Panos Gkatziroulis 🦄
@netbiosX
Red/Purple Teamer | Blogger | Director @pentestlabltd | Mod @ http://reddit.com/r/purpleteamsec | https://discord.gg/rR6FJBH
The RPC-function RAiForceElevationPromptForCOM from the appinfo.dll library allows SYSTEM coercion. This only works on domain joined systems. This function can be called from any low privileged user to trigger SYSTEM authentication to an arbitrary location github.com/rtecCyberSec/R…
Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together a super lightweight C# version (no NtApiDotNet), plus a C++ and BOF version. Enjoy! github.com/klezVirus/RAIW…
Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cr…
Set of algorithms which can be used as a library to obfuscate malware communication traffic and therefore bypass EDR and other defensive capabilities github.com/zarkones/netes…
Azure Front Door AiTM Phishing aitm-feed.com/blog/azure-fro…
LudusHound - a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via Ludus for controlled testing. github.com/bagelByt3s/Lud…
A Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates directly on the Go Abstract Syntax Tree (AST) and generates both obfuscated source files and runtime decryption logic github.com/EvilBytecode/E…
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy github.com/EvilBytecode/E…
Modern PIC implant for Windows (64 & 32 bit) github.com/zarkones/Blood…
A small script to collect information from a management point github.com/temp43487580/m…
Backdoor VSCode extensions github.com/whokilleddb/si…
An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory permiso.io/blog/abusing-d…
Thread Pool Timer Process Injection github.com/andreisss/Thre…
C++ tool and library for converting .bin files to shellcode in multiple output formats github.com/T1erno/bin2she…
Detection Field Manual #2 - What are Detection Rules detectionengineering.net/p/detection-fi…
Great article by @_st0pp3r_ on Detection as Code. One year ago, I wrote a similar article here: purpleteamsec.substack.com/p/detection-as…
Detection-as-Code: From Concept to Practice 👇 Check out @_st0pp3r_ latest blog series, where he unpacks the fundamentals of #DetectionEngineering and takes a closer look at the game-changing concept of #DetectionAsCode. blog.nviso.eu/2025/07/08/det…
Shellcode injection using MessageBox ghostline.neocities.org/MessageBoxInje…
Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks github.com/Dor00tkit/BamE…
Code execution/injection technique using DLL PEB module structure manipulation github.com/RWXstoned/LdrS…
