For those who also face the Linux-to-Windows PowerShell struggle: I created a Docker image & blog post on how to use PowerShell remoting from a Linux client to a Windows target (post-exploitation, living off the land) https://t.co/x1zAEpVtOO

The following paper documents a possible PE file infection technique which covers a high level overview and the low level code of how both the infection and the resulting payload is executed. Please note that some of the following material may not be suited…

Introduction It has been more than a year since I published the concept of infecting an executable with shellcode here and recently I have been motivated to develop another PoC which follows the same path but at a more advanced level combining knowledge and…

A C# penetration testing tool to discover low-haning web fruit via web requests. - rvrsh3ll/SharpFruit

So, fuzzing FaceTime calls led to a kernel panic https://t.co/m5N9YdXkJb

Hello again. In my previous posts I detailed how to manually get SYSTEM shell from Local Administrators users. That’s interesting but very late game during a penetration assessment as it is presumed that you already owned the target machine.

In this post I wanted to look at a technique which is by no means new to .NET developers, but may prove useful to redteamers crafting their tools... exporting .NET static methods within a DLL... AKA using RunDLL32 to launch your .NET assembly.

Symantec uncovers tool used by Lazarus to carry out ATM attacks.

Expectations v/s Reality 👨‍💻

This article is about Post Exploitation using the WMIC (Windows Management Instrumentation Command Line). When an Attacker gains a meterpreter session on a Remote PC,

byt3bl33d3r, /dev/random > blog.py

Hello Everyone,

Hide your Powershell script in plain sight. Bypass all Powershell security features - OmerYa/Invisi-Shell

Background