driver-reversing.html
🐥 [ tweet ]
🔥11👍4
😈 [ Smukx.E @5mukx ]
Mega Malware Analysis Tutorial Featuring Donut
🔗 https://github.com/PaloAltoNetworks/Unit42-Threat-Intelligence-Article-Information/blob/main/Mega-Malware-Analysis-Tutorial-Featuring-Donut.pdf
TL;DR The purpose of this blog post is to walk our readers, particularly those who are just stepping into
the realm of malware analysis, through our process of analyzing a unique .NET PE malware
that loads.
🐥 [ tweet ]
Mega Malware Analysis Tutorial Featuring Donut
🔗 https://github.com/PaloAltoNetworks/Unit42-Threat-Intelligence-Article-Information/blob/main/Mega-Malware-Analysis-Tutorial-Featuring-Donut.pdf
TL;DR The purpose of this blog post is to walk our readers, particularly those who are just stepping into
the realm of malware analysis, through our process of analyzing a unique .NET PE malware
that loads.
🐥 [ tweet ]
🔥6
😈 [ Steven @0xthirteen ]
I wanted to find out if you could start the WebClient service remotely, so I ended up digging into it:
🔗 https://specterops.io/blog/2025/08/19/will-webclient-start/
🐥 [ tweet ]
I wanted to find out if you could start the WebClient service remotely, so I ended up digging into it:
🔗 https://specterops.io/blog/2025/08/19/will-webclient-start/
🐥 [ tweet ]
🔥7
😈 [ Daniel @0x64616e ]
I stumbled upon this tweet and dug a bit deeper into the internals of ksetup.exe:
🔗 https://pentest.party/posts/2025/ksetup-machine-password/
When you are local admin and need machine account credentials this could be a viable alternative to the good old LSA dump.
🐥 [ tweet ][ quote ]
I stumbled upon this tweet and dug a bit deeper into the internals of ksetup.exe:
🔗 https://pentest.party/posts/2025/ksetup-machine-password/
When you are local admin and need machine account credentials this could be a viable alternative to the good old LSA dump.
🐥 [ tweet ][ quote ]
🔥7