BLUE

netbiosX

@netbiosx.bsky.social

Red & Purple Team Leader

199 followers35 following125 posts

Nnetbiosx.bsky.socialJun 16, 2024 6:22pm

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions github.com/vxCrypt0r/Vo...

GitHub - vxCrypt0r/Voidgate: A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decr...

Nnetbiosx.bsky.socialJun 10, 2024 7:45am

Detection as Code purpleteamsec.substack.com/p/detection-...

Detection as Code

A guide for detection engineers to establish their workflows & methodologies

Nnetbiosx.bsky.socialJun 9, 2024 8:23pm

Develop your own C# Obfuscator www.ribbiting-sec.info/posts/2024-0...

Nnetbiosx.bsky.socialJun 9, 2024 8:12am

EDR Internals for macOS and Linux www.outflank.nl/blog/2024/06...

Nnetbiosx.bsky.socialMay 31, 2024 11:00am

Abusing the SeRelabelPrivilege decoder.cloud/2024/05/30/a...

Abusing the SeRelabelPrivilege

In a recent assessment, it was found that a specific Group Poilcy granted via "User Right Assignments" the SeRelabelPrivilege to the built-in Users group and was applied on several computer accounts. ...

Nnetbiosx.bsky.socialMay 26, 2024 3:50pm

Injecting code into PPL processes without vulnerable drivers on Windows 11 blog.slowerzs.net/posts/pplsys...

Injecting code into PPL processes without vulnerable drivers on Windows 11

Nnetbiosx.bsky.socialMay 26, 2024 7:41am

EDRaser - a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines github.com/SafeBreach-L...

GitHub - SafeBreach-Labs/EDRaser: EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: aut...

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual. - SafeBreach...

Nnetbiosx.bsky.socialMay 19, 2024 9:04pm

Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API for cloud and red team operations github.com/mlcsec/Sharp...

GitHub - mlcsec/SharpGraphView: Microsoft Graph API post-exploitation toolkit

Microsoft Graph API post-exploitation toolkit. Contribute to mlcsec/SharpGraphView development by creating an account on GitHub.

Nnetbiosx.bsky.socialMay 13, 2024 8:30pm

A Post-Compromise granular, fully reflective, simple and convenient .NET library to embed persistence by abusing Security Descriptors of remote machines. github.com/cybersectrol...

GitHub - cybersectroll/SharpPersistSD

Contribute to cybersectroll/SharpPersistSD development by creating an account on GitHub.

Nnetbiosx.bsky.socialApr 3, 2024 7:05am

Persistence - DLL Proxy Loading pentestlab.blog/2024/04/03/p...

Persistence – DLL Proxy Loading

DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate DLL in an attempt to not disrupt the execution flow so...

netbiosX

@netbiosx.bsky.social

Red & Purple Team Leader

199 followers35 following125 posts