Lightnews — Scholar-powered news

1 1

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · 7d

We are going live tonight at 7 PM EDT.

Tonight's session is about Microsoft Azure. We will do a deep dive into how it can be abused as part of a red team. We will automate the process by writing a complete tool to perform attacks and reconnaissance.

truecyber.world

#azure #redteam #graphapis | Charles F. Hamilton

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · 13d

The Azure Graph API /beta/users endpoint is definitely an interesting one, as it now includes on-premise Active Directory information, which was not included in the previous /v1.0/users.

www.linkedin.com/posts/charle...

#Azure #RedTeam #Graph

Français plus bas I showcased a few interesting Azure applications that can be used to gather more information than allowed by default, including ways to bypass UsersPermissionToReadOtherUsersEnabled...

#redteam #azure | Charles F. Hamilton

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · 15d

Interested in attack vectors in Azure.

I have documented another example to have read permission on all the applications exposed in the tenant and more. Blocking default applications is crucial to prevent such vectors.

www.linkedin.com/posts/charle...

#Azure #RedTeam

Français plus bas Interested in learning more about Azure built-in applications that can be misused? Here is another one that allows you to list all the applications deployed within your tenant. A st...

https://linkedin.com/posts/charles-…

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · 21d

I'm working on a useful tool that allowed me to discover quite a few interesting attack vectors in Azure.

UsersPermissionToReadOtherUsersEnabled bypass
MFA bypass
Privileges escalation
And more

www.linkedin.com/posts/charle...

#Azure #RedTeam

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Sep 3

We are going live tonight at 7 PM EDT.

Tonight's session is about running your own LLM locally and building a simple cross-platform .NET client interface to interact with it. The private LLM is quite useful during red team exercises.

truecyber.world

GitHub - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader: load shellcode without P/D Invoke and VirtualProtect call.

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Sep 2

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method.

github.com/Mr-Un1k0d3r/...

load shellcode without P/D Invoke and VirtualProtect call. - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader

github.com

Mr.Un1k0d3r Offensive Red Team Training

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Aug 28

It's time for the long weekend sale!
Get 50% OFF when you purchase both the Coding Class and the Red Team Training for just $400 (regularly $800). This includes over 200 hours of videos and source code.

More details here mr.un1k0d3r.world/training/a6e...

#redteam #discount

mr.un1k0d3r.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Aug 6

We are going live tonight at 7 PM EDT.

Tonight's session is about understanding the underlying concepts of Active Directory Certificate Service (ADCS) and how certificate templates can be audited using C#.

truecyber.world

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. | Charles F. Hamilton

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Jul 29

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities.

www.linkedin.com/posts/charle...

#redteam #webinar

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. Join us on August 6 to explore some of the tradecraft we developed...

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Jul 23

We are going live tonight at 7 PM EST.

Tonight's session is about auditing and searching for misconfigured GPOs using C# during a red team exercise.

truecyber.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Jul 2

We are going live tonight at 7 PM EDT.

Tonight's episode is about writing your own SOCKS5 proxy that can serve as your complete C2, allowing you to perform all operations remotely.

truecyber.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Jun 4

We are going live tonight at 7 PM!

Tonight's session is about incorporating sandbox evasion techniques into your malware using C and C#.

truecyber.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · May 19

Shellcode architecture matter too make sure you use x86 shellcode if you are using anycpu in VS.

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · May 17

Wonderful I know that sometime I go fast. But happy to hear to you got most of it live.

1 1

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · May 15

The upcoming live session will be presented live from @northsec.io this Friday, May 16, 2025, at 1 PM EST.

We will be chaining a novel technique in .NET that does not require any RWX memory allocation or external APIs.

truecyber.world

1 2

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Apr 23

We are going live tonight at 7 PM EST.

Tonight's session is about Understanding Azure and Graph: Automating user enumeration and more.

We'll explore how to leverage Azure and Graph during a red teaming exercise.

truecyber.world

Mr.Un1k0d3r Offensive Red Team Training

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Apr 18

For the long weekend, I'm offering a 50% off discount on my coding class and Red Team course. You get both for $400 instead of $800. If you search a bit, you might even find an extra $50 discount using your web skills.

mr.un1k0d3r.online/training/lon...

Offer will last for 24 hours.

mr.un1k0d3r.online

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Apr 16

We are going live tonight at 7 PM EDT.
Tonight's session is about gathering user information without using LDAP queries in an Active Directory domain, using WMI.

This is achieved by using a COM object and C.

truecyber.world

Advanced Red Teaming Tactics: Latest Trends For A Successful Exploitation | Charles F. Hamilton

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Apr 14

I wrote a white paper at CYPFER regarding the techniques we use during our red team engagement.

#redteam #cypfer

www.linkedin.com/posts/charle...

I wrote a white paper that covers the attacks we often use during red team exercises, ranging from phishing vectors to EDR evasion, including exploitation and lateral movement. This is just a small p...

#redteam #livesession #athens | Charles F. Hamilton

4

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Mar 26

It is an honor to present at Offensive X this summer. I'm looking forward to sharing some of my tradecraft when it comes to red teaming payload crafting.

Let me know if you're coming too so we can catch up!

www.linkedin.com/posts/charle...

It is an honor to present at Offensive X this summer. I'm looking forward to sharing some of my tradecraft when it comes to red teaming payload crafting. Let…

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Mar 12

We are going live tonight at 7 PM EDT.

Tonight's session will cover a method to gather Active Directory user information remotely in a Windows domain without using LDAP queries. Instead, we will use Lsa* APIs and a bit of magic.

truecyber.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Feb 26

We are going live tonight at 7 PM EST.

Tonight's session will cover code obfuscation using the power of assembly to make your code harder to reverse-engineer and hide your true intentions.

Let's have fun with assembly code tonight!

truecyber.world

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Feb 12

We are going live tonight at 7 PM EDT.

Tonight's session is about customizing your toolset to avoid detection: A case study using PingCastle. How can we adapt the red team toolset to avoid detection?

truecyber.world

#redteam

Mr.Un1k0d3r @mrun1k0d3r.bsky.social · Jan 29

We are going live tonight at 7 PM EDT.

Tonight's session is about writing your own simple port scanner in C and C# that is capable of evading million-dollar deception devices. The C version can also be converted into a BOF.

truecyber.world