bohops
@bohops
Red/Purple/Research | Adversary Services @xforce red
[Blog] Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127) - Analysis of .NET diagnostic features and tradecraft - Walkthrough of a .NET Cross-Session Local Priv Esc (LPE) - Defensive Recommendations bohops.com/2023/11/27/abu…
Fittingly, I asked Copilot to generate a Registry "killswitch" to disable Copilot on Windows 11. Copilot created the reg file below. It's probably incomplete. It may or may not work now or later, but here you go - DisableCopilot.reg: Windows Registry Editor Version 5.00…
Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cr…
''Offensive MCP and MCP for Offensive'' #infosec #pentest #redteam #blueteam medium.com/seercurity-spo…
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…
Whenever I see people say the red teaming should only use TI, it seems unusual because if you're mature enough to need a red team, your EDR vendor will likely pick up on many currently known threats in the public eye. At that point, you're stuck modifying things away from what's…
Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrwn). The custom implementation allows to allocate and load assemblies from memory and invoke Load_2() method instead of typical call to Load_3(). This…
So...after nine and a half years I was laid off from my position. If you need a program/project/engagement/whatever manager, hit me up. I'm mainly focused on InfoSec but also have a vast knowledge of the hospitality industry and am super big on building culture around your…
"Keep your friends close; keep your enemies closer; keep your C2 closest" - Sun Tzu, cyber warrior
Come join us and learn how to attack AI platforms, model registries, training infrastructure, and backdoor models (and how to defend against these new attacks). It’s been a really hot topic with various military commands I’ve met with recently!
A little over a week left to register for @retBandit and I's @BlackHatEvents #BHUSA training on attacking MLSecOps and AI-as-a-Service platforms. We are almost full for both the Sat/Sun and Mon/Tues sessions! blackhat.com/us-25/training…
🧪 New technique: DreamWalkers A reflective shellcode loader that crafts a synthetic, clean call stack. Achieving stealthy execution from memory-mapped modules. 🔗 maxdcb.github.io/DreamWalkers/ #MalwareResearch #RedTeam #WindowsInternals #OffSec
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…
Copilot for MS-DOS, you say?
From MS-DOS to Copilot, we’ve come a long way. This year, in honor of Microsoft’s 50th anniversary, MSRC is throwing it back (way back) with a "Microsoft Through the Decades" security researcher celebration during Black Hat. 🗓 August 7, 2025 📍Skyfall Lounge, W Las Vegas This…
🔥 Not your typical remote access tool… but it works. Chrome Remote Desktop isn’t just for tech support—it can be quietly repurposed for red team operations. I break down the how and why in my latest post. 👇
Chrome Remote Desktop can offer red teamers a subtle way to bypass restrictions—if they know how to use it. In this blog, @Oddvarmoe reveals a practical guide to repurposing Chrome Remote Desktop on red team operations. Read it now! trustedsec.com/blog/abusing-c…
🆕 Recent additions to LOLBAS-Project.github.io: • shell32.dll,#44 for DLL execution • PhotoViewer.dll for INetCache download • winget.exe for AWL Bypass • mmc.exe for download (via GUI) • cipher.exe for anti-forensics ➕: the #LOLBAS project now supports dark mode 😎
Last week we added ELEVATE-4 github.com/subat0mik/Misc… to Misconfiguration Manager. tl;dr If SCCM uses AD CS for PKI, client auth certs are "borrowed" by clients during OSD. This will typically be a distribution point but could be the site server in all-in-one deployments...
This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…
Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.
Oddvar Moe (@oddvarmoe) is now on the #OffensiveX2025 stage, talking about "Redteam Chronicles: A C2 Story - Outlook's One-Setting Wonder." He’s sharing insights on how a single registry setting can rule Outlook. #OffensiveX2025 #CyberSecurity #RedTeam #C2 #OffensiveSecurity…