Expect memes, food for thoughts, tech guidelines and trash talk daily.

Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat…

Introduction As I am sure some of you are aware from the occasional ramblings and screenshots on twitter, I am a big fan of .NET based offensive tooling. Not because it’s trendy or cool, but because of the development speed and ease of testing and debugging…

An update on a hacking campaign targeting security researchers.

When it comes to protecting against credentials theft on Windows, enabling LSA Protection (a.k.a. RunAsPPL) on LSASS may be considered as the very first recommendation to implement. But do you really know what a PPL is? In this post, I want to cover some…

An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments. - microsoft/CyberBattleSim

an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques - GitHub - RealityNet/attack-coverage: an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques

Contribute to Forescout/project-memoria-detector development by creating an account on GitHub.

This post will cover a little project I did last week and is about Named pipe Impersonation in combination with Pass-the-Hash (PTH) to execute binaries as an...

In this blog, we share our perspectives on combining Rust’s and TensorFlow's powerful capabilities to boost both memory performance and speed capability.

On April 12, a code commit[1] in Chromium get people’s attention. This is a bugfix for some vulnerability in Chromium Javascript engine v8. At the same time, the regression test case regress-1196683.js for this bugfix was also submitted. Based on this regression…

NTLM Relaying is an well-known technique that was mainly used in security assessments in order to establish some sort of foothold on a server in the network or used for privilege escalation scenari…

Recently I've been looking at the .NET CLR internals and wanted to understand what further techniques may be available for executing unmanaged code from the managed runtime. This post contains a snipped of some of the weird techniques that I found.

Contribute to Mr-Un1k0d3r/EDRs development by creating an account on GitHub.

Domain Borrowing PoC. Contribute to Dliv3/DomainBorrowing development by creating an account on GitHub.

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. - 0vercl0k/CVE-2021-31166