Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation🕵️♂️
r1cksec
Data breach revealed,
Malware lurks, silent, stealthy -
OSINT tracks the thread.
A post about how North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors🕵️♂️
https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation
A good post about different conditional access bypasses for Microsoft Entra🕵️♂️
https://cloudbrothers.info/en/conditional-access-bypasses/
#infosec #cybersecurity #redteam #pentest #cloud #entra #azure
An article describing how it was possible to uncover the identity of an administrator of the Scattered Lapsus$ Hunters group🕵️♂️
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters
How to extract access tokens from Office desktop applications like Microsoft Teams🕵️♂️
Example code on how to use a custom dll during dll hijack on Narrator.exe as a persistence. The dll hijack is for %windir%\system32\speech_onecore\engines\tts\msttsloc_onecoreenus.dll🕵️♂️
https://github.com/api0cradle/Narrator-dll
#infosec #cybersecurity #pentest #redteam #windows #persistence
A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses🕵️♂️
https://github.com/NetSPI/ATEAM
#infosec #cybersecurity #redteam #pentest #osint #opensource #cloud #azure
@rosabelini You have to click "save" to store the results.
How Watchtowr was able to collect credentials from jsonformatter.org and codebeautify.org🕵️♂️
A post about a CVE found in the Sliver Command and Control Framework (insecure default WireGuard policy)🕵️♂️
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation🕵️♂️
A blogpost about the different types of components involved in COM/DCOM and their identifiers🕵️♂️
https://www.synacktiv.com/en/publications/dissecting-dcom-part-1
A BOF implementation of various registry persistence methods🕵️♂️
https://github.com/leftp/RegPersist
#infosec #cybersecurity #redteam #pentest #windows #opensource
A blogpost about how site-based ACL attack vectors can lead to the compromise of one or several domains in an Active Directory environment🕵️♂️
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare🕵️♂️
Dump processes over WMI with MSFT_MTProcess🕵️♂️
https://github.com/0xthirteen/WMI_Proc_Dump
#infosec #cybersecurity #pentest #redteam #windows #opensource
A tool to play with scheduled tasks on Windows, in Rust🕵️♂️
https://github.com/BlWasp/PhantomTask
#infosec #cybersecurity #pentest #redteam #windows #opensource
A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily🕵️♂️
New cheatsheets pushed🕵️♂️
https://github.com/r1cksec/cheatsheets
#infosec #cybersecurity #pentest #redteam #osint #opensource #malware #threatintel
This project is a deliberately vulnerable environment to learn about LLM-specific risks based on the OWASP Top 10 for LLM Applications🕵️♂️
https://github.com/SECFORCE/LLMGoat
#infosec #cybersecurity #pentest #redteam #llm #ai #opensource
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst