r/purpleteamsec bot
@r-purpleteamsec.bsky.social
Mirrors r/purpleteamsec, "we believe that when Red and Blue teams unite, security becomes not just a goal but a shared journey." Unofficial. Operated by @tweedge.net, open source @ https://github.com/tweedge/xpost-reddit-to-fediverse
Abusing Delegation with Impacket (Part 2): Constrained Delegation
Abusing Delegation with Impacket (Part 2): Constrained Delegation
www.blackhillsinfosec.com
November 14, 2025 at 4:54 PM
Abusing Delegation with Impacket (Part 2): Constrained Delegation
Rehabilitating Registry Tradecraft with RegRestoreKey
Rehabilitating Registry Tradecraft with RegRestoreKey
www.preludesecurity.com
November 14, 2025 at 1:09 AM
Rehabilitating Registry Tradecraft with RegRestoreKey
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
hunt.io
November 13, 2025 at 10:54 PM
The Complete Guide to Hunting Cobalt Strike - Part 1: Detecting in Open Directories
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
github.com
November 12, 2025 at 7:39 PM
ZeroCrumb: Dumping App Bound Protected Credentials & Cookies Without Privileges.
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
github.com
November 12, 2025 at 6:54 AM
EntraMFACheck: Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow
How I got Domain Admin via Citrix FAS through ESC3
How I got Domain Admin via Citrix FAS through ESC3
medium.com
November 11, 2025 at 1:54 AM
How I got Domain Admin via Citrix FAS through ESC3
ExitPatcher: Prevent in-process process termination by patching exit APIs
ExitPatcher: Prevent in-process process termination by patching exit APIs
github.com
November 10, 2025 at 8:09 PM
ExitPatcher: Prevent in-process process termination by patching exit APIs
Purple-team telemetry & simulation toolkit.
Purple-team telemetry & simulation toolkit.
github.com
November 10, 2025 at 5:54 PM
Purple-team telemetry & simulation toolkit.
MaleficentVM: practice VM for malware development
MaleficentVM: practice VM for malware development
github.com
November 9, 2025 at 4:24 PM
MaleficentVM: practice VM for malware development
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
github.com
November 9, 2025 at 2:54 PM
ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses the traditional endpoint mapper requirement by using SMB directly.
Close Those Ports: Exploring Splashtop RMM and Relays
Close Those Ports: Exploring Splashtop RMM and Relays
blog.axelarator.net
November 9, 2025 at 7:39 AM
Close Those Ports: Exploring Splashtop RMM and Relays
DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
github.com
November 8, 2025 at 10:24 PM
DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
Yet Another DCOM Object for Command Execution Part 1
Yet Another DCOM Object for Command Execution Part 1
sud0ru.ghost.io
November 7, 2025 at 7:24 PM
Yet Another DCOM Object for Command Execution Part 1
Atomic Red Team MCP #2 - Claude becomes C2
Atomic Red Team MCP #2 - Claude becomes C2
cyberbuff.substack.com
November 7, 2025 at 12:24 AM
Atomic Red Team MCP #2 - Claude becomes C2
Evading Elastic EDR's call stack signatures with call gadgets
Evading Elastic EDR's call stack signatures with call gadgets
offsec.almond.consulting
November 6, 2025 at 11:09 PM
Evading Elastic EDR's call stack signatures with call gadgets
Weekly Purple Team Episode: CVE-2025-59287 - Exploiting & Detecting the Critical WSUS RCE
Weekly Purple Team Episode: CVE-2025-59287 - Exploiting & Detecting the Critical WSUS RCE
youtu.be
November 6, 2025 at 9:54 PM
Weekly Purple Team Episode: CVE-2025-59287 - Exploiting & Detecting the Critical WSUS RCE
Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines
Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines
www.bitdefender.com
November 5, 2025 at 4:39 PM
Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines
Blog MSSQL Exploitation - Run Commands Like A Pro
Blog MSSQL Exploitation - Run Commands Like A Pro
www.r-tec.net
November 5, 2025 at 5:39 AM
Blog MSSQL Exploitation - Run Commands Like A Pro
Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks
Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks
medium.com
November 4, 2025 at 7:09 PM
Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks
Beacon Object File (BOF) to steal Microsoft Teams cookies
Beacon Object File (BOF) to steal Microsoft Teams cookies
tierzerosecurity.co.nz
November 4, 2025 at 2:39 AM
Beacon Object File (BOF) to steal Microsoft Teams cookies
BOF to steal Teams cookies
BOF to steal Teams cookies
github.com
November 3, 2025 at 7:54 PM
BOF to steal Teams cookies
Protecting C2 Traffic in Nim
Protecting C2 Traffic in Nim
jakobfriedl.github.io
November 3, 2025 at 4:39 PM
Protecting C2 Traffic in Nim
SilentButDeadly - A Novel Approach to EDR Silencing
SilentButDeadly - A Novel Approach to EDR Silencing
github.com
November 3, 2025 at 5:09 AM
SilentButDeadly - A Novel Approach to EDR Silencing
EDR-Redir V2: Blind EDR With Fake Program Files
EDR-Redir V2: Blind EDR With Fake Program Files
www.zerosalarium.com
November 2, 2025 at 10:54 PM
EDR-Redir V2: Blind EDR With Fake Program Files