kozmer

Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

in the US there is no formal standard for red team or purple team. everyone gets to do whatever the client wants. some companies hire great teams to do good work, others don’t get so lucky. without a TIBER equivalent, there is nothing to stop me from selling a pentest (or worse,…

Hi, I just released this python-version of @CICADA8Research's nice RemoteKrbRelay-tool. It is based on @_dirkjan's KrbRelayx and @sploutchy's potato.py and rpcrelayserver.py. Please check it out: github.com/OleFredrik1/re…

🔴 Red and blue teams, this one's for you. 🔵 LudusHound bridges BloodHound Attack Paths with lab automation by creating a functional Active Directory replica testing environment. Read @bagelByt3s blog post for more. ghst.ly/40Ippn1

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

🦀🦀 github.com/kozmer/rspy

Password cracking with vast.ai made easier :) Enjoy. github.com/d-sec-net/VPK

single-threaded event driven sleep obfuscation poc for linux utilizing file descriptors, inspired by "pendulum" from @kyleavery_ github.com/kozmer/silentp…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

This! Fuck ego and do cool shit!

If you can motivate yourself to spend 8+ hours a day, 5 days a week to read through: - Atlassian - Jira - Slack - GitHub - Other internal SaaS applications without guaranteed results, you'll be an amazing red teamer.

Yearly blog post just dropped: Control Flow Hijacking via Data Pointers 🐸 Showcasing how to find your own in Binary Ninja, how to weaponize and write a shellcode stub etc. Hopefully people find it useful :) legacyy.xyz/defenseevasion…

Stumbled on ServiceNow during a red team? If not you might want to check our latest post on Red Teaming with ServiceNow by @__invictus_ mdsec.co.uk/2025/03/red-te…

Wrote up some notes on Puppet 101 and abusing Puppet across Linux / Windows. Comes with a Lab / Repo / POCs. tommacdonald.co.uk/abusing-puppet…

KrbRelayEx-RPC tool is out! 🎉 Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;) github.com/decoder-it/Krb…

All Red Teamers should be aware of post beacon loss syndrome, and the stages that you go through. Denial - "the user has probably just gone offline for the day", "maybe my redirector is fucked", "did I crash the process".

If you don't believe in sharing OST or whatever else, that's awesome. However, if your org is in consulting or even has an internal red team and it's built on the fact that other people were ok sharing those things ehhh might want to do some reflection.

I'll give you even more copium if you want. It's far far easier to be a blue teamer than red. BT has a huge amount of heavy lifting done by EDR vendors. RT has to (in most cases) build their entire service from the ground up.

Who says #Python Malware is out of style? In our new #blog,@GuhnooPlusLinux revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0