Dominic Chell 👻
@domchell
Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | http://mdsec.co.uk | http://nighthawkc2.io
Stop the VLC abuse! Is nothing sacred anymore?!
The Arctic Wolf Labs team has uncovered a new campaign by APT group Dropping Elephant targeting major Turkish defense contractors and weapons manufacturers. Learn more in our latest blog: ow.ly/xLih50WueNn #HypersonicEspionage #TurkeyPakistan #DroppingElephant #Türkiye
The Arctic Wolf Labs team has uncovered a new campaign by APT group Dropping Elephant targeting major Turkish defense contractors and weapons manufacturers. Learn more in our latest blog: ow.ly/xLih50WueNn #HypersonicEspionage #TurkeyPakistan #DroppingElephant #Türkiye
‘Murica, you’re one crazy place. Go out for a quiet dinner, then the next minute this is happening…
🚨Organisations are encouraged to take immediate action to mitigate a vulnerability affecting certain Microsoft SharePoint Server products. Here’s what you need to know and do next ⬇️ ncsc.gov.uk/news/active-ex…
We are very happy to announce the nominees for the 2025 Pwnie Awards! As a reminder, we will be presenting the winners at DEF CON this year. Saturday the 9th, 10:00AM Main Stage. Hope to see you there! docs.google.com/document/d/1fy…
🚨 Suspected admin of xss.is, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. europol.europa.eu/media-press/ne…
I’ll be at #blackhatusa25 with a group of the @MDSecLabs red team. If you want to meet up, grab a 🍺 or ☕️and talk c2s, OST or red teaming in general, drop us a line! ✅👋
This mitigation is critical (esp based on Storm-2603 exploitation) and I expect it’s most-likely to be overlooked: 🔃🔑 Rotate SharePoint Server ASP .NET machine keys • After applying the latest security updates above or enabling AMSI, it is critical that customers rotate…
Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6015sE1p5
New research reveals detailed analysis of DPRK VPN infrastructure used by North Korean operatives abroad. According to technical analysis published by NK Internet Watch, "Hangro" appears to be a specialized VPN client that enables North Koreans overseas to establish secure…
Per French authorities — the suspected administrator of XSS has been arrested in Ukraine reuters.com/technology/sus…
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…
People have asked me who are cool and badass people to follow. Here is the all-star roster of researchers I love to follow: - @domchell, he is less "researcher" now, but he runs MDSec and he has a collection of brilliant researchers. He retweets a lot of really cool papers and…
Nothing too exciting by APT41 🇨🇳 here IMO, using Impacket, CobaltStrike, Mimikatz, Pillager, RawCopy, Neo-reGeorg Using a compromised SharePoint server for C2 is interesting I guess, especially with this new ToolShell exploit for SharePoint servers securelist.com/apt41-in-afric…
in the US there is no formal standard for red team or purple team. everyone gets to do whatever the client wants. some companies hire great teams to do good work, others don’t get so lucky. without a TIBER equivalent, there is nothing to stop me from selling a pentest (or worse,…
Starting and running a business in 2025 Britain - let’s walk through it. You’ve got a good idea, managed to save a few quid to invest and want to give it a go. Let’s say it’s a cafe. Generate wealth, create jobs and contribute to your local economy. Great idea. You just picked…
#x33fcon 2025 talks: @domchell - Hiding in Plain Sight > youtu.be/GyoxCTYPAus