netbiosX
@netbiosx.bsky.social
📤 1781
đź“Ą 66
đź“ť 275
Purple Team
loading . . .
LSASS Dump – Windows Error Reporting
The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …
https://ipurple.team/2025/11/18/lsass-dump-windows-error-reporting/
13 days ago
0
1
0
loading . . .
GitHub - EvilBytecode/ExitPatcher: Prevent in-process process termination by patching exit APIs
Prevent in-process process termination by patching exit APIs - EvilBytecode/ExitPatcher
https://github.com/EvilBytecode/ExitPatcher
21 days ago
0
0
0
loading . . .
GitHub - MorDavid/DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database - MorDavid/DonPwner
https://github.com/MorDavid/DonPwner
22 days ago
0
2
1
loading . . .
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
https://ipurple.team/2025/09/02/golden-dmsa/
3 months ago
0
1
0
loading . . .
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…
https://ipurple.team/2025/08/12/active-directory-enumeration-adws/
4 months ago
0
0
0
loading . . .
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
https://ipurple.team/2025/08/04/lateral-movement-bitlocker/
4 months ago
0
1
0
loading . . .
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
https://ipurple.team/2025/07/28/badsuccessor/
4 months ago
0
0
0
loading . . .
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
https://blog.redteam-pentesting.de/2025/windows-coercion/
6 months ago
0
2
1
loading . . .
Boflink: A Linker For Beacon Object Files
Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique w...
https://blog.cybershenanigans.space/posts/boflink-a-linker-for-beacon-object-files/
6 months ago
0
1
1
loading . . .
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection
"Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
https://www.darkrelay.com/post/stealth-syscall-execution-bypass-edr-detection
6 months ago
0
6
2
loading . . .
Revisiting COM Hijacking - SpecterOps
Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
https://specterops.io/blog/2025/05/28/revisiting-com-hijacking/
6 months ago
0
3
1
loading . . .
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s...
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the fun...
https://github.com/EvilBytecode/Ebyte-AMSI-ProxyInjector
7 months ago
0
1
0
loading . . .
Living-off-the-COM: Type Coercion Abuse
This technique leverages PowerShell’s .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type…
https://medium.com/@andreabocchetti88/living-off-the-com-type-coercion-abuse-108f988bb00a
7 months ago
0
4
1
loading . . .
GitHub - Thunter-HackTeam/EvilentCoerce
Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
https://github.com/Thunter-HackTeam/EvilentCoerce
7 months ago
0
0
0
loading . . .
Beacon Object Files vs Tiny EXE Files
TL;DR A lot of bloat in an EXE file is just the statically linked C runtime. Link dynamically to msvcrt.dll (or ucrtbase.dll on Win 10+) plus a 40-line stub, and depending on the size of the progra…
https://modexp.wordpress.com/2025/04/27/beacon-object-files-vs-tiny-executables/
7 months ago
0
1
0
loading . . .
GitHub - quarkslab/proxyblob: SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication. - quarkslab/proxyblob
https://github.com/quarkslab/proxyblob
7 months ago
0
0
0
loading . . .
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
7 months ago
0
0
0
loading . . .
Attacking and Defending Configuration Manager - An Attackers Easy Win
Introduction System Center Configuration Manager (SCCM) or Microsoft Configuration Manager allows endpoint administrators to utilize a single platform for seamless device management inside of an Activ...
https://logan-goins.com/2025-04-25-sccm/
7 months ago
0
3
0
loading . . .
GitHub - backdoorskid/ClrAmsiScanPatcher: Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET - backdoorskid/ClrAmsiScanPatcher
https://github.com/backdoorskid/ClrAmsiScanPatcher
7 months ago
0
2
0
loading . . .
GitHub - cogiceo/GPOHound: Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data
Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data - cogiceo/GPOHound
https://github.com/cogiceo/gpohound
7 months ago
0
3
0
loading . . .
Windows Defender antivirus bypass in 2025 - part 2
Discover how hackers bypass an antivirus such as Windows Defender, using advanced techniques such as direct syscalls and shellcode encryption
https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/
7 months ago
0
0
0
loading . . .
Bypassing AMSI with Dynamic API Resolution in PowerShell - ROOTFU.IN
function LookupFunc { Param ($moduleName, $functionName) $assem = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\')[-1]. Equals('System.dl...
https://rootfu.in/bypassing-amsi-with-dynamic-api-resolution-in-powershell/
7 months ago
0
1
1
loading . . .
