If a host is compromised, what risk does that data represent?
Nemesis 2.2 helps answer that.
✅ Large container processing
✅ Host-based reporting
✅ AI-assisted triage
✅ Full Chromium DPAPI handling
Read @harmj0y.bsky.social + @tifkin.bsky.social's latest blog post: https://ghst.ly/4l2DDbl
The macOS Hardened Runtime isn’t a dead end for in-memory execution. In his latest post, Kyle Avery looks at the 'allow-jit' entitlement and demonstrates shellcode execution in apps that have it.
https://www.outflank.nl/blog/2026/02/19/macos-jit-memory/
I'd like to thank all of our sponsors for 2025. I'd also really, really, really, want to thank @MDSecLabs, @TrustedSec, @TorGuard, ... and all the individual donors.
Thanks to you, I don't need to beg for money on the internet and can focus on kitty cat pictures and malware.
Binary injection vulnerabilities can be found in many MacOS apps. Those may be abused to bypass EDR, hide backdoor, access memory, or bypass TCC!
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
Lots of cool new Nemesis features merging in soon from @tifkin_ and I! Development definitely didn't stop with the 2.0 release :) github.com/SpecterOps/N...
Thanks for the excellent writeup @intel471.bsky.social
www.intel471.com/blog/the-phr...
Screenshot showing the output of the proof-of-concept tool "SMAStorageDump", where ACCs are dully decrypted.
🆕 New blog post!
"Offline Extraction of Symantec Account Connectivity Credentials (ACCs)"
Following my previous post on the subject, here is how to extract ACCs purely offline.
👉 itm4n.github.io/offline-extr...
#redteam #pentesting
We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.
falconforce.nl/dawshund-fra...
#blueteaming #redteaming
With putty, there’s a nice little trick you can do to enable connection sharing and piggy back off their session… helps get around things like mfa 🙃
Our red team is growing and we have a rare open position for a Principal RT Operator - if this sounds like you, get in touch 🙏
[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.
- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...
Prodaft has published a technical analysis of Anubis, a new Python-based backdoor linked to Savage Ladybug (FIN7) operations
catalyst.prodaft.com/public/repor...
The Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies.
The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
research.checkpoint.com/2025/blind-e...
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
github.com/decoder-it/K...
🚨 Detect C2 Beacons!
New Microsoft Defender for Endpoint telemetry provides new opportunities for threat detection!
🔗
academy.bluraven.io/blog/beaconi...
#ThreatHunting #DetectionEngineering #MDE
Haha you’re clutching at straws there!
You should be honoured to get my first post 😂
So when’s your last day at Fortra? 🙃
It appears Microsoft quietly mitigated most of the risk of the "Intune company portal" device compliance CA bypass by restricting the scope of Azure AD graph tokens issued to this app, making them almost useless for most abuse scenarios. Thx @domchell.bsky.social for the heads up.
