netbiosX
LightNews LightNews
banner
netbiosx.bsky.social
netbiosX
@netbiosx.bsky.social
1.8K followers 67 following 290 posts
Purple Team
Posts Replies Media Videos
netbiosx.bsky.social
CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! github.com/EvilBytecode...
GitHub - EvilBytecode/CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! - EvilBytecode/CustomDpapi
github.com
February 4, 2026 at 3:58 PM
netbiosx.bsky.social
An open-source port/reimplementation of the Cobalt Strike BOF Loader
GitHub - CodeXTF2/Cobaltstrike_BOFLoader: open source port/reimplementation of the Cobalt Strike BOF Loader as is
open source port/reimplementation of the Cobalt Strike BOF Loader as is - CodeXTF2/Cobaltstrike_BOFLoader
github.com
February 3, 2026 at 10:08 AM
netbiosx.bsky.social
AppLocker Rules Abuse
AppLocker was introduced by Microsoft in Windows 7 to enable organizations to define which executables, scripts or installers are allowed to run in their environments. AppLocker can reduce the atta…
ipurple.team
February 2, 2026 at 7:52 AM
netbiosx.bsky.social
Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP - SpecterOps
During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting WebClient when installed.
specterops.io
January 14, 2026 at 5:21 PM
netbiosx.bsky.social
EDR Silencing
Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and re…
ipurple.team
January 12, 2026 at 3:13 PM
netbiosx.bsky.social
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern...
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...
github.com
January 8, 2026 at 6:11 PM
netbiosx.bsky.social
DbgNexum - a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping).
GitHub - dis0rder0x00/DbgNexum: Shellcode injection using the Windows Debugging API
Shellcode injection using the Windows Debugging API - dis0rder0x00/DbgNexum
github.com
January 4, 2026 at 6:41 PM
netbiosx.bsky.social
Aether C2 - Aether project operates on a Full Duplex, End-to-End Encrypted channel, utilizing direct WinAPI syscalls for evasion and a modular architecture for scalability github.com/256AndreiAES...
GitHub - 256AndreiAES/Aether-C2-Framework: Advanced Red Team C2 Framework written in Rust & Python.
Advanced Red Team C2 Framework written in Rust & Python. - 256AndreiAES/Aether-C2-Framework
github.com
January 3, 2026 at 3:20 PM
netbiosx.bsky.social
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
January 1, 2026 at 11:19 PM
netbiosx.bsky.social
Ghostly Hollowing Via Tampered Syscalls github.com/Maldev-Acade...
GitHub - Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2
Contribute to Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 development by creating an account on GitHub.
github.com
December 30, 2025 at 4:14 PM
netbiosx.bsky.social
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
ipurple.team
December 1, 2025 at 9:26 AM
netbiosx.bsky.social
LSASS Dump – Windows Error Reporting
The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …
ipurple.team
November 18, 2025 at 2:17 PM
netbiosx.bsky.social
GitHub - EvilBytecode/ExitPatcher: Prevent in-process process termination by patching exit APIs
Prevent in-process process termination by patching exit APIs - EvilBytecode/ExitPatcher
github.com
November 9, 2025 at 5:26 PM
netbiosx.bsky.social
GitHub - MorDavid/DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database - MorDavid/DonPwner
github.com
November 8, 2025 at 4:39 PM
netbiosx.bsky.social
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
ipurple.team
September 2, 2025 at 3:18 PM
netbiosx.bsky.social
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…
ipurple.team
August 12, 2025 at 2:56 PM
netbiosx.bsky.social
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
ipurple.team
August 4, 2025 at 6:30 PM
netbiosx.bsky.social
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
ipurple.team
July 28, 2025 at 2:13 PM
netbiosx.bsky.social
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
June 5, 2025 at 5:35 PM
netbiosx.bsky.social
Boflink: A Linker For Beacon Object Files
Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique w...
blog.cybershenanigans.space
May 31, 2025 at 4:48 PM
netbiosx.bsky.social
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection
"Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
www.darkrelay.com
May 31, 2025 at 10:52 AM
netbiosx.bsky.social
Revisiting COM Hijacking - SpecterOps
Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
specterops.io
May 28, 2025 at 6:42 PM
netbiosx.bsky.social
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s...
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the fun...
github.com
May 17, 2025 at 9:55 AM
netbiosx.bsky.social
Living-off-the-COM: Type Coercion Abuse
This technique leverages PowerShell’s .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type…
medium.com
May 16, 2025 at 7:15 PM
netbiosx.bsky.social
GitHub - Thunter-HackTeam/EvilentCoerce
Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
github.com
May 6, 2025 at 9:43 PM