Kreep
@kreepsec.bsky.social
Red Teamer 🚩
Bad code keeps me employed 🖥️
Windows internals and Maldev enthusiast 🦠
Bad code keeps me employed 🖥️
Windows internals and Maldev enthusiast 🦠
Defcon 33 is just around the corner (August 7-10, 2025, Las Vegas)! Hacking season is upon us.
I've put together some tips for #DEFCON first-timers on navigating the conference and Vegas itself. Hoping it helps peeps make the most of the experience!
kreep.in/desert-ops-v...
I've put together some tips for #DEFCON first-timers on navigating the conference and Vegas itself. Hoping it helps peeps make the most of the experience!
kreep.in/desert-ops-v...
Desert Ops: Vegas odds stacked in the DEFCON rookie’s favor
You've probably seen all the tweets, heard the wild DEFCON tales, and finally decided you’re going. Cool, but let’s get real for a second. Vegas isn't exactly the sleek Hollywood glam you see in…
kreep.in
July 18, 2025 at 11:11 AM
Defcon 33 is just around the corner (August 7-10, 2025, Las Vegas)! Hacking season is upon us.
I've put together some tips for #DEFCON first-timers on navigating the conference and Vegas itself. Hoping it helps peeps make the most of the experience!
kreep.in/desert-ops-v...
I've put together some tips for #DEFCON first-timers on navigating the conference and Vegas itself. Hoping it helps peeps make the most of the experience!
kreep.in/desert-ops-v...
Just dropped my BadSuccessor .NET PoC showing how to abuse Delegated MSAs for AD access:
✔️ OU discovery
✔️ Zero-creds MSA creation
✔️ Works with user or machine account
Details + code:
🔗 github.com/ibaiC/BadSuc...
🧵 kreep.in/badsuccessor...
✔️ OU discovery
✔️ Zero-creds MSA creation
✔️ Works with user or machine account
Details + code:
🔗 github.com/ibaiC/BadSuc...
🧵 kreep.in/badsuccessor...
May 26, 2025 at 10:01 AM
Just dropped my BadSuccessor .NET PoC showing how to abuse Delegated MSAs for AD access:
✔️ OU discovery
✔️ Zero-creds MSA creation
✔️ Works with user or machine account
Details + code:
🔗 github.com/ibaiC/BadSuc...
🧵 kreep.in/badsuccessor...
✔️ OU discovery
✔️ Zero-creds MSA creation
✔️ Works with user or machine account
Details + code:
🔗 github.com/ibaiC/BadSuc...
🧵 kreep.in/badsuccessor...
Been researching how to silently freeze Windows processes to hijack them during red team ops. Target apps like Teams, Slack, Outlook—pause them without breaking UI. Useful for stealthy social engineering.
Write-up here:
🔗 kreep.in/friendlyfire...
BOF:
💻 github.com/ibaiC/Friend...
Write-up here:
🔗 kreep.in/friendlyfire...
BOF:
💻 github.com/ibaiC/Friend...
FriendlyFire BOF: Selective Process Freezing
Introduction
The objective of this research was to find a way to suppress Microsoft Teams’ ability to display new messages without forcefully terminating the application or making it visibly unrespon...
kreep.in
April 15, 2025 at 12:22 PM
Been researching how to silently freeze Windows processes to hijack them during red team ops. Target apps like Teams, Slack, Outlook—pause them without breaking UI. Useful for stealthy social engineering.
Write-up here:
🔗 kreep.in/friendlyfire...
BOF:
💻 github.com/ibaiC/Friend...
Write-up here:
🔗 kreep.in/friendlyfire...
BOF:
💻 github.com/ibaiC/Friend...
Microsoft is moving key security mechanisms back to userland. On the surface, this should make life easier for threat actors—but surely they’ve thought of that, right? 🤔
At least we're getting more control over our machines again.
At least we're getting more control over our machines again.
Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident
The Windows Resiliency Initiative includes lots of changes.
www.theverge.com
March 11, 2025 at 12:11 PM
Microsoft is moving key security mechanisms back to userland. On the surface, this should make life easier for threat actors—but surely they’ve thought of that, right? 🤔
At least we're getting more control over our machines again.
At least we're getting more control over our machines again.
Reposted by Kreep
A nice reminder that everyone underrates their skills and talent www.youtube.com/watch?v=dZCr...
