Automatic ROPChain Generation. Contribute to d4em0n/exrop development by creating an account on GitHub.

It’s no secret that attackers are looking for new techniques to execute lateral movement. However, there are only a handful of publicly…

Offensive operators typically have their set of “go to” post-exploitation tools and methodologies. Among these, is Cobalt Strike — a very…

Interacting with Azure, offensively

Oh man where to even begin with this one. This was a crazy ride and I learned a ton along the way.

Marcello Salvati // This fairly lengthy blog post aims at providing Red Team Operators ideas on how to incorporate BYOI tradecraft into their own custom tooling and get those creative […]

On November 3rd, 2019, we have reported a critical vulnerability affecting the Android Bluetooth subsystem. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:…

ATTENTION : In order to use the content search functionality you will need to have access to VT Intelligence . If you want to jump str...

In this post, I’ll discuss an arbitrary file move vulnerability I found in Windows Service Tracing. From my testing, it affected all versions of Windows from Vista to 10 but it’s probably even older because this feature was already present in XP.

Posted by Evgenii Stepanov, Staff Software Engineer, Dynamic Tools Native code in memory-unsafe languages like C and C++ is often vuln...

Hashtopolis - distributed password cracking with Hashcat - hashtopolis/server

Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write...