Mr.Un1k0d3r

#podcast #cybersecurité | Charles F. Hamilton J'ai une fois de plus eu la chance de participer au podcast de PolySécure pour discuter de cybersécurité. On a discuté d'Azure et des tendances que j'observe durant les exercices offensifs. Bonne éco...

If you are interested, I talked about cybersecurity during a podcast (it's in French). We talked about Azure and the trends I observed during red team exercises.

www.linkedin.com/posts/charle...

#podcast #CyberSecurity

Join TrueCyber Learning Platform | Charles F. Hamilton Tonight I will continue to show how Azure and Entra ID can be misused as part of a red team exercise. We are going to code the tool live and explore Azure functionality that could be leveraged to gain...

We are going live tonight at 7 Pam EDT. How Azure and Entra ID can be misused as part of a red team exercise. More information below.

#Azure
#RedTeam

www.linkedin.com/posts/charle...

#azure #redteam #pentest | Charles F. Hamilton Français plus bas Another week, another Azure advice. We've previously talked about application permissions, phishing vectors, and more. Today, let's talk about Azure configuration itself. When was ...

For some reason, Azure is assumed to be secure by design, which is not the case. Validating the default user permissions is important to ensure that everything that can be hardened is hardened.

#Azure #RedTeam

www.linkedin.com/posts/charle...

Senior Penetration Testing Consultant | Charles F. Hamilton We are hiring for our Offensive team. If you are interested in red teaming and traditional pentesting in a highly motivated team, this is your opportunity. If doing R&D, writing your own tools, and l...

We are hiring for a senior red teaming / pentest role at CYPFER.

Interested in applying, feel free to reach out to me.

100% remote role; more information here:

www.linkedin.com/posts/charle...

#redteam #hiring #pentest

We are going live tonight at 7 PM EDT.

Tonight's session is about Microsoft Azure. We will do a deep dive into how it can be abused as part of a red team. We will automate the process by writing a complete tool to perform attacks and reconnaissance.

truecyber.world

#azure #redteam #graphapis | Charles F. Hamilton Français plus bas I showcased a few interesting Azure applications that can be used to gather more information than allowed by default, including ways to bypass UsersPermissionToReadOtherUsersEnabled...

The Azure Graph API /beta/users endpoint is definitely an interesting one, as it now includes on-premise Active Directory information, which was not included in the previous /v1.0/users.

www.linkedin.com/posts/charle...

#Azure #RedTeam #Graph

#redteam #azure | Charles F. Hamilton Français plus bas Interested in learning more about Azure built-in applications that can be misused? Here is another one that allows you to list all the applications deployed within your tenant. A st...

Interested in attack vectors in Azure.

I have documented another example to have read permission on all the applications exposed in the tenant and more. Blocking default applications is crucial to prevent such vectors.

www.linkedin.com/posts/charle...

#Azure #RedTeam

I'm working on a useful tool that allowed me to discover quite a few interesting attack vectors in Azure.

UsersPermissionToReadOtherUsersEnabled bypass
MFA bypass
Privileges escalation
And more

www.linkedin.com/posts/charle...

#Azure #RedTeam

We are going live tonight at 7 PM EDT.

Tonight's session is about running your own LLM locally and building a simple cross-platform .NET client interface to interact with it. The private LLM is quite useful during red team exercises.

truecyber.world

GitHub - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader: load shellcode without P/D Invoke and VirtualProtect call. load shellcode without P/D Invoke and VirtualProtect call. - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method.

github.com/Mr-Un1k0d3r/...

It's time for the long weekend sale!
Get 50% OFF when you purchase both the Coding Class and the Red Team Training for just $400 (regularly $800). This includes over 200 hours of videos and source code.

More details here mr.un1k0d3r.world/training/a6e...

#redteam #discount

We are going live tonight at 7 PM EDT.

Tonight's session is about understanding the underlying concepts of Active Directory Certificate Service (ADCS) and how certificate templates can be audited using C#.

truecyber.world

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. | Charles F. Hamilton Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. Join us on August 6 to explore some of the tradecraft we developed...

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities.

www.linkedin.com/posts/charle...

#redteam #webinar

We are going live tonight at 7 PM EST.

Tonight's session is about auditing and searching for misconfigured GPOs using C# during a red team exercise.

truecyber.world

We are going live tonight at 7 PM EDT.

Tonight's episode is about writing your own SOCKS5 proxy that can serve as your complete C2, allowing you to perform all operations remotely.

truecyber.world

We are going live tonight at 7 PM!

Tonight's session is about incorporating sandbox evasion techniques into your malware using C and C#.

truecyber.world

Shellcode architecture matter too make sure you use x86 shellcode if you are using anycpu in VS.

Wonderful I know that sometime I go fast. But happy to hear to you got most of it live.

The upcoming live session will be presented live from @northsec.io this Friday, May 16, 2025, at 1 PM EST.

We will be chaining a novel technique in .NET that does not require any RWX memory allocation or external APIs.

truecyber.world

We are going live tonight at 7 PM EST.

Tonight's session is about Understanding Azure and Graph: Automating user enumeration and more.

We'll explore how to leverage Azure and Graph during a red teaming exercise.

truecyber.world

For the long weekend, I'm offering a 50% off discount on my coding class and Red Team course. You get both for $400 instead of $800. If you search a bit, you might even find an extra $50 discount using your web skills.

mr.un1k0d3r.online/training/lon...

Offer will last for 24 hours.

We are going live tonight at 7 PM EDT.
Tonight's session is about gathering user information without using LDAP queries in an Active Directory domain, using WMI.

This is achieved by using a COM object and C.

truecyber.world

Advanced Red Teaming Tactics: Latest Trends For A Successful Exploitation | Charles F. Hamilton I wrote a white paper that covers the attacks we often use during red team exercises, ranging from phishing vectors to EDR evasion, including exploitation and lateral movement. This is just a small p...

I wrote a white paper at CYPFER regarding the techniques we use during our red team engagement.

#redteam #cypfer

www.linkedin.com/posts/charle...

#redteam #livesession #athens | Charles F. Hamilton It is an honor to present at Offensive X this summer. I'm looking forward to sharing some of my tradecraft when it comes to red teaming payload crafting. Let…

It is an honor to present at Offensive X this summer. I'm looking forward to sharing some of my tradecraft when it comes to red teaming payload crafting.

Let me know if you're coming too so we can catch up!

www.linkedin.com/posts/charle...

We are going live tonight at 7 PM EDT.

Tonight's session will cover a method to gather Active Directory user information remotely in a Windows domain without using LDAP queries. Instead, we will use Lsa* APIs and a bit of magic.

truecyber.world

We are going live tonight at 7 PM EST.

Tonight's session will cover code obfuscation using the power of assembly to make your code harder to reverse-engineer and hide your true intentions.

Let's have fun with assembly code tonight!

truecyber.world

We are going live tonight at 7 PM EDT.

Tonight's session is about customizing your toolset to avoid detection: A case study using PingCastle. How can we adapt the red team toolset to avoid detection?

truecyber.world

#redteam

We are going live tonight at 7 PM EDT.

Tonight's session is about writing your own simple port scanner in C and C# that is capable of evading million-dollar deception devices. The C version can also be converted into a BOF.

truecyber.world

We are going live tonight at 7 PM EDT.

Tonight's session will cover remote service enumeration in C. The C file can also be compiled as a BOF.

The service enumeration technique we will cover does not require administrative privileges.

truecyber.world

I'm wishing you the best shell for 2025. Let's make sure we make this world a bit more secure every day.