Dave Grohl Inspired By Disco Drum Beats
YouTube video by Vocal Vibes
www.youtube.com
March 6, 2025 at 11:16 AM
A nice reminder that everyone underrates their skills and talent www.youtube.com/watch?v=dZCr...
The #CrowdStrike2025 report is wild! 🚨 Breakout times as low as 51 sec, a 442% surge in vishing, and attackers using #GenAI for social engineering. Things are changing, FAST.
#CyberSecurity #Infosec
#CyberSecurity #Infosec
2025 Global Threat Report | Latest Cybersecurity Trends & Insights | CrowdStrike
Discover key cyber threat trends in CrowdStrike’s 2025 Global Threat Report. Learn about rising attacks, malware-free threats, and evolving adversary tactics. Download the report now.
www.crowdstrike.com
March 5, 2025 at 11:00 AM
The #CrowdStrike2025 report is wild! 🚨 Breakout times as low as 51 sec, a 442% surge in vishing, and attackers using #GenAI for social engineering. Things are changing, FAST.
#CyberSecurity #Infosec
#CyberSecurity #Infosec
I've been diving into Windows Security Internals - James Forshaw & Evading EDR - Matt Hand.
They've been easy to get through and definitely filling some knowledge gaps.
Any other must-reads in the Windows internals or RT realm? 👀 📖
They've been easy to get through and definitely filling some knowledge gaps.
Any other must-reads in the Windows internals or RT realm? 👀 📖
March 3, 2025 at 11:00 AM
I've been diving into Windows Security Internals - James Forshaw & Evading EDR - Matt Hand.
They've been easy to get through and definitely filling some knowledge gaps.
Any other must-reads in the Windows internals or RT realm? 👀 📖
They've been easy to get through and definitely filling some knowledge gaps.
Any other must-reads in the Windows internals or RT realm? 👀 📖
AI vs AI. We're really doing this.
RedAgent is an LLM designed to jailbreak chatbots for pentesting & red teaming. So now we’ve got AI breaking AI, patching itself, and breaking again.
Are we advancing tech or just setting up a whole new battlefield?
🔗 https://arxiv.org/abs/2407.16667
RedAgent is an LLM designed to jailbreak chatbots for pentesting & red teaming. So now we’ve got AI breaking AI, patching itself, and breaking again.
Are we advancing tech or just setting up a whole new battlefield?
🔗 https://arxiv.org/abs/2407.16667
RedAgent: Red Teaming Large Language Models with Context-aware Autonomous Language Agent
Recently, advanced Large Language Models (LLMs) such as GPT-4 have been integrated into many real-world applications like Code Copilot. These applications have significantly expanded the attack…
arxiv.org
February 24, 2025 at 6:18 PM
AI vs AI. We're really doing this.
RedAgent is an LLM designed to jailbreak chatbots for pentesting & red teaming. So now we’ve got AI breaking AI, patching itself, and breaking again.
Are we advancing tech or just setting up a whole new battlefield?
🔗 https://arxiv.org/abs/2407.16667
RedAgent is an LLM designed to jailbreak chatbots for pentesting & red teaming. So now we’ve got AI breaking AI, patching itself, and breaking again.
Are we advancing tech or just setting up a whole new battlefield?
🔗 https://arxiv.org/abs/2407.16667
Reposted by Kreep
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...
February 19, 2025 at 9:13 AM
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪
👉 blog.scrt.ch/2025/02/18/r...
👉 blog.scrt.ch/2025/02/18/r...
SQLi in modern web apps is hard to introduce on purpose with today’s ORMs. Yet somehow, a gov site let anyone push updates like a shared Notion doc.
Someone feeling nostalgic for DROP TABLE users;--?
Bad code keeps me employed, so I can't complain.
Someone feeling nostalgic for DROP TABLE users;--?
Bad code keeps me employed, so I can't complain.
Anyone Can Push Updates to the DOGE.gov Website
"THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."
www.404media.co
February 18, 2025 at 6:17 PM
SQLi in modern web apps is hard to introduce on purpose with today’s ORMs. Yet somehow, a gov site let anyone push updates like a shared Notion doc.
Someone feeling nostalgic for DROP TABLE users;--?
Bad code keeps me employed, so I can't complain.
Someone feeling nostalgic for DROP TABLE users;--?
Bad code keeps me employed, so I can't complain.