You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method.
github.com/Mr-Un1k0d3r/Do…
Last week, I focused on Active Directory Admins (ADAs).
x.com/PyroTek3/statu…
This week, let's look at built-in privileged groups:
* Account Operators - should be empty per Microsoft due to highly privileged access in AD.
* Backup operators - should only contain backup…
Last week, I focused on Active Directory Admins (ADAs).
x.com/PyroTek3/statu…
This week, let's look at built-in privileged groups:
* Account Operators - should be empty per Microsoft due to highly privileged access in AD.
* Backup operators - should only contain backup… https://t.co/WltLXFUcgt
I reverse engineered Lockbit's Linux ESXi variant, also explaining how I did some of the steps! For the fun of it, cause reverse engineering is lots of fun. Enjoy! hackandcheese.com/posts/blog1_lo…
Here’s a warning: as agents are granted more autonomy and integrated deeper into systems, security has to be a priority. In this post, @GaryMarcus and I explore the security issues of coding agents and show that fixes aren’t so easy. It’s gonna be wild. garymarcus.substack.com/p/llms-coding-…
Here is the full writeup on my full Bug Bounty Challenge, I documented. I hope this will answer all questions I keep receiving:
medium.com/@YourFinalSin/…
I have released all my prep notes prior to obtaining the #OSEE from @offsectraining. This includes material consumed before the AWE and after! You can find a link to it here:
github.com/wetw0rk/AWE-PR…
A tale of Reverse Engineering 1001 GPTs: the good, the bad and the ugly
Last year, I spent 5 months reverse engineering custom GPTs from @OpenAI.
In this video, I share all the learnings from: prompt engineering, injection, leaks, talk about plagiarism, protection prompts,…
Always nice to see kevs books making an appearance at Blackhat
Met some new faces today at the innovators and investment summit.
Left disappointed with the speaking content (perhaps I've been to one too many events).
Who are a few new faces in cyber that are great at…
I remember that I had to do some research online on how to make exploits for vulnerabilities over MS-RPC. With this blog, I hope to fill the gap on the lacking information available online on how to make these yourself.
incendium.rocks/posts/Exploit-…
Last year I found a XSS bug in Google IDX here's a detail writeup about it. Hope you will enjoy it's kinda lengthy :p
Shoutouts to @MtnBer for finding the original bug in Gitlab and @kl_sree@sivaneshashok for the required chains to complete the exploit.
sudistark.github.io/2025/07/02/idx…
obfus.h is the very powerfull compile-time obfuscator for C (win32/64). Supports virtualization, anti-debugging, control flow obfuscation and other code mutation techniques to prevent disassembly or decompilation. #CodeSecurity#Obfuscation#infosecgithub.com/DosX-dev/obfus…
Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel.
r0keb.github.io/posts/Modern-(…
To celebrate our badge launch, we're giving away FIVE free 6-month licenses to @PentesterLab.
✅ Comment BADGELIFE and retweet this post to enter.
Additionally, pre-order a custom badge at shop.bugbountydefcon.com for a chance to win one of FIVE Annual VIP+ subscription to…
89 Followers 445 FollowingRed team/Blue Team some might call this the Purple team. Consultant. Senior Cybersecurity Analyst in the financial services industry.
892 Followers 395 FollowingZimperium Inc. scholar, inventor.
FWIW opinions are my own.
Author of Fuzzing Against the Machine
founder @ https://t.co/1OJiGY3WHs
4K Followers 600 FollowingElastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
6K Followers 2K FollowingBack to Red Teaming. Risk Hunter. DEFCON Staff & CFP Board. MS in DF. Fmr Fire/EMS. Red and Blue. Builder. Morally Flexible. https://t.co/zakkIXeyHu @ bluesky
3K Followers 1K FollowingWe exist without skin color, without nationality, without religious bias... and you call us criminals.
HACK THE PLANET!
Auth/DHD
Non Binary
296 Followers 691 Followingsecurity researcher, aficionado of theoretical CS and program analysis, player of 🎹 and 🎸. connoisseur of class 4 scrambling & technical hikes⛰️
2K Followers 241 FollowingI help businesses and individuals enhance their cyber threat intelligence processes, develop their skills, and make CTI actionable.
1K Followers 1K FollowingStatements, initiatives are my mine alone.
Organizer of State of Statecraft (SOS) - @what_is_sos October 28, 2025 in Brussels Belgium
3K Followers 2K FollowingMobile/IoT/Web security; Trainer & Speaker @BlackHat/DefCon/POC/OWASP/Hackfest...; Day job as Director of Security Engineering; #OSCE #OSCP #OSWE #CCISO...
3K Followers 1K FollowingMobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
10K Followers 6 FollowingBringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
1K Followers 317 FollowingDirector in an Aussie cyber security firm. Speaker. I train law enforcement on crypto, cyber crime inves. & digital forensics. OSINT. Sharing wisdom & critique.
89 Followers 445 FollowingRed team/Blue Team some might call this the Purple team. Consultant. Senior Cybersecurity Analyst in the financial services industry.
3K Followers 1K FollowingWrite some shit code. CTF with @r3kapig. Do shit security research. Currently at University of California, San Diego. DEFCON 31/32/33 finalist | LOOKING FOR JOB