banner
LightNews
netbiosx.bsky.social
netbiosX
@netbiosx.bsky.social
1.8K followers 65 following 270 posts
Purple Team
Posts Media Videos Starter Packs
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Sep 2
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
ipurple.team
1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Aug 12
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The s…
ipurple.team
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Aug 4
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
ipurple.team
1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Aug 3
Takedown
1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Jul 28
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
ipurple.team
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Jun 5
The Ultimate Guide to Windows Coercion Techniques in 2025
Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
blog.redteam-pentesting.de
1 2
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 31
Boflink: A Linker For Beacon Object Files
Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique w...
blog.cybershenanigans.space
1 1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 31
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection
"Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
www.darkrelay.com
2 6
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 28
Revisiting COM Hijacking - SpecterOps
Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
specterops.io
1 3
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 17
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s...
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the fun...
github.com
1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 16
Living-off-the-COM: Type Coercion Abuse
This technique leverages PowerShell’s .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type…
medium.com
1 4
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 6
GitHub - Thunter-HackTeam/EvilentCoerce
Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
github.com
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 5
Beacon Object Files vs Tiny EXE Files
TL;DR A lot of bloat in an EXE file is just the statically linked C runtime. Link dynamically to msvcrt.dll (or ucrtbase.dll on Win 10+) plus a 40-line stub, and depending on the size of the progra…
modexp.wordpress.com
1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · May 5
GitHub - quarkslab/proxyblob: SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication. - quarkslab/proxyblob
github.com
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 28
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
blog.malicious.group
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 27
Attacking and Defending Configuration Manager - An Attackers Easy Win
Introduction System Center Configuration Manager (SCCM) or Microsoft Configuration Manager allows endpoint administrators to utilize a single platform for seamless device management inside of an Activ...
logan-goins.com
3
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 24
GitHub - backdoorskid/ClrAmsiScanPatcher: Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET - backdoorskid/ClrAmsiScanPatcher
github.com
2
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 23
GitHub - cogiceo/GPOHound: Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data
Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data - cogiceo/GPOHound
github.com
3
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 22
Windows Defender antivirus bypass in 2025 - part 2
Discover how hackers bypass an antivirus such as Windows Defender, using advanced techniques such as direct syscalls and shellcode encryption
www.hackmosphere.fr
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 21
Bypassing AMSI with Dynamic API Resolution in PowerShell - ROOTFU.IN
function LookupFunc { Param ($moduleName, $functionName) $assem = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\')[-1]. Equals('System.dl...
rootfu.in
1 1
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 19
GitHub - almounah/go-buena-clr: Good CLR Host with Native patchless AMSI Bypass
Good CLR Host with Native patchless AMSI Bypass. Contribute to almounah/go-buena-clr development by creating an account on GitHub.
github.com
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 13
GitHub - tdeerenberg/InlineWhispers3: Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion - tdeerenberg/InlineWhispers3
github.com
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Apr 9
RemoteMonologue: Weaponizing DCOM for NTLM authentication coercions | IBM
The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - RemoteMo...
www.ibm.com
2 7
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Mar 22
GitHub - MythicAgents/Xenon: A Mythic agent for Windows written in C
A Mythic agent for Windows written in C. Contribute to MythicAgents/Xenon development by creating an account on GitHub.
github.com
1 4
netbiosx.bsky.social
netbiosX @netbiosx.bsky.social · Mar 21
Red Teaming with ServiceNow - MDSec
Introduction Over the course of numerous Red Team engagements MDSec has often gained privileged access to a target’s ServiceNow instance. This has, in turn, facilitated a variety of compromise actions...
www.mdsec.co.uk
1 1