netbiosX
LightNews LightNews
banner
netbiosx.bsky.social
netbiosX
@netbiosx.bsky.social
1.8K followers 67 following 290 posts
Purple Team
Posts Replies Media Videos
netbiosx.bsky.social
Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements github.com/Whitecat18/L...
GitHub - Whitecat18/LazyDLLSideload: Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements.
Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements. - Whitecat18/LazyDLLSideload
github.com
February 14, 2026 at 9:08 PM
netbiosx.bsky.social
Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons github.com/EricEsquivel... #redteam
GitHub - EricEsquivel/CobaltStrike-Linux-Beacon: Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons - EricEsquivel/CobaltStrike-Linux-Beacon
github.com
February 12, 2026 at 1:31 AM
netbiosx.bsky.social
Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python github.com/ricardojoser... #redteam
GitHub - ricardojoserf/AutoPtT: Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python.
Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python. - ricardojoserf/AutoPtT
github.com
February 11, 2026 at 11:03 AM
netbiosx.bsky.social
Creation of multiple Malware tools consisting of evasion, enumeration and exploitation github.com/CaptMag/MalDev
GitHub - CaptMag/MalDev: Creation of multiple Malware tools consisting of evasion, enumeration and exploitation
Creation of multiple Malware tools consisting of evasion, enumeration and exploitation - CaptMag/MalDev
github.com
February 11, 2026 at 8:55 AM
netbiosx.bsky.social
📢 New article about GAC Hijacking to perform Code Execution and Persistence
📖 1x Playbook - A structured breakdown of the full approach
💡 3x Detection Opportunities
🏹 2x Threat Hunting Queries - Defender & Splunk
ipurple.team/2026/02/10/g...
GAC Hijacking
The Global Assembly Cache is a system-wide repository in the .NET framework that stores strong named (name + version + culture + public key token identity) assemblies so multiple applications can u…
ipurple.team
February 10, 2026 at 12:02 PM
netbiosx.bsky.social
CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! github.com/EvilBytecode...
GitHub - EvilBytecode/CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! - EvilBytecode/CustomDpapi
github.com
February 4, 2026 at 3:58 PM
netbiosx.bsky.social
An open-source port/reimplementation of the Cobalt Strike BOF Loader
GitHub - CodeXTF2/Cobaltstrike_BOFLoader: open source port/reimplementation of the Cobalt Strike BOF Loader as is
open source port/reimplementation of the Cobalt Strike BOF Loader as is - CodeXTF2/Cobaltstrike_BOFLoader
github.com
February 3, 2026 at 10:08 AM
netbiosx.bsky.social
AppLocker Rules Abuse
AppLocker was introduced by Microsoft in Windows 7 to enable organizations to define which executables, scripts or installers are allowed to run in their environments. AppLocker can reduce the atta…
ipurple.team
February 2, 2026 at 7:52 AM
netbiosx.bsky.social
Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP - SpecterOps
During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting WebClient when installed.
specterops.io
January 14, 2026 at 5:21 PM
netbiosx.bsky.social
EDR Silencing
Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and re…
ipurple.team
January 12, 2026 at 3:13 PM
netbiosx.bsky.social
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern...
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...
github.com
January 8, 2026 at 6:11 PM
netbiosx.bsky.social
DbgNexum - a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping).
GitHub - dis0rder0x00/DbgNexum: Shellcode injection using the Windows Debugging API
Shellcode injection using the Windows Debugging API - dis0rder0x00/DbgNexum
github.com
January 4, 2026 at 6:41 PM
netbiosx.bsky.social
Aether C2 - Aether project operates on a Full Duplex, End-to-End Encrypted channel, utilizing direct WinAPI syscalls for evasion and a modular architecture for scalability github.com/256AndreiAES...
GitHub - 256AndreiAES/Aether-C2-Framework: Advanced Red Team C2 Framework written in Rust & Python.
Advanced Red Team C2 Framework written in Rust & Python. - 256AndreiAES/Aether-C2-Framework
github.com
January 3, 2026 at 3:20 PM
netbiosx.bsky.social
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
January 1, 2026 at 11:19 PM
netbiosx.bsky.social
Ghostly Hollowing Via Tampered Syscalls github.com/Maldev-Acade...
GitHub - Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2
Contribute to Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 development by creating an account on GitHub.
github.com
December 30, 2025 at 4:14 PM
netbiosx.bsky.social
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
ipurple.team
December 1, 2025 at 9:26 AM
netbiosx.bsky.social
LSASS Dump – Windows Error Reporting
The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …
ipurple.team
November 18, 2025 at 2:17 PM
netbiosx.bsky.social
GitHub - EvilBytecode/ExitPatcher: Prevent in-process process termination by patching exit APIs
Prevent in-process process termination by patching exit APIs - EvilBytecode/ExitPatcher
github.com
November 9, 2025 at 5:26 PM
netbiosx.bsky.social
GitHub - MorDavid/DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database - MorDavid/DonPwner
github.com
November 8, 2025 at 4:39 PM
netbiosx.bsky.social
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
ipurple.team
September 2, 2025 at 3:18 PM
netbiosx.bsky.social
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…
ipurple.team
August 12, 2025 at 2:56 PM
netbiosx.bsky.social
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
ipurple.team
August 4, 2025 at 6:30 PM
netbiosx.bsky.social
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
ipurple.team
July 28, 2025 at 2:13 PM
netbiosx.bsky.social
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
June 5, 2025 at 5:35 PM
netbiosx.bsky.social
Boflink: A Linker For Beacon Object Files
Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique w...
blog.cybershenanigans.space
May 31, 2025 at 4:48 PM