trickster0
@trickster012
Just like pwning Windowz stuff
This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. trickster0.github.io/posts/Primitiv…
I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…
Stumbled across a legacy .NET Remoting service during a red team gig — turned out to be a critical unauth RCE (CVE-2025-5333 - CVSS 9.5) in Broadcom Altiris 😅 Details at lrqa.com/en/cyber-labs/…
Who says #Python Malware is out of style? In our new #blog,@GuhnooPlusLinux revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0
Who says #Python Malware is out of style? In our new #blog,@GuhnooPlusLinux revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0
Watching Battlestar Galactica for the 3rd time in my life and OMG it is so good! I wish I could remove it from my memory and watch it again for the first time!
🦝 Introducing Raccoon - a C# tool developed by LRQA's @eks_perience for extending the screenshot functionality of Command and Control (C2) frameworks, even capturing minimised windows. Check it out on GitHub and in our latest Labs article below.
Got the transpiler working for my MIPS I VM 🥳Which means that one can basically write plain C with included windows headers and compile it to a PSXecute MIPS module. Also just published the code: github.com/eversinc33/PSX…
It has been 7 years since the EQGRP leak with danderspritz, fuzzbunch, eternalblue, double/darkpulsar... Those things were years ahead of their time but also in a non-EDR era using RWX memory regions everywhere. Am I the only one that is extremely curious what those guys use now?
Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;) github.com/nettitude/Toke…
Today we are releasing TokenCert, a C# tool that will create a network token using a provided certificate via PKINIT, by @lefterispan This is useful for Red Teams giving make-token functionality with certificates instead of passwords. github.com/nettitude/Toke…
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation. github.com/trickster0/Nam…
Today I learned that playing with some UTF16 characters you can completely mess up with cmd output. There is a lot of fun stuff you can do, like creating "invisible files", "crafting" file's properties or changing the graphic settings. Explorer is not affected the same way tho :/
Recently discovered an insecure DCOM deserialization on Dell Power Manager <= 3.15.0 and prior, allowing elevation to SYSTEM. The vulnerability was reported to Dell who assigned CVE-2024-39576 - CVSS 8.8. @tiraniddo's work relevant seven years later and many years ahead 🤯
[RELEASE] Following the talk at DEF CON, I'm releasing all the POC projects associated with DriverJack. More info in the repos. For any additional info, hit me up ;) - github.com/klezVirus/Driv… - github.com/klezVirus/RpcP… - github.com/klezVirus/kopp…
I am so amazed by Tailscale! Highly recommend everyone to use it. Even the free version is unbelievably awesome. Just grab a raspberry pi and set it at your place and then VPN through it izzy pizzy to setup as well. Literally 1 command.