R.B.C.
@G3tSyst3m
Security Professional and Researcher with over a decade of experience. I'm fairly low profile, but share useful info from time to time.
I'm starting another series - Buffer Overflows in the Modern Era. I'll go over the basics of using a debugger all the way to successfully achieving a buffer overflow exploit on Windows 11 24H2, using ROP gadgets and bypassing ASLR, etc. Here's part 1! g3tsyst3m.github.io/binary%20explo…
Separated prepend loaders and stomp-style loader functionality into separate branches. This facilitates the use of other loaders like Donut and Shoggoth (with manual preprocessing)
In my opinion, the full potential of reflective DLLs as an offensive development platform has yet to be adequately explored. rdll-rs hopes to change that by integrating @hasherezade's pe2shc project into a development workflow for reflective DLL development in Rust.
Made hacky named pipe support available via rdll-rs.cna This means you can now develop Reflective DLLs with some support for getting output back to the Beacon console via custom wrapper commands (ie local process psinject command to leverage a powershell one-liner)
In my opinion, the full potential of reflective DLLs as an offensive development platform has yet to be adequately explored. rdll-rs hopes to change that by integrating @hasherezade's pe2shc project into a development workflow for reflective DLL development in Rust.
📣 Game-changer for your SOC is here! TI Lookup is now free for everyone — get live attack data & rich threat context. Act faster. Slash MTTR. Stop breaches early. 🚀 95% of teams already speed up investigations. Start now: intelligence.any.run/analysis/looku…
Part 4 of the Buffer Overflow series has been posted! In today's writeup, we learn how to create a decoder stub, introduce an obligatory nop sled, and use memcpy to copy the encoded shellcode to our newly created memory region using VirtualAlloc 😺 g3tsyst3m.github.io/binary%20explo…
Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…
Most red teamers ignore the clipboard. You can pull: – VPN creds – MFA tokens – AWS keys – Password manager dumps All from CTRL+C. Nobody checks it. Nobody clears it. But it’s always there. Use it. 👊🏾
👨💻 Today we want to highlight some of the researchers and analysts who consistently move the #cybersecurity industry forward. From sharp threat analyses to smart defense tips, these experts are worth following. 💡 Here’s the list, in no specific order: @UK_Daniel_Card…
We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥
Part 3 of the Buffer Overflows in Modern Era series has been posted! In this lengthy yet detailed walkthrough, we'll start to link ROP gadgets together, set register values, and execute VirtualAlloc() ! g3tsyst3m.github.io/binary%20explo…
Here's Part 2 of the Buffer Overflows in Modern Era series. In this post, we'll perform the actual buffer overflow using Python, learn how ROP works + DEP restrictions, and once again execute the obligatory Windows calculator 😸 g3tsyst3m.github.io/binary%20explo…
My second blog post of the month is up. Nothing too crazy, this time I’m looking at the upcoming Windows Administrator Protection feature… How it works, what continues to work, and some reversing. Check it out (or not I’m not your mum!) specterops.io/blog/2025/06/1…
Microsoft: no bounty but you'll get a CVE! Here's even the date: ... Me: Ok, sounds alright. *fix releases* Microsoft: Sorry, we'll give you nothing. I usually dont post like that, but microsoft, you are extremely discouraging from sharing security vulns with you. Disgrace.
More defensive insights, made possible by offsec contributions What a time to be alive
Late Friday blog drop! @HuntressLabs had some fun with #DefendNot by @es3n1n 😈 This tool shows that defense evasion isn’t just about avoiding tools—it’s about bending them. Here’s how attackers turn your security products into blind spots. 🛡️ huntress.com/blog/defendnot…
Folks still seem to be interested in UAC bypass techniques that work on Win 11 24H2. I added content to an existing post on my site going over how to use COM interfaces to bypass UAC. Enjoy 😀 g3tsyst3m.github.io/privilege%20es…
Microsoft, and other software vendors, have demonstrated time and again that security will always come second. I agree that this is a situation where observe the consequences of “what happens when security decisions are made by vendor priorities” but to say that this has anything…
#BadSuccessor - a textbook example of why the security ecosystem is broken - A privilege escalation vuln in Windows Server 2025 AD (via dMSA) - Full domain compromise with default config - Microsoft was told, agreed it’s real, but rated it "moderate" - No patch, No fix - No code…
rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session. github.com/0xTriboulet/rs…
Hey all. Here's my latest blog post discussing using steganography for concealing shellcode in an image, extracting it, and executing it. All while bypassing EDR. Enjoy! g3tsyst3m.github.io/steganography/…
There's never been a better time to learn how to build cool stuff. 1. AI can on-the-spot answer whatever programming questions you have (without *any* of the sass of StackOverflow, rip) 2. If you choose 'modern' programming languages like Go, Rust, etc as your place to start,…