netbiosX
LightNews LightNews
banner
netbiosx.bsky.social
netbiosX
@netbiosx.bsky.social
1.8K followers 67 following 280 posts
Purple Team
Posts Replies Media Videos
netbiosx.bsky.social
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
January 1, 2026 at 11:19 PM
netbiosx.bsky.social
Ghostly Hollowing Via Tampered Syscalls github.com/Maldev-Acade...
GitHub - Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2
Contribute to Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 development by creating an account on GitHub.
github.com
December 30, 2025 at 4:14 PM
netbiosx.bsky.social
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
ipurple.team
December 1, 2025 at 9:26 AM
netbiosx.bsky.social
LSASS Dump – Windows Error Reporting
The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …
ipurple.team
November 18, 2025 at 2:17 PM
netbiosx.bsky.social
GitHub - EvilBytecode/ExitPatcher: Prevent in-process process termination by patching exit APIs
Prevent in-process process termination by patching exit APIs - EvilBytecode/ExitPatcher
github.com
November 9, 2025 at 5:26 PM
netbiosx.bsky.social
GitHub - MorDavid/DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database - MorDavid/DonPwner
github.com
November 8, 2025 at 4:39 PM
netbiosx.bsky.social
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
ipurple.team
September 2, 2025 at 3:18 PM
netbiosx.bsky.social
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…
ipurple.team
August 12, 2025 at 2:56 PM
netbiosx.bsky.social
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
ipurple.team
August 4, 2025 at 6:30 PM
netbiosx.bsky.social
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
ipurple.team
July 28, 2025 at 2:13 PM
netbiosx.bsky.social
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
June 5, 2025 at 5:35 PM
netbiosx.bsky.social
Boflink: A Linker For Beacon Object Files
Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique w...
blog.cybershenanigans.space
May 31, 2025 at 4:48 PM
netbiosx.bsky.social
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection
"Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
www.darkrelay.com
May 31, 2025 at 10:52 AM
netbiosx.bsky.social
Revisiting COM Hijacking - SpecterOps
Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
specterops.io
May 28, 2025 at 6:42 PM
netbiosx.bsky.social
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s...
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the fun...
github.com
May 17, 2025 at 9:55 AM
netbiosx.bsky.social
Living-off-the-COM: Type Coercion Abuse
This technique leverages PowerShell’s .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type…
medium.com
May 16, 2025 at 7:15 PM
netbiosx.bsky.social
GitHub - Thunter-HackTeam/EvilentCoerce
Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
github.com
May 6, 2025 at 9:43 PM
netbiosx.bsky.social
Beacon Object Files vs Tiny EXE Files
TL;DR A lot of bloat in an EXE file is just the statically linked C runtime. Link dynamically to msvcrt.dll (or ucrtbase.dll on Win 10+) plus a 40-line stub, and depending on the size of the progra…
modexp.wordpress.com
May 5, 2025 at 4:03 PM
netbiosx.bsky.social
GitHub - quarkslab/proxyblob: SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication. - quarkslab/proxyblob
github.com
May 5, 2025 at 1:02 PM
netbiosx.bsky.social
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
blog.malicious.group
April 28, 2025 at 7:00 AM
netbiosx.bsky.social
Attacking and Defending Configuration Manager - An Attackers Easy Win
Introduction System Center Configuration Manager (SCCM) or Microsoft Configuration Manager allows endpoint administrators to utilize a single platform for seamless device management inside of an Activ...
logan-goins.com
April 27, 2025 at 6:23 PM
netbiosx.bsky.social
GitHub - backdoorskid/ClrAmsiScanPatcher: Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET - backdoorskid/ClrAmsiScanPatcher
github.com
April 24, 2025 at 8:44 PM
netbiosx.bsky.social
GitHub - cogiceo/GPOHound: Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data
Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data - cogiceo/GPOHound
github.com
April 23, 2025 at 5:28 PM
netbiosx.bsky.social
Windows Defender antivirus bypass in 2025 - part 2
Discover how hackers bypass an antivirus such as Windows Defender, using advanced techniques such as direct syscalls and shellcode encryption
www.hackmosphere.fr
April 22, 2025 at 8:55 PM
netbiosx.bsky.social
Bypassing AMSI with Dynamic API Resolution in PowerShell - ROOTFU.IN
function LookupFunc { Param ($moduleName, $functionName) $assem = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\')[-1]. Equals('System.dl...
rootfu.in
April 21, 2025 at 11:08 AM