S3cur3Th1sSh1t

This year it happened. What started as a spare time hobby and fun project became a commercial product for the Offensive Security community. I founded a company, @MSecOps . And this company will sell a Packer to Red Teams or Pentesters. (1/x) 🔥

That is actually the real exploit. I went through all the decoding and stuff. It finally is the payload that creates spinstall0.aspx which then gets you the machine keys that allow you to craft your own Viewstates.

okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…

CVE-2025-5777 Citrix NetScaler Memory Leak Severity: CRITICAL ⚠️ PoC: github.com/win3zz/CVE-202…

For anyone interested, Offensive COM hijacking is now available on YouTube. 🤠 youtube.com/watch?v=M_U2ne…

Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…

The stream will take place tomorrow 7 PM CET.🙌

It's time for a new stream this week! We're going to talk about COM hijacking. This will be recorded, so you can watch it later on YouTube. 😎 twitch.tv/S3cur3Th1sShlt youtube.com/@ScurThsSht I'm not 100% sure yet, but it will be either tomorrow or Wednesday at 7pm CET. 🔥

Creating COM hijacking payloads has never been easier than with RustPack! With COM Hijacking, you can persist on a target system by 'living' in trusted user processes, such as the Chrome browser. You only need to bring one DLL. When the user opens Chrome, for example, a C2…

Its back online and working again :-) What a day.

Feeling super bad right now for it but I was too hasty here. I'm 100% sure I got network SYSTEM auth for multiple triggers the last days but now all besides from one just lead to user auth. I'll take down the repo as the initial promise was wrong here, need to investigate more.🙄

To trigger local SYSTEM authentication for relaying to ADCS or LDAP for LPE you would usually need the printer service or EFS service to be enabled (printerbug/petitpotam). Here is an alternative without this requirement 🤠 github.com/rtecCyberSec/R…

Hi, I just released this python-version of @CICADA8Research's nice RemoteKrbRelay-tool. It is based on @_dirkjan's KrbRelayx and @sploutchy's potato.py and rpcrelayserver.py. Please check it out: github.com/OleFredrik1/re…

New post: Windows Hello for Business – The Face Swap insinuator.net/2025/07/window…

This is so much! 🔥🔥😎 Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate. github.com/warpnet/MS-RPC…

Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257.... labs.watchtowr.com/pre-auth-sql-i…

As a fun little weekend project, I have weaponized OpenReplay for exploiting XSS on "HttpOnly" websites. It allows you to remotely control a victim's browser without the need for stealing any cookies. github.com/EgeBalci/evilr…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…