Lefteris Panos

Stumbled across a legacy .NET Remoting service during a red team gig — turned out to be a critical unauth RCE (CVE-2025-5333 - CVSS 9.5) in Broadcom Altiris 😅 Details at lrqa.com/en/cyber-labs/…

I finally published final stats from my 3 years of scraping users via OneDrive. I've got data on usernames, domains, and ADFS configs. This is all related to my ShmooCon talk earlier this year. github.com/nyxgeek/azure_…

👑 Our researcher has discovered LPE in VMWare Tools (CVE-2025-22230 & CVE-2025-22247) via VGAuth! Write-up by the one who broke it: Sergey Bliznyuk (@justbronzebee) swarm.ptsecurity.com/the-guest-who-…

🚨A SharePoint zero-day (CVE-2025-53770) is under active exploitation, with attackers stealing MachineKey secrets to forge __VIEWSTATE and maintain RCE. No patch exists. If you expose SharePoint to the Internet, assume breach. Reach out to via our website if you need support.

LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), and more! blog.badsectorlabs.com/last-week-in-s…

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…

🧪 New technique: DreamWalkers A reflective shellcode loader that crafts a synthetic, clean call stack. Achieving stealthy execution from memory-mapped modules. 🔗 maxdcb.github.io/DreamWalkers/ #MalwareResearch #RedTeam #WindowsInternals #OffSec

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…

Following @ShitSecure's TROOPERS talk and release of BitlockMove, we're releasing our internal DCOMRunAs PoC made by @SAERXCIT last year. It uses a similar technique with a few differences, such as DLL hijacking to avoid registry modification. github.com/AlmondOffSec/D…

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…

Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: pre.empt.blog/posts/static-d…

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞 The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: blog.redteam-pentesting.de/2025/reflectiv…

aff-wg.org/2025/06/04/pla…

Finally had some time to publish these blogs. Enjoy! Spying On Screen Activity Using Chromium Browsers mrd0x.com/spying-with-ch… Camera and Microphone Spying Using Chromium Browsers mrd0x.com/spying-with-ch…

Just released new AppControl Manager update ✅Reverse Code Integrity binaries (CIP) completely back to XML! ✅Brings the entire suite of App Control features on Home edition OS (not normally possible) ✅Rust interop #cyber #Windows #Redteam #CyberSecurity github.com/HotCakeX/Harde…

In-case you missed the webcast, here's the GitHub link github.com/rvrsh3ll/Bolth…. Blog post coming soon! One of my fav bits we talked about was using this to have your C2 call to 127.0.0.1:port or even adding dev tunnels to the ClickOnce. Many options. Modify to taste 🧑‍🍳

.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-and-ni…

RUMOURS are TRUE 🤷‍♀️ PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 @offensive_con BERLIN ("The 𞅀-Day Edition"). Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️