r1cksec
LightNews LightNews
banner
r1cksec.bsky.social
r1cksec
@r1cksec.bsky.social
530 followers 69 following 130 posts
Data breach revealed,
Malware lurks, silent, stealthy -
OSINT tracks the thread.

URLs I post may contain malware – be careful and check yourself before running anything.

https://github.com/r1cksec
infosec.exchange/@r1cksec
Posts Replies Media Videos
r1cksec.bsky.social
An interesting Clickfix attack vector

expel.com/blog/clearfa...

The Lolbas technique has been known for some time

lolbas-project.github.io/lolbas/Scrip...

#infosec #cybersecurity #redteam #phishing #microsoft
ClearFake gets more evasive with new living off the land (LOTL) techniques
ClearFake's latest campaign uses fake CAPTCHAs and social engineering trick victims into installing malware, and it's getting more evasive.
expel.com
February 3, 2026 at 7:57 AM
r1cksec.bsky.social
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more

github.com/spmedia/Thre...

#infosec #cybersecurity #threatintel
GitHub - spmedia/Threat-Actor-Usernames-Scrape: A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, ...
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more - spmedia/Threat-Actor-Usernam...
github.com
January 31, 2026 at 10:29 AM
r1cksec.bsky.social
A Command and Control app that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or Microsoft SharePoint Document.

github.com/looCiprian/G...

#infosec #cybersecurity #redteam #pentest #threatintel
GitHub - looCiprian/GC2-sheet: GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate...
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or...
github.com
January 30, 2026 at 9:47 AM
r1cksec.bsky.social
This project maintains a list of binaries natively available in Proxmox VE that can be leveraged by adversaries during red team operations

lolprox.yxz.red

#infosec #cybersecurity #redteam #pentest
LOLPROX | LOLPROX
Living Off The Land Proxmox - A catalog of native Proxmox VE binaries that adversaries can abuse for post-exploitation operations.
lolprox.yxz.red
January 29, 2026 at 9:30 AM
r1cksec.bsky.social
High-performance, multi-threaded YARA & IOC scanner

github.com/Neo23x0/Loki...

#infosec #cybersecurity #threatintel #dfir #malware #opensource
GitHub - Neo23x0/Loki-RS: 🐍 High-performance, multi-threaded YARA & IOC scanner
🐍 High-performance, multi-threaded YARA & IOC scanner - Neo23x0/Loki-RS
github.com
January 28, 2026 at 10:16 AM
r1cksec.bsky.social
Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.

github.com/Print3M/Goog...

#infosec #cybersecurity #redteam #pentest #threatintel #malware #bugbounty
GitHub - Print3M/Google-Hack-Search: Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.
Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources. - Print3M/Google-Hack-Search
github.com
January 26, 2026 at 8:45 AM
r1cksec.bsky.social
Proof of Concept for extracting NTLMv1 hashes from sessions on Windows (relies on the Remote Credential Guard protocol).

github.com/bytewreck/Du...

#infosec #cybersecurity #redteam #pentest #windows
GitHub - bytewreck/DumpGuard: Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems. - bytewreck/DumpGuard
github.com
January 24, 2026 at 11:46 AM
Reposted by r1cksec
codewhitesec.bsky.social
You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive
NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...
code-white.com
January 23, 2026 at 12:28 PM
r1cksec.bsky.social
A lightweight C# console application for enumerating and displaying all user sessions on Windows Server, including session GUIDs

github.com/lsecqt/Sessi...

#infosec #cybersecurity #redteam #pentest #windows
GitHub - lsecqt/SessionView: A portable C# utility for enumerating local and remote windows sessions
A portable C# utility for enumerating local and remote windows sessions - lsecqt/SessionView
github.com
January 23, 2026 at 10:56 AM
r1cksec.bsky.social
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface🕵️‍♂️

github.com/lgandx/PCredz

#infosec #cybersecurity #redteam #pentest
GitHub - lgandx/PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file o...
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interfa...
github.com
January 22, 2026 at 7:52 AM
r1cksec.bsky.social
The Microsoft ms-photos URI scheme takes fileName as parameter, which can be submitted with a UNC path, leaking NTLMv2-SSP hashes one opened🕵️‍♂️

github.com/rubenformati...

#infosec #cybersecurity #redteam #pentest
GitHub - rubenformation/ms-photos_NTLM_Leak: New 0 day vulnerability allowing to leak NTLM hashes from browsers with one click
New 0 day vulnerability allowing to leak NTLM hashes from browsers with one click - rubenformation/ms-photos_NTLM_Leak
github.com
January 20, 2026 at 8:29 AM
r1cksec.bsky.social
A post about the basics of deserialization attacks🕵️‍♂️

owlhacku.com/introduction...

#infosec #cybersecurity #redteam #pentest #bugbounty
Introduction to Deserialization Attacks
owlhacku.com
January 18, 2026 at 2:13 PM
r1cksec.bsky.social
PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph🕵️‍♂️

github.com/SpecterOps/C...

#infosec #cybersecurity #redteam #pentest #opensource
GitHub - SpecterOps/ConfigManBearPig: PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph
PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph - SpecterOps/ConfigManBearPig
github.com
January 16, 2026 at 10:05 AM
r1cksec.bsky.social
A post showing how command line arguments can be used to bypass the command execution filter in claude code🕵️‍♂️

flatt.tech/research/pos...

