mgeeky | Mariusz Banach

🔥 Modern Initial Access 2.0 is here🔥 Long-awaited class finally opens for registration, but only three live classes & then it's gone ✅ Modern Phishing Tactics ✅ Proven Payloads ✅ Effective Shellcode Loaders ☢️Snatch your seat today: binary-offensive.com/initial-access… So excited! 🔥

A few weeks ago, I was responding to a cybersecurity incident - $500,000 have been stolen from a #blockchain developer. The infected operating system was freshly installed, and the victim was vigilant about cybersecurity. How could this happen? New supply chain attack? [1/6]

New? Initial Access maybe, yep we all heard of WSL and it's great integration with Windows you can build "WSL" file extensions. Maybe these files are 100MB+ but we can double click, and achieve command execution!!. Was tricky but working!! #redteam

It's here. The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking. 📚 Blog: blog.delivr.to/delivr-tos-top…

excited to be back in vegas for my second @defcon, and second talk on the creator stage! i’ll be diving into a mix of my favorite things: network fingerprinting, honeypots, and ai agents! tool drops in a few days--stay tuned 👾defcon.org/html/defcon-33… @wallofsheep

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…

Introducing the BloodHound Query Library! 📚 @martinsohndk & @joeydreijer explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ

I'm starting another series - Buffer Overflows in the Modern Era. I'll go over the basics of using a debugger all the way to successfully achieving a buffer overflow exploit on Windows 11 24H2, using ROP gadgets and bypassing ASLR, etc. Here's part 1! g3tsyst3m.github.io/binary%20explo…

This year I joined the amazing @x33fcon crew! 🚀 Helped during two awesome trainings: 🔹 Modern Initial Access and Evasion Tactics – deep dive into offensive techniques with @mariuszbit 🔹 Threat Hunting w/ Velociraptor – hands-on DFIR with @eric_capuano & @shortxstack (1/2)

🔥@harmj0y and @tifkin_ rocking on the #x33fcon stage walking us through Nemesis 2.0

👀👀👀

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

We're frying brains with Initial Access lore for the forth time at x33fcon! I have a blast having a great class! 🔥 Also, completely overhauled the agenda ☢️

#x33fcon 2025 training. Day 2 of "Modern Initial Access and Evasion Tactics" by @mariuszbit is very intense! 🚀 #modern, #redteam, #malware, #development, #evasion, #initial, #access

🚨 New blog post alert! @_xpn_ drops knowledge on LLM security w/ his latest post showing how attackers can by pass LLM WAFs by confusing the tokenization process to smuggle tokens to back-end LLMs. ghst.ly/4koUJiz

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…