GitHub - almounah/go-buena-clr: Good CLR Host with Native patchless AMSI Bypass
Good CLR Host with Native patchless AMSI Bypass. Contribute to almounah/go-buena-clr development by creating an account on GitHub.
https://github.com/almounah/go-buena-clr
8 months ago
0
0
0
loading . . .
GitHub - tdeerenberg/InlineWhispers3: Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion - tdeerenberg/InlineWhispers3
https://github.com/tdeerenberg/InlineWhispers3
8 months ago
0
0
0
loading . . .
RemoteMonologue: Weaponizing DCOM for NTLM authentication coercions | IBM
The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - RemoteMo...
https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions
8 months ago
0
7
2
loading . . .
GitHub - MythicAgents/Xenon: A Mythic agent for Windows written in C
A Mythic agent for Windows written in C. Contribute to MythicAgents/Xenon development by creating an account on GitHub.
https://github.com/MythicAgents/Xenon
8 months ago
0
4
1
loading . . .
Red Teaming with ServiceNow - MDSec
Introduction Over the course of numerous Red Team engagements MDSec has often gained privileged access to a target’s ServiceNow instance. This has, in turn, facilitated a variety of compromise actions...
https://www.mdsec.co.uk/2025/03/red-teaming-with-servicenow/
8 months ago
0
1
1
loading . . .
Bypassing Windows Defender Application Control with Loki C2
Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.
https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
9 months ago
0
2
1
loading . . .
AMSI Bypass: In-memory patching
AMSI (Anti-Malware Scan Interface) was developed by Microsoft in 2015 to defend against fileless threats such as VBS, JavaScript, and…
https://medium.com/@drop_tables/amsi-bypass-in-memory-patching-e9b4abbc617e
9 months ago
0
1
0
loading . . .
Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies
A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.
https://blog.quarkslab.com/technical-dive-into-modern-phishing.html
9 months ago
0
2
1
loading . . .
GitHub - dagowda/DSViper: This is for Ethical Use only! Update:- Currently the payloads can only bypass latest real time monitoring and not cloud based detections, due to a lot of virus total submissi...
This is for Ethical Use only! Update:- Currently the payloads can only bypass latest real time monitoring and not cloud based detections, due to a lot of virus total submissions. Works like a charm...
https://github.com/dagowda/DSViper
9 months ago
0
0
0
loading . . .
GitHub - DarkSpaceSecurity/RunAs-Stealer: RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging - DarkSpaceSecurity/RunAs-Stealer
https://github.com/DarkSpaceSecurity/RunAs-Stealer
9 months ago
0
3
1
loading . . .
Using RDP without leaving traces: the MSTSC public mode
Learn how MSTSC’s /public mode works! It blocks credential caching, session details, and bitmap storage, enhancing security. Discover its impact and how to reset MSTSC for a clean slate.
https://blog.devolutions.net/2025/03/using-rdp-without-leaving-traces-the-mstsc-public-mode/
9 months ago
0
2
0
loading . . .
SoaPy: Stealthy enumeration of Active Directory environments through ADWS
Due to modern defensive solutions, targeted and large-scale enumeration of Active Directory (AD) environments has become increasingly detected. Learn more on that and a new tool to help fight it.
https://securityintelligence.com/x-force/stealthy-enumeration-of-active-directory-environments-through-adws/
9 months ago
0
5
3
loading . . .
Leveraging Microsoft Text Services Framework (TSF) for Red Team Operations | Praetorian
Discover how Windows Text Services Framework (TSF) plugins can be exploited for advanced persistence techniques. Learn about this stealthy attack vector that allows code injection into GUI processes, ...
https://www.praetorian.com/blog/leveraging-microsoft-text-services-framework-tsf-for-red-team-operations
10 months ago
0
3
1
loading . . .
PowerShell Exploits — Modern APTs and Their Malicious Scripting Tactics
Hi in this blog we’ll start with an introduction to PowerShell, explaining why it’s a favorite tool for red teamers. From there, we’ll…
https://medium.com/@0xHossam/powershell-exploits-modern-apts-and-their-malicious-scripting-tactics-7f98b0e8090c
10 months ago
0
1
1
loading . . .