#infosec #cybersecurity #redteam #ai #claude #claudecode
Pwning Claude Code in 8 Different Ways
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. A few months ago, I came across an interesting behavior while using Claude Code—it executed a command without...
flatt.tech
January 15, 2026 at 7:53 AM
r1cksec.bsky.social
EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running🕵️‍♂️

github.com/TwoSevenOneT...

#infosec #cybersecurity #redteam #pentest #edr #opensource
GitHub - TwoSevenOneT/EDRStartupHinder: EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.
EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running. - TwoSevenOneT/EDRStartupHinder
github.com
January 14, 2026 at 2:14 PM
r1cksec.bsky.social
An explanation on how inconsistencies in SAML XML parsers enable signature-wrapping and canonicalization attacks that let attackers bypass authentication in Ruby and PHP libraries🕵️‍♂️

portswigger.net/research/the...

#infosec #cybersecurity #pentest #redteam #web #xml #bugbounty
The Fragile Lock: Novel Bypasses For SAML Authentication
TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi
portswigger.net
January 13, 2026 at 11:29 AM
r1cksec.bsky.social
A small python script to extract all related domains for a specific Office 365 tenant🕵️‍♂️

github.com/r1cksec/corp...

#infosec #cybersecurity #redteam #pentest #osint #azure #entra #cloud #opensource
corptrace/ressources/modules/ms_get_rootdomains_from_tenant.py at master · r1cksec/corptrace
Automate Scoping, OSINT and Recon assessments. Contribute to r1cksec/corptrace development by creating an account on GitHub.
github.com
January 12, 2026 at 5:51 PM
r1cksec.bsky.social
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers🕵️‍♂️

github.com/Maldev-Acade...

#infosec #cybersecurity #redteam #pentest
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern...
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...
github.com
January 9, 2026 at 8:00 AM
r1cksec.bsky.social
A python-based pentesting library for Azure and Entra ID🕵️‍♂️

github.com/codyburkard/...

#infosec #cybersecurity #redteam #pentest #cloud #python #opensource
GitHub - codyburkard/azol: Azure Offensive Library
Azure Offensive Library. Contribute to codyburkard/azol development by creating an account on GitHub.
github.com
January 8, 2026 at 8:49 AM
r1cksec.bsky.social
Analyzes software dependencies across GitHub repositories to identify security vulnerabilities and health risks in your supply chain🕵️‍♂️

github.com/AppOmni-Labs...

#infosec #cybersecurity #redteam #pentest #opensource
GitHub - AppOmni-Labs/heisenberg-ssc-health-check: Analyzes software dependencies across GitHub repositories to identify security vulnerabilities and health risks in your supply chain.
Analyzes software dependencies across GitHub repositories to identify security vulnerabilities and health risks in your supply chain. - AppOmni-Labs/heisenberg-ssc-health-check
github.com
December 28, 2025 at 6:53 PM
r1cksec.bsky.social
Python tool to resolve all strings in Go binaries obfuscated by garble🕵️‍♂️

github.com/mandiant/gos...

#infosec #cybersecurity #threatintel #blueteam #dfir #malware #opensource
GitHub - mandiant/gostringungarbler: Python tool to resolve all strings in Go binaries obfuscated by garble
Python tool to resolve all strings in Go binaries obfuscated by garble - mandiant/gostringungarbler
github.com
December 27, 2025 at 5:11 PM
r1cksec.bsky.social
A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)🕵️‍♂️

github.com/gommzystudio...

#infosec #cybersecurity #osint #whatsapp #signal #opensource
GitHub - gommzystudio/device-activity-tracker: A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sen...
A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /...
github.com
December 26, 2025 at 6:55 PM
r1cksec.bsky.social
Agent 0DIN: A Gamified CTF for Breaking AI Systems🕵️‍♂️

0din.ai/blog/agent-0...

#infosec #cybersecurity #redteam #pentest #ai
Agent 0DIN: A Gamified CTF for Breaking AI Systems
Agent ODIN is a gamified Capture-the-Flag (CTF) platform that trains the security research community in real world AI prompt injection and jailbreaking techniques by placing players in interactive mis...
0din.ai
December 25, 2025 at 1:00 PM
r1cksec.bsky.social
RedTeamCoin is a blockchain-based cryptocurrency mining pool implementation designed for authorized security testing (cryptomining attacks)🕵️‍♂️

github.com/xyplex3/RedT...

#infosec #cybersecurity #redteam #dfir #opensource #crypto
GitHub - xyplex3/RedTeamCoin: Red Team Coin for crypto-mining operations.
Red Team Coin for crypto-mining operations. Contribute to xyplex3/RedTeamCoin development by creating an account on GitHub.
github.com
December 24, 2025 at 9:54 AM
r1cksec.bsky.social
Signature-Base is a YARA signature and IOC database for scanners like LOKI and THOR Lite🕵️‍♂️

github.com/Neo23x0/sign...

#infosec #cybersecurity #dfir #threatintel #malware #opensource
GitHub - Neo23x0/signature-base: YARA signature and IOC database for my scanners and tools
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
github.com
December 24, 2025 at 9:48 AM