TKYN
@TKYNSEC
The person of all time
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse for screenshots, mic, and more! blog.badsectorlabs.com/last-week-in-s…
blog.malicious.group/the-quiet-side… This is a living document at the moment, but here it is for now. 😅As mentioned in the paper, if you are a researcher and have questions after reading, just reach out to me and I will answer everything I can.
ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 mrbruh.com/asus_p2/
Maldev Database updated search.maldevacademy.com/updates Some of the newly added snippets include: - Anti-Analysis Via Self-Deletion (Windows 11) - Anti-Analysis Via Self-Deletion (2) (Windows 11) - Running VBScript code in memory - Screen Capture to BMP (ScreenShot) - Sleep Obfuscation…
Zoho Quick Assist has a critical flaw! Found that unprivileged users can delete arbitrary system files through the "Send Logs" function due to improper path validation, potentially escalating privileges to SYSTEM level. Full analysis + demo: tkyn.dev/2025-6-8-Zoho-…
Windows 11 24H2 broke a popular malware evasion technique! The Lloyd Labs self-deletion method now fails because of NTFS changes, so I spent time with kernel debugging to figure out why and how to fix it. Full technical breakdown: tkyn.dev/2025-6-8-The-N…
Arbitrary file delete to SYSTEM in a preinstalled ASUS utility! tkyn.dev/2025-4-15-ASUS…
Anyone work at ASUS? I have a local privilege escalation vulnerability in a widely deployed desktop app to disclose quickly. PoC code and explanation available. Thanks!
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/pro…
Anyone know if it's possible to create pseudo symlinks to UNC paths WITH an alternate data stream specified (or know anyone that may know)?
I have enough training material for a couple months now lol
And so... Black Friday begins! 20% off on all RED TEAM Operator courses. Coupon code: BF24 Link: institute.sektor7.net/?coupon=BF24 Validity: end of Cyber Monday (Dec 2nd) #redteam
I finished the BOF Development and Tradecraft course from @Octoberfest73. The concepts were exceptionally well explained, with immediately applicable examples. The recent BOF Patcher addition was used to crudely imitate SharpCloud. Way more coming in the future. Would recommend!
Things don't really happen unless you tweet about it, so I'm excited to start learning from XINTRA's Attacking and Defending Azure & M365 course!
Incredible new hires by Fortra. Excited to see future updates! Congrats @0xTriboulet and @ilove2pwn_!
New blog: Get details on recent changes, upcoming plans for #CobaltStrike R&D, and our strategy for increased communication. cobaltstrike.com/blog/cobalt-st…
Any previous implementations of External C2 using IP over avian carrier? Don't wanna reinvent the wheel
Brute Hawk soon?? Night Ratel??
Dom and his team are talented and NH is great. Chetan is also very smart and knows detections along with being a strong engineer so BR is a great pick too. Too bad we can’t all be friends and crush it together. 😉 uniting NH and BRC4 would be a game changer for everyone.