Making a Mimikatz BOF for Sliver C2 that Evades Defender
Hello everyone today I want to show how to modify the Mimikatz Beacon Object File in Sliver C2 to evade Windows Defender.
https://medium.com/@luisgerardomoret_69654/making-a-mimikatz-bof-for-sliver-c2-that-evades-defender-fa67b4ea471d
10 months ago
0
7
1
loading . . .
GitHub - logangoins/Stifle: .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS
.NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS - logangoins/Stifle
https://github.com/logangoins/Stifle
10 months ago
0
1
0
loading . . .
GitHub - offalltn/gitC2: POC of GITHUB simple C2 in rust
POC of GITHUB simple C2 in rust. Contribute to offalltn/gitC2 development by creating an account on GitHub.
https://github.com/offalltn/gitC2/
10 months ago
0
4
1
loading . . .
LOLBIN / LOLBAS – WinGet execute PowerShell script
LOLBIN WinGet.exe can be exploited to download and execute remote and fileless PowerShell scripts.
https://www.zerosalarium.com/2024/12/LOLBIN%20WinGet%20execute%20PowerShell%20script.html
10 months ago
0
4
0
loading . . .
GitHub - 0xNinjaCyclone/EarlyCascade: A PoC for Early Cascade process injection technique.
A PoC for Early Cascade process injection technique. - 0xNinjaCyclone/EarlyCascade
https://github.com/0xNinjaCyclone/EarlyCascade
10 months ago
0
5
1
loading . . .
Entra Connect Attacker Tradecraft: Part 2
Now that we know how to add credentials to an on-premises user, lets pose a question:
https://posts.specterops.io/entra-connect-attacker-tradecraft-part-2-672df0147abc
10 months ago
0
1
0
Cobalt Strike BOF that implements a WinRM shell client using Windows APIs
loading . . .
GitHub - FalconForceTeam/bof-winrm-client
Contribute to FalconForceTeam/bof-winrm-client development by creating an account on GitHub.
https://github.com/FalconForceTeam/bof-winrm-client
10 months ago
0
2
0
loading . . .
GitHub - cbwang505/FilesystemEoPDesktopSystemShell: Folder Or File Delete to Get System Shell on Current Session Desktop
Folder Or File Delete to Get System Shell on Current Session Desktop - cbwang505/FilesystemEoPDesktopSystemShell
https://github.com/cbwang505/FilesystemEoPDesktopSystemShell
11 months ago
0
3
0
loading . . .
Detonating Beacons to Illuminate Detection Gaps — Elastic Security Labs
Learn how Elastic Security leveraged open-source BOFs to achieve detection engineering goals during our most recent ON week.
https://www.elastic.co/security-labs/detonating-beacons-to-illuminate-detection-gaps
11 months ago
0
3
1
loading . . .
Being a good CLR host – Modernizing offensive .NET tradecraft
Learn how red teams can modernize their use of .NET assemblies using CLR customizations.
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
11 months ago
0
3
0
loading . . .
The (Almost) Forgotten Vulnerable Driver
Vulnerable Windows drivers remain one of the most exploited methods attackers use to gain access to the Windows kernel. The list of known vulnerable drivers seems almost endless, with some not even…
https://decoder.cloud/2025/01/09/the-almost-forgotten-vulnerable-driver/
11 months ago
1
5
1
loading . . .
GitHub - fin3ss3g0d/StoneKeeper: StoneKeeper C2, an experimental EDR evasion framework for research purposes
StoneKeeper C2, an experimental EDR evasion framework for research purposes - fin3ss3g0d/StoneKeeper
https://github.com/fin3ss3g0d/StoneKeeper
11 months ago
0
5
0
loading . . .
ThievingFox - Remotely retrieving credentials from password managers and Windows utilities
https://blog.slowerzs.net/posts/thievingfox
11 months ago
0
3
0
Better-Sliver - a fork of the Sliver project intended to improve the Sliver project. The goal is to make Sliver less detectable by adding more features, changing default fingerprints, and adding more obfuscation options
loading . . .
GitHub - gsmith257-cyber/better-sliver: Adversary Emulation Framework
Adversary Emulation Framework. Contribute to gsmith257-cyber/better-sliver development by creating an account on GitHub.
https://github.com/gsmith257-cyber/better-sliver
11 months ago
0
8
2
Load more
feeds!
